Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

18 year old Granddaughter moved in while going to college and brought


  • Please log in to reply

#1
njlock

njlock

    Member

  • Member
  • PipPipPip
  • 353 posts
My granduaghter, 18 recently moved in with us while she's going to a local college, she's a bit of a dits, and tho I've told her many times , no downloading nothing!, She did'nt listen, and her laptop is all infected, locking up and generally screwed up.

Help Please!!

tried all the regular stuff, malware bytes, the avast anti virus, with boot time scanner.
finds plenty, seems to clean them up, but of course comes back.

explorer browser locking up after brief usage, multiple popups from advast warning of a trogen. couldnt get windows fire wall to work, so downloaded and installed "windows 7 firewall control" I guess it works, I check enable all when it prompts about something I recognise, i'd like to get the regular firewall working.

Thanks!!




OTL logfile created on: 10/7/2011 3:35:32 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Princess Shantell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 55.34% Memory free
5.73 Gb Paging File | 4.27 Gb Available in Paging File | 74.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.58 Gb Total Space | 243.02 Gb Free Space | 84.51% Space Free | Partition Type: NTFS

Computer Name: PRINCESSSHANTEL | User Name: Princess Shantell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 15:34:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Princess Shantell\Desktop\OTL.exe
PRC - [2011/09/30 15:51:17 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/07 16:58:16 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/12/09 19:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 19:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/27 07:46:50 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/22 20:48:54 | 000,833,536 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/27 07:52:38 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/27 07:46:44 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 20:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/12/09 19:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/12/09 19:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/08/13 14:09:08 | 000,297,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 16:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 16:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 16:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 16:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 16:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 16:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/31 17:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 20:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 11:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 18:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/15 15:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/10/07 13:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{26D55D66-F4E8-4642-A683-C1E67E4768B2}: C:\Users\Princess Shantell\AppData\Local\{26D55D66-F4E8-4642-A683-C1E67E4768B2} [2011/01/28 16:45:33 | 000,000,000 | ---D | M]

[2011/01/26 14:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Princess Shantell\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.127\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.127\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.127\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: GameVance = C:\Users\Princess Shantell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\

Hosts file not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A97E58D-C5C8-4ACC-A4F3-736A7CA10E05}: DhcpNameServer = 10.5.1.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCB55CC5-C4B0-4554-8237-E6619F65E4E3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 15:34:07 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Princess Shantell\Desktop\OTL.exe
[2011/10/05 21:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows7FirewallControl
[2011/10/05 21:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7FirewallControl
[2011/10/05 20:39:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/05 20:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/10/05 20:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/05 20:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/05 18:00:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Malwarebytes
[2011/10/05 18:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/05 18:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/05 18:00:47 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/10/05 18:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/05 16:27:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/10/05 15:58:33 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2011/10/05 15:58:17 | 000,601,944 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2011/10/05 15:58:17 | 000,254,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/10/05 12:00:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aQdKg9YwVlBPy
[2011/10/05 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OL9gTXqjYeIrOtA
[2011/10/05 11:59:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WlOBtzP0yAiDoFp
[2011/10/05 11:59:39 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GelIBtzPNc1v2b4
[2011/10/05 11:59:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ijUCekIBrOyAuSi
[2011/10/05 11:59:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\o6dWK8fRLhXjCk
[2011/10/05 11:59:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OaQH6sZqjC
[2011/10/05 11:59:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bsWJ7fEL8Tqlz0c
[2011/10/05 11:59:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\U6KRhwCIzy1Sb3G
[2011/10/05 11:59:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\j6KRhwCIzy1Sb3G
[2011/10/05 11:59:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\oKfZhXUCeIrNAu2
[2011/10/05 11:58:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OReAmRISHT
[2011/10/05 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mYCekIVrzN
[2011/10/05 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XEYeyns8XB14JZI
[2011/10/05 11:58:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\V4gAHgBDdCSdCvH
[2011/10/05 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wsUvd04Ke1Qwx
[2011/10/05 11:58:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fGj28zGXuW
[2011/10/05 00:24:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DGtC4IW2T3B
[2011/10/05 00:24:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fNJy7vtd1Zsl6
[2011/10/05 00:24:51 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eZoYFCGtC4IW2T
[2011/10/05 00:24:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vTCrtcpa7TCrx1o
[2011/10/05 00:24:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AdRXlNv35dLqkOA
[2011/10/05 00:24:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gnHdRYez1bGJ89U
[2011/10/05 00:24:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DoafXk0FHRYNSGK
[2011/10/05 00:24:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\G1J9AaLBSWTVA
[2011/10/05 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qI8GSGJAasri
[2011/10/05 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AG7hO1aEwzD5gjN
[2011/10/05 00:24:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\J4ylTfp2crZJQZy
[2011/10/05 00:24:06 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BJjAQXu36hkybQR
[2011/10/05 00:23:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O36LYrPiGs
[2011/10/05 00:23:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cBgWpurj74vlXRW
[2011/10/05 00:23:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WgkxDH9IPosTl1m
[2011/10/05 00:23:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\p1FsKYePuFsRUPS
[2011/10/05 00:23:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RKiO8dn0Cfaie73
[2011/10/05 00:23:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LEYO14dhlAFJZey
[2011/10/05 00:23:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\IPTdn0UfaFyUs1e
[2011/10/05 00:23:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\yFH9etiH9wxaECB
[2011/10/05 00:23:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WZkNcoHfqUt1n5E
[2011/10/05 00:23:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\NcGKjlcG7qr
[2011/10/05 00:22:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RZwlzxvbmQWRTCB
[2011/10/05 00:22:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gYVtADFH789wlz
[2011/10/05 00:22:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FKDBL5bORGPkE3N
[2011/10/05 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\YeAnRVc4Lk
[2011/10/05 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\T3WXr2HTNbsZ
[2011/10/05 00:22:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\SXypfIS6qxnLIca
[2011/10/05 00:22:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AI5yh4x82e6v
[2011/10/05 00:22:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\boe7vk6zRnNLvjQ
[2011/10/05 00:22:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Bua9lDJwyaRO27j
[2011/10/05 00:22:21 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zKSYWDVscj4OK2I
[2011/10/05 00:21:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DUPD58wtvGKwru
[2011/10/05 00:21:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BVQATntT5Ph62rJ
[2011/10/05 00:21:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ak5N93VE3zLFyYs
[2011/10/05 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\EkuGfw0mLXBipdh
[2011/10/05 00:21:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pdXOi6Tr2Q9Vc4L
[2011/10/05 00:21:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ooJYtDQ9ybQZCNo
[2011/10/05 00:21:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nHlsPWxg2ksO
[2011/10/05 00:21:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\n8wtvmEXB14EhCz
[2011/10/05 00:21:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WwpjbZy7BGlmVGr
[2011/10/05 00:21:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CtSGs8kxvmLXBip
[2011/10/05 00:21:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FtiaqIPiaJTV
[2011/10/05 00:20:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\KNmBmXusjFfl4hN
[2011/10/05 00:20:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qKXtumETB13dhIA
[2011/10/05 00:20:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\j8YOco5EqU
[2011/10/05 00:20:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aObR06Tl1d
[2011/10/05 00:20:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l3lFZyHIi
[2011/10/05 00:20:38 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RjzSm9Iun7COSn
[2011/10/05 00:20:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fly3He0HEUNKjzS
[2011/10/05 00:20:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\HtJhymhyG9zF7I3
[2011/10/05 00:20:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GdYymhyG9zF7I
[2011/10/05 00:20:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PmXnhvEkHrJNd1X
[2011/10/05 00:20:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\I6qx5qx4qP6wcHq
[2011/10/05 00:20:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mS8BmqcJVof2LP5
[2011/10/05 00:20:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LLrvsqzFhB2JhIv
[2011/10/05 00:20:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\yt49cQjxahyQ9r2
[2011/10/05 00:20:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TN26I4h2jbZzaCi
[2011/10/05 00:20:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WsXAGqxn9OF7k27
[2011/10/05 00:20:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\taq06wcJwA5YNmh
[2011/10/05 00:20:06 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mOGTxahP5Y0mZzF
[2011/10/05 00:20:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Q1bHYcpRUbgyEAf
[2011/10/05 00:20:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\o8r5qvKkifr3Lln
[2011/10/05 00:19:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dQhr26qAG9zD
[2011/10/05 00:19:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PV48UyFdXNGRlua
[2011/10/05 00:19:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FkndXP2J9zpKUxG
[2011/10/05 00:19:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\A39Naq0sV4YDgNK
[2011/10/05 00:19:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rNxA2mfwyshzbHq
[2011/10/05 00:19:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FXSLAWOHIGCFkpI
[2011/10/05 00:19:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fO5lHzJr6O
[2011/10/05 00:19:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\A1S2p4WRVlyANlw
[2011/10/05 00:19:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zUnV6A96tgoV6yW
[2011/10/05 00:19:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kIzztubmghC
[2011/10/05 00:18:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eWOQenCDTcdzdtQ
[2011/10/05 00:18:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\k9DhSL0Wz6r4CD
[2011/10/05 00:18:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FnesPdP6rGYDji8
[2011/10/05 00:18:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\z00zPNzjjq8sZTf
[2011/10/05 00:18:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Oc0Scvu0A00zP
[2011/10/05 00:18:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OrWPESZvvhbea
[2011/10/05 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\HuY4lstEyUf
[2011/10/05 00:18:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kWyWcgcTiR1gvZb
[2011/10/05 00:18:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\HO9hKFzga0XJvrj
[2011/10/05 00:18:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gtLWcgvXFrKuCHB
[2011/10/05 00:18:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dWcgvXFrKuCHBsz
[2011/10/05 00:18:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\iegWm3AtURHSIL3
[2011/10/05 00:18:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xUW1YmNZFyfu9nw
[2011/10/05 00:18:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\W1qsPf2UaNLi
[2011/10/05 00:18:02 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aIRnrJ1XsujJuY6
[2011/10/05 00:17:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\SZDh4e5z8uUGN
[2011/10/05 00:17:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\IuToeJyhpC6OKxE
[2011/10/05 00:17:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\tOZJDBRGyk
[2011/10/05 00:17:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XlJPEcRbjm
[2011/10/05 00:17:37 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ivUWikW1VwJDI
[2011/10/05 00:17:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Y4lWchpzRFr9GN9
[2011/10/05 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Q4I4k4k4V4eWuLi
[2011/10/05 00:17:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QVHB71T3BKcqGlE
[2011/10/05 00:17:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mdotZpB7AgHBWPK
[2011/10/05 00:17:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nVmrgiqvXmI5
[2011/10/05 00:17:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l6rGCnXDw4esImI
[2011/10/05 00:16:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ytn8zGT1KrpgxQ
[2011/10/05 00:16:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Htn8zGT1KrpgxQ
[2011/10/05 00:16:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\f2f16e2fOGT06
[2011/10/05 00:16:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Ghx5TtGgAHYSLS7
[2011/10/05 00:16:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WbsYoEVD7log
[2011/10/05 00:16:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rGwvKrnqS
[2011/10/05 00:16:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cwP3JwPFEk0F
[2011/10/05 00:16:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OzngBFRrmhNnL
[2011/10/05 00:16:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vipdYBupETIAGRe
[2011/10/05 00:16:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lcbJ9CN3K
[2011/10/05 00:16:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GdZjBx2p69CrA2G
[2011/10/05 00:02:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lonnF4pmHsQJdK8
[2011/10/05 00:02:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QwwjUVelItzPyAu
[2011/10/05 00:02:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\s1uvv22bF4pGsJd
[2011/10/05 00:02:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ajUUCekIrzONx
[2011/10/05 00:01:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\InG55QQ6dWKfLgT
[2011/10/05 00:01:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Y666sWKL9gTqY
[2011/10/05 00:01:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\J0uucS2iD
[2011/10/05 00:01:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\g8gTTqqYCwkVlO
[2011/10/05 00:01:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mffEL8gTZqYCkVl
[2011/10/05 00:00:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PF4ppHHsQJ7E8R
[2011/10/05 00:00:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\NzzPNyyA1uD2b4m
[2011/10/05 00:00:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UA11uvD2bF4pGsJ
[2011/10/05 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fdWKKffR9hTqUCk
[2011/10/04 23:59:51 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lUCeeIIrzONx0vS
[2011/10/04 23:59:37 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BiibD33nG4QHsKf
[2011/10/04 23:59:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O77fEL9gTZjYwIr
[2011/10/04 23:59:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rUVrrOOtxP0c1v3
[2011/10/04 23:58:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Y4aamH5sJ7dE8Rq
[2011/10/04 23:58:41 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zllIBtzPNyA1v
[2011/10/04 23:58:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O8ffRZ9hTwjUeIr
[2011/10/04 23:58:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vvvS2ibF3pG5Q
[2011/10/04 23:58:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RgTXXjjYekIrONx
[2011/10/04 23:57:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\o7fRRL9gTqjYeIr
[2011/10/04 23:57:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bD33onG4aH6sJf
[2011/10/04 23:57:18 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PZqqhYCwUVrlBx0
[2011/10/04 23:57:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\T5sQQJ7dK8gZ
[2011/10/04 23:56:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\L55sQJ6dEKfR9T
[2011/10/04 23:56:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wBBrzONyxAuv2b3
[2011/10/04 23:56:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\VG55aQH6WK7fLgX
[2011/10/04 23:56:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\K0uucS1ib3on4m6
[2011/10/04 23:55:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TOBttxP0cS1vDoF
[2011/10/04 23:55:41 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pRZZqhYXw
[2011/10/04 23:55:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lellIBtzNycAuDo
[2011/10/04 23:55:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bvDD2obF4mG5Q6E
[2011/10/04 23:54:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OBrzzNNxA0uSiF3
[2011/10/04 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xYCeeIIrzONx0u
[2011/10/04 23:54:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cSS1ibD3on4aHsJ
[2011/10/04 23:54:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kEELLggZqhYwUrO
[2011/10/04 23:54:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\VnnFFppH5sJ7
[2011/10/04 23:53:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\v2oonF4pH5sQ7E8
[2011/10/04 23:53:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QUVeeIItzPNc1vD
[2011/10/04 23:53:21 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vbF33pmGaQ
[2011/10/04 23:53:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\sWK88fRLhTXjUeI
[2011/10/04 23:52:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\V77fRL9gTqjYeIr
[2011/10/04 23:52:39 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ekkIIrrONtx0c2
[2011/10/04 23:52:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\JccSSiiD3oG4
[2011/10/04 23:52:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\iJ7ffEL8TZqYC
[2011/10/04 23:51:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lonFFppm5
[2011/10/04 23:51:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aXXwjUUelItzN
[2011/10/04 23:51:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cddEK8fRZ
[2011/10/04 23:51:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Ryyxx00vS2bFpG
[2011/10/04 23:51:02 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RaQH66dK7fL9Tq
[2011/10/04 23:50:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CnGG4amH6WJ7E8
[2011/10/04 23:50:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xqjjYCwkIrlOtPu
[2011/10/04 23:50:18 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mVrlONtP0c1iDoG
[2011/10/04 23:50:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aD3onG4am6W7E8T
[2011/10/04 23:49:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ConF4amH5W7
[2011/10/04 23:49:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\U8gRZqhYXkV
[2011/10/04 23:49:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wIBtzPNyc1
[2011/10/04 23:49:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l4pmG5sQJdKf
[2011/10/04 23:48:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nuvS2obF3
[2011/10/04 23:48:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mdWK7fRL9T
[2011/10/04 23:48:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UtxA0ucS2b3n4Q
[2011/10/04 23:48:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UTZqhYCwkVlBx0c
[2011/10/04 23:47:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pUVrlOBtx0c1v3n
[2011/10/04 23:47:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\SvD3onF4aHsJdLg
[2011/10/04 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TqhYXwkUVlBz
[2011/10/04 23:47:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\msQJ6dEK8R9TwUe
[2011/10/04 23:47:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vYYYXwwjUV
[2011/10/04 23:46:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QNyyxxA1uvD2bFp
[2011/10/04 23:46:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cqqqjUUCekIBzOy
[2011/10/04 23:46:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UhhhTXXqjUCeIBz
[2011/10/04 23:46:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hddWWK77f
[2011/10/04 23:45:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TooobFF3pmG5
[2011/10/04 23:45:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DZ9hYXwjUeI
[2011/10/04 23:45:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\edWK8fRL9TqUeIr
[2011/10/04 23:44:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CJ7dEL8gRqYwUeO
[2011/10/04 23:44:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\B9gTXqjYCkVzNx0
[2011/10/04 23:44:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OcA1ivD2oFpHsJd
[2011/10/04 23:44:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eK8gRZ9hYwUeIt
[2011/10/04 23:43:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\g3onG4amHsJfLgZ
[2011/10/04 23:43:38 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O9hTXqjUCkBzNx0
[2011/10/04 23:43:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LRZ9hYXwjVlBzNc
[2011/10/04 23:43:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dWJ7dEL8gZhXkVl
[2011/10/04 23:42:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l8fRL9hTX
[2011/10/04 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Z1ivD2onFpHsJdK
[2011/10/04 23:42:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BekIVrzONx
[2011/10/04 23:42:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PtttzPNyc12oFpG
[2011/10/04 23:41:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\b9gTZqjYCkVlNx
[2011/10/04 23:41:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\KyxA1uvS2b3m5Q6
[2011/10/04 23:41:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XhhYCwkUVr
[2011/10/04 23:40:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\H7fRL9gTXjCkVzN
[2011/10/04 23:40:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\v3onF4amHsJE8Rq
[2011/10/04 23:40:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mrzONtxA0c2b3n4
[2011/10/04 23:40:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qqjUCekIBzNx0v2
[2011/10/04 23:39:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\K3pmG5aQJdKfLhX
[2011/10/04 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\upG5sQJ6dKfZhXj
[2011/10/04 23:39:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kzP0ycA1v2n4m5Q
[2011/10/04 23:39:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hibD3onG4
[2011/10/04 23:38:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\n6sWK7fELgZjCkV
[2011/10/04 23:38:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BZqhYXwkUeOtPyA
[2011/10/04 23:38:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qgTZqjYCwIrOtPu
[2011/10/04 23:37:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XH6dWK7fR9TqYeI
[2011/10/04 23:37:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\B5aQH6dWKfLgXjC
[2011/10/04 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RPNycA1uv2b4m5Q
[2011/10/04 23:37:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UkUVelOBtPyAiD
[2011/10/04 23:36:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\StxP0yyS1i3n4
[2011/10/04 23:36:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xkkVVllNtxPuSiD
[2011/10/04 23:36:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eNyxA0uvSiF
[2011/10/04 23:36:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\imG5aQJ6dKfLhXj
[2011/10/04 23:35:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pF4pmG5sQ6E8
[2011/10/04 23:35:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nelOBtPD2n4HsJd
[2011/10/04 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bYCwkIVrlNx
[2011/10/04 23:35:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\v9gTXqjYCkVzNx0
[2011/10/04 23:34:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\S5aQJ6dWKf
[2011/10/04 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hJ7dEK8gR9YwUeI
[2011/10/04 23:34:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cRZ9hTXwjClrPyA
[2011/10/04 23:34:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XXwjUCelIrPyAuS
[2011/10/04 23:33:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AlIBtzPNyAuDoFp
[2011/10/04 23:33:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rVelIBtzP
[2011/10/04 23:33:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wVelBtzP0c1v2n4
[2011/10/04 23:33:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hYCwkUVrlBx0c1v
[2011/10/04 23:32:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QfEL9gTZqYwIrOt
[2011/10/04 23:32:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vxA00ccSiD3pGaH
[2011/10/04 23:32:18 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xobF3pmG5Q6W8R9
[2011/10/04 23:32:02 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O1uvD2obFpGsJdK
[2011/10/04 23:31:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mtzP0ycA1v2n4m5
[2011/10/04 23:31:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LgRZqhYXwUeOtPy
[2011/10/04 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wbD46sWJ7E8TqYw
[2011/10/04 23:31:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\oYCwkIVrlNx0c1b
[2011/10/04 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\IA0uvS2ib3n5
[2011/10/04 23:30:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GL9hTXqjCe
[2011/10/04 23:30:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FdEK8gRZ9YwUeIt
[2011/10/04 23:30:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\N4pmH5sQJdK
[2011/10/04 23:29:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gucS2ibD3naQ6W7
[2011/10/04 23:29:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bsQJ6dEK8R9TwUe
[2011/10/04 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ixA0ucS2iDpGaHs
[2011/10/04 23:28:52 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TVVelIBtzNyc1Do
[2011/10/04 23:28:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xVrllBBtP0ySiv3
[2011/10/04 23:28:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\tRL9gTXqjCkVzNx
[2011/10/04 23:28:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XJ6dWK8fR9TqUeI
[2011/10/04 23:27:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vzPNyxA1uSoFpGa
[2011/10/04 23:27:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WuvD2obF4m5Q6E8
[2011/10/04 23:27:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nQJ6dEK8fZhXjCl
[2011/10/04 23:27:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cOBtzP0yc1v2n4m
[2011/10/04 23:26:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\T0ucS1ibD
[2011/10/04 23:26:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ThYXwjUVeItPyAu
[2011/10/04 23:26:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QamH5sWJ7E8
[2011/10/04 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BONtxPuibD
[2011/10/04 23:25:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vD3pnG4aQ6W7E9T
[2011/10/04 23:25:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LpmG5aQJ6W8R9Tq
[2011/10/04 23:25:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QpmH5sQJ7E8R9Yw
[2011/10/04 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vtxP0ucS1b
[2011/10/04 23:24:41 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nucS2ibD3n4Q
[2011/10/04 23:24:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xRZ9hTXwjClBzNx
[2011/10/04 23:24:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\x3G4aQH6sKfLCk
[2011/10/04 23:23:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ojUVelIBtPyAuDo
[2011/10/04 23:23:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\p3pnG4aQHsKf
[2011/10/04 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qvS2obF3pQ6W
[2011/10/04 23:23:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xjYCwkIVrOtPuSi
[2011/10/04 23:22:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\VONtxA0uc2b3
[2011/10/04 23:22:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dXwjUVelI
[2011/10/04 23:22:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\w3onF4amHs
[2011/10/04 23:21:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zF3pnG5aQ6W7R
[2011/10/04 23:21:39 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XUVelIBtzNc1v2b
[2011/10/04 23:21:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AxP0ucS1iDoG
[2011/10/04 23:21:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zqjUCekIBzNx0v2
[2011/10/04 23:20:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rTZqhYCwkVlB
[2011/10/04 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TbF3pnG5aHdKfLg
[2011/10/04 23:20:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mycA1ivD2n4m5Q7
[2011/10/04 23:20:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QWJ7dEL8gZh
[2011/10/04 23:19:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\f3pnG4aQHsKfLgZ
[2011/10/04 23:19:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\oxA0ucSib3n4Q6W
[2011/10/04 23:19:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\C9hTXqjUCkBzNx0
[2011/10/04 23:19:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\YmmGGa6WKf
[2011/10/04 23:18:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WUVelIBtzNc1v2b
[2011/10/04 23:18:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rmH6sWJ7fLgZ
[2011/10/04 23:18:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\JxA1uvS2oFpGaJd
[2011/10/04 23:17:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\iRL9hTXqjCkBzNx
[2011/10/04 23:17:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zrzPNyxA1v2b3m5
[2011/10/04 23:17:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\jbF3pmG5aJdKfLh
[2011/10/04 23:17:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CCelIBrzPyAuSoF
[2011/10/04 23:16:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\jpmG5aQJ6W
[2011/10/04 23:16:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qCelIBrzPyAuSoF
[2011/10/04 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AmG5aQJ6dKfL
[2011/10/04 23:16:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xelIBrzPNx1v2b3
[2011/10/04 23:16:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\yxA1uvS2oFpGaJd
[2011/10/04 23:15:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mK8fRZ9hTwUeI
[2011/10/04 23:15:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LmG5aQJ6dKfLhX
[2011/10/04 23:15:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\chTXwjUCeIrPyAu
[2011/10/04 23:15:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TjUCelIBrPyAuSo
[2011/10/04 23:14:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XmG5sQJ6dK
[2011/10/04 23:14:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\tgRZ9hYXwUeItNc
[2011/10/04 23:14:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vsWJ7fEL8T
[2011/10/04 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\uBtxP0ycSiDoFaH
[2011/10/04 23:13:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\znG4amH6sJfLgZh
[2011/10/04 23:08:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ysQJ7dEK8R9YwUe
[2011/10/04 23:08:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bVelOBtzPyAiDoF
[2011/10/04 15:00:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LPPP0yycA1iDon4
[2011/10/04 15:00:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gZqqhhYXwkUVlOt
[2011/10/04 15:00:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\j8ggTTZqhYCwUVl
[2011/10/04 15:00:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DccSS1iivDonFa
[2011/10/04 14:56:13 | 000,000,000 | ---D | C] -- C:\windows\system64
[2011/09/30 13:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[3 C:\Users\Princess Shantell\Documents\*.tmp files -> C:\Users\Princess Shantell\Documents\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/07 15:36:03 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 15:36:03 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 15:34:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Princess Shantell\Desktop\OTL.exe
[2011/10/07 15:33:35 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/07 15:33:35 | 000,624,668 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/07 15:33:35 | 000,106,754 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/07 15:28:53 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/07 15:28:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/07 15:28:15 | 2308,063,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/07 15:27:30 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011/10/07 14:16:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/05 20:38:49 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/05 20:21:11 | 000,274,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/05 18:44:34 | 000,001,228 | ---- | M] () -- C:\Users\Princess Shantell\Desktop\Windows Explorer.lnk
[2011/10/05 18:03:29 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/30 11:02:15 | 011,224,111 | ---- | M] () -- C:\Users\Princess Shantell\Documents\xid-208399_1.pdf
[2011/09/29 01:38:15 | 000,000,000 | ---- | M] () -- C:\Users\Princess Shantell\AppData\Local\{62B40893-A939-474A-8592-995BF1C9383F}
[2011/09/28 19:19:33 | 000,000,000 | ---- | M] () -- C:\Users\Princess Shantell\AppData\Local\{AEA11880-FFD2-4887-B83C-D09B32004181}
[2011/09/28 03:14:19 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/09/27 07:53:40 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe
[2011/09/27 07:47:02 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
[2011/09/27 07:46:56 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll
[2011/09/27 07:46:50 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\uxtuneup.dll
[2011/09/27 07:46:44 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\windows\SysWow64\uxtuneup.dll
[2011/09/18 09:45:30 | 000,116,014 | ---- | M] () -- C:\Users\Princess Shantell\AppData\Roaming\shoot_1a.jpg
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[3 C:\Users\Princess Shantell\Documents\*.tmp files -> C:\Users\Princess Shantell\Documents\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/05 20:38:49 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/05 18:44:34 | 000,001,228 | ---- | C] () -- C:\Users\Princess Shantell\Desktop\Windows Explorer.lnk
[2011/10/05 18:00:51 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/30 11:02:15 | 011,224,111 | ---- | C] () -- C:\Users\Princess Shantell\Documents\xid-208399_1.pdf
[2011/09/29 01:38:15 | 000,000,000 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\{62B40893-A939-474A-8592-995BF1C9383F}
[2011/09/28 19:19:33 | 000,000,000 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\{AEA11880-FFD2-4887-B83C-D09B32004181}
[2011/07/22 17:37:23 | 000,063,488 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Roaming\chrtmp
[2011/07/22 17:37:20 | 000,116,014 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Roaming\shoot_1a.jpg
[2011/01/28 16:45:34 | 000,000,120 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\Fjopiroquqo.dat
[2011/01/28 16:45:34 | 000,000,000 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\Azezogune.bin
[2010/12/10 13:03:37 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/02/20 11:22:24 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/02/20 11:22:24 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/02/20 11:22:24 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/02/20 10:27:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/02/20 10:27:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/05 00:19:13 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\A1S2p4WRVlyANlw
[2011/10/05 00:19:43 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\A39Naq0sV4YDgNK
[2011/10/04 23:50:04 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\aD3onG4am6W7E8T
[2011/10/05 15:53:52 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\AdRXlNv35dLqkOA
[2011/10/05 00:24:14 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\AG7hO1aEwzD5gjN
[2011/10/05 00:22:28 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\AI5yh4x82e6v
[2011/10/05 00:18:02 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\aIRnrJ1XsujJuY6
[2011/10/05 00:02:12 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ajUUCekIrzONx
[2011/10/05 15:53:46 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ak5N93VE3zLFyYs
[2011/10/04 23:33:49 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\AlIBtzPNyAuDoFp
[2011/10/04 23:16:29 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\AmG5aQJ6dKfL
[2011/10/05 15:53:38 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\aObR06Tl1d
[2011/10/05 12:00:13 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\aQdKg9YwVlBPy
[2011/10/04 23:21:23 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\AxP0ucS1iDoG
[2011/10/04 23:51:43 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\aXXwjUUelItzN
[2011/10/04 23:37:44 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\B5aQH6dWKfLgXjC
[2011/10/04 23:44:42 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\B9gTXqjYCkVzNx0
[2011/10/04 23:41:43 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\b9gTZqjYCkVlNx
[2011/10/04 23:57:32 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\bD33onG4aH6sJf
[2011/10/04 23:42:17 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\BekIVrzONx
[2011/10/04 23:59:37 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\BiibD33nG4QHsKf
[2011/10/05 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\BJjAQXu36hkybQR
[2011/10/05 00:22:26 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\boe7vk6zRnNLvjQ
[2011/10/04 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\BONtxPuibD
[2010/12/10 12:46:26 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Book Place
[2011/10/04 23:29:26 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\bsQJ6dEK8R9TwUe
[2011/10/05 11:59:09 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\bsWJ7fEL8Tqlz0c
[2011/10/05 00:22:23 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Bua9lDJwyaRO27j
[2011/10/04 23:55:13 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\bvDD2obF4mG5Q6E
[2011/10/04 23:08:16 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\bVelOBtzPyAiDoF
[2011/10/05 00:21:53 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\BVQATntT5Ph62rJ
[2011/10/04 23:35:24 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\bYCwkIVrlNx
[2011/10/04 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\BZqhYXwkUeOtPyA
[2011/10/04 23:19:15 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\C9hTXqjUCkBzNx0
[2011/10/05 15:53:52 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\cBgWpurj74vlXRW
[2011/10/04 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\CCelIBrzPyAuSoF
[2011/10/04 23:51:29 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\cddEK8fRZ
[2011/10/04 23:15:16 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\chTXwjUCeIrPyAu
[2011/10/04 23:44:59 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\CJ7dEL8gRqYwUeO
[2011/10/04 23:50:48 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\CnGG4amH6WJ7E8
[2011/10/04 23:27:05 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\cOBtzP0yc1v2n4m
[2011/10/04 23:49:50 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ConF4amH5W7
[2011/10/04 23:46:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\cqqqjUUCekIBzOy
[2011/10/04 23:34:19 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\cRZ9hTXwjClrPyA
[2011/10/04 23:54:31 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\cSS1ibD3on4aHsJ
[2011/10/05 00:21:09 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\CtSGs8kxvmLXBip
[2011/10/05 00:16:22 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\cwP3JwPFEk0F
[2011/10/05 16:37:19 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\DccSS1iivDonFa
[2011/10/05 00:24:54 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\DGtC4IW2T3B
[2011/10/05 00:24:31 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\DoafXk0FHRYNSGK
[2011/10/05 00:19:59 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\dQhr26qAG9zD
[2011/10/05 00:21:54 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\DUPD58wtvGKwru
[2011/10/05 00:18:28 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\dWcgvXFrKuCHBsz
[2011/10/04 23:43:07 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\dWJ7dEL8gZhXkVl
[2011/10/04 23:22:28 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\dXwjUVelI
[2011/10/04 23:45:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\DZ9hYXwjUeI
[2011/10/04 23:45:16 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\edWK8fRL9TqUeIr
[2011/10/04 23:44:11 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\eK8gRZ9hYwUeIt
[2011/10/04 23:52:39 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ekkIIrrONtx0c2
[2011/10/05 00:21:44 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\EkuGfw0mLXBipdh
[2011/10/04 23:36:26 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\eNyxA0uvSiF
[2011/10/05 00:18:59 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\eWOQenCDTcdzdtQ
[2011/10/05 00:25:07 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\eZoYFCGtC4IW2T
[2011/10/05 00:16:45 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\f2f16e2fOGT06
[2011/10/04 23:19:45 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\f3pnG4aQHsKfLgZ
[2011/10/04 23:30:15 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\FdEK8gRZ9YwUeIt
[2011/10/05 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\fdWKKffR9hTqUCk
[2011/10/05 11:58:09 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\fGj28zGXuW
[2011/10/05 15:53:49 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\FKDBL5bORGPkE3N
[2011/10/05 00:19:58 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\FkndXP2J9zpKUxG
[2011/10/05 15:53:38 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\fly3He0HEUNKjzS
[2011/10/05 15:53:34 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\FnesPdP6rGYDji8
[2011/10/05 00:24:53 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\fNJy7vtd1Zsl6
[2011/10/05 00:19:15 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\fO5lHzJr6O
[2011/10/05 15:53:39 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\FtiaqIPiaJTV
[2011/10/05 00:19:32 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\FXSLAWOHIGCFkpI
[2011/10/05 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\G1J9AaLBSWTVA
[2011/10/04 23:43:55 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\g3onG4amHsJfLgZ
[2011/10/05 00:01:15 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\g8gTTqqYCwkVlO
[2011/10/05 00:20:28 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\GdYymhyG9zF7I
[2011/10/05 00:16:00 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\GdZjBx2p69CrA2G
[2011/10/05 11:59:39 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\GelIBtzPNc1v2b4
[2011/10/05 15:53:02 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Ghx5TtGgAHYSLS7
[2011/10/04 23:30:30 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\GL9hTXqjCe
[2011/10/05 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\gnHdRYez1bGJ89U
[2011/10/05 00:18:28 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\gtLWcgvXFrKuCHB
[2011/10/04 23:29:43 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\gucS2ibD3naQ6W7
[2011/10/05 00:22:58 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\gYVtADFH789wlz
[2011/10/04 15:00:55 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\gZqqhhYXwkUVlOt
[2011/10/04 23:40:54 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\H7fRL9gTXjCkVzN
[2011/10/04 23:46:05 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\hddWWK77f
[2011/10/04 23:39:03 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\hibD3onG4
[2011/10/04 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\hJ7dEK8gR9YwUeI
[2011/10/05 00:18:31 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\HO9hKFzga0XJvrj
[2011/10/05 15:53:37 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\HtJhymhyG9zF7I3
[2011/10/05 15:53:05 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Htn8zGT1KrpgxQ
[2011/10/05 00:18:45 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\HuY4lstEyUf
[2011/10/04 23:33:03 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\hYCwkUVrlBx0c1v
[2011/10/05 15:53:37 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\I6qx5qx4qP6wcHq
[2011/10/04 23:30:46 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\IA0uvS2ib3n5
[2011/10/05 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\iegWm3AtURHSIL3
[2011/10/04 23:52:11 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\iJ7ffEL8TZqYC
[2011/10/05 11:59:26 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ijUCekIBrOyAuSi
[2011/10/04 23:36:11 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\imG5aQJ6dKfLhXj
[2011/10/05 00:01:58 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\InG55QQ6dWKfLgT
[2011/10/05 00:23:22 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\IPTdn0UfaFyUs1e
[2011/10/04 23:17:57 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\iRL9hTXqjCkBzNx
[2011/10/05 00:17:54 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\IuToeJyhpC6OKxE
[2011/10/05 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ivUWikW1VwJDI
[2011/10/04 23:29:09 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ixA0ucS2iDpGaHs
[2011/10/05 00:01:29 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\J0uucS2iD
[2011/10/05 00:24:07 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\J4ylTfp2crZJQZy
[2011/10/05 11:59:03 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\j6KRhwCIzy1Sb3G
[2011/10/04 15:00:40 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\j8ggTTZqhYCwUVl
[2011/10/05 15:53:38 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\j8YOco5EqU
[2011/10/04 23:17:27 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\jbF3pmG5aJdKfLh
[2011/10/04 23:52:25 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\JccSSiiD3oG4
[2011/10/04 23:16:58 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\jpmG5aQJ6W
[2011/10/04 23:18:11 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\JxA1uvS2oFpGaJd
[2011/10/04 23:56:09 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\K0uucS1ib3on4m6
[2011/10/04 23:39:50 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\K3pmG5aQJdKfLhX
[2011/10/05 15:53:35 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\k9DhSL0Wz6r4CD
[2011/10/04 23:54:17 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\kEELLggZqhYwUrO
[2011/10/05 15:53:35 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\kIzztubmghC
[2011/10/05 15:53:41 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\KNmBmXusjFfl4hN
[2011/10/05 15:53:34 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\kWyWcgcTiR1gvZb
[2011/10/04 23:41:27 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\KyxA1uvS2b3m5Q6
[2011/10/04 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\kzP0ycA1v2n4m5Q
[2011/10/05 00:20:40 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\l3lFZyHIi
[2011/10/04 23:49:08 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\l4pmG5sQJdKf
[2011/10/04 23:56:50 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\L55sQJ6dEKfR9T
[2011/10/05 00:17:03 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\l6rGCnXDw4esImI
[2011/10/04 23:42:50 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\l8fRL9hTX
[2011/10/05 00:16:05 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\lcbJ9CN3K
[2011/10/04 23:55:27 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\lellIBtzNycAuDo
[2011/10/05 00:23:35 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\LEYO14dhlAFJZey
[2011/10/04 23:31:32 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\LgRZqhYXwUeOtPy
[2011/10/05 00:20:17 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\LLrvsqzFhB2JhIv
[2011/10/04 23:15:31 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\LmG5aQJ6dKfLhX
[2011/10/04 23:51:57 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\lonFFppm5
[2011/10/05 00:02:54 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\lonnF4pmHsQJdK8
[2011/10/04 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\LpmG5aQJ6W8R9Tq
[2011/10/04 15:00:55 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\LPPP0yycA1iDon4
[2011/10/04 23:43:22 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\LRZ9hYXwjVlBzNc
[2011/10/04 23:59:51 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\lUCeeIIrzONx0vS
[2011/10/05 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\mdotZpB7AgHBWPK
[2011/10/04 23:48:40 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\mdWK7fRL9T
[2011/10/05 00:01:01 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\mffEL8gTZqYCkVl
[2011/10/04 23:15:45 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\mK8fRZ9hTwUeI
[2011/10/05 15:53:36 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\mOGTxahP5Y0mZzF
[2011/10/04 23:40:20 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\mrzONtxA0c2b3n4
[2011/10/05 00:20:17 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\mS8BmqcJVof2LP5
[2011/10/04 23:47:16 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\msQJ6dEK8R9TwUe
[2011/10/04 23:31:47 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\mtzP0ycA1v2n4m5
[2011/10/04 23:50:18 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\mVrlONtP0c1iDoG
[2011/10/04 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\mycA1ivD2n4m5Q7
[2011/10/05 11:58:43 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\mYCekIVrzN
[2011/10/04 23:30:00 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\N4pmH5sQJdK
[2011/10/04 23:38:48 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\n6sWK7fELgZjCkV
[2011/10/05 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\n8wtvmEXB14EhCz
[2011/10/05 15:53:48 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\NcGKjlcG7qr
[2011/10/04 23:35:40 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\nelOBtPD2n4HsJd
[2011/10/05 00:21:19 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\nHlsPWxg2ksO
[2011/10/04 23:27:20 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\nQJ6dEK8fZhXjCl
[2011/10/04 23:24:41 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\nucS2ibD3n4Q
[2011/10/04 23:48:54 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\nuvS2obF3
[2011/10/05 15:53:19 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\nVmrgiqvXmI5
[2011/10/05 00:00:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\NzzPNyyA1uD2b4m
[2011/10/04 23:32:02 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\O1uvD2obFpGsJdK
[2011/10/05 00:23:58 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\O36LYrPiGs
[2011/10/05 11:59:25 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\o6dWK8fRLhXjCk
[2011/10/04 23:59:23 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\O77fEL9gTZjYwIr
[2011/10/04 23:57:45 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\o7fRRL9gTqjYeIr
[2011/10/04 23:58:27 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\O8ffRZ9hTwjUeIr
[2011/10/05 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\o8r5qvKkifr3Lln
[2011/10/04 23:43:38 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\O9hTXqjUCkBzNx0
[2011/10/05 11:59:12 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\OaQH6sZqjC
[2011/10/04 23:54:59 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\OBrzzNNxA0uSiF3
[2011/10/05 00:18:49 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Oc0Scvu0A00zP
[2011/10/04 23:44:25 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\OcA1ivD2oFpHsJd
[2011/10/04 23:23:50 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ojUVelIBtPyAuDo
[2011/10/05 11:59:01 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\oKfZhXUCeIrNAu2
[2011/10/05 12:00:00 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\OL9gTXqjYeIrOtA
[2011/10/05 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ooJYtDQ9ybQZCNo
[2011/10/05 11:58:47 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\OReAmRISHT
[2011/10/05 00:18:46 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\OrWPESZvvhbea
[2011/10/04 23:19:30 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\oxA0ucSib3n4Q6W
[2011/10/04 23:31:01 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\oYCwkIVrlNx0c1b
[2011/10/05 15:53:01 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\OzngBFRrmhNnL
[2011/10/05 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\p1FsKYePuFsRUPS
[2011/10/04 23:23:34 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\p3pnG4aQHsKf
[2011/10/05 15:53:44 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\pdXOi6Tr2Q9Vc4L
[2011/10/04 23:35:56 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\pF4pmG5sQ6E8
[2011/10/05 00:00:47 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\PF4ppHHsQJ7E8R
[2011/10/05 00:20:26 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\PmXnhvEkHrJNd1X
[2011/10/04 23:55:41 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\pRZZqhYXw
[2011/10/04 23:42:00 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\PtttzPNyc12oFpG
[2011/10/04 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\pUVrlOBtx0c1v3n
[2011/10/05 15:53:36 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\PV48UyFdXNGRlua
[2011/10/04 23:57:18 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\PZqqhYCwUVrlBx0
[2011/10/05 15:53:37 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Q1bHYcpRUbgyEAf
[2011/10/05 00:17:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Q4I4k4k4V4eWuLi
[2011/10/04 23:26:15 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\QamH5sWJ7E8
[2011/10/04 23:16:44 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\qCelIBrzPyAuSoF
[2011/10/04 23:32:48 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\QfEL9gTZqYwIrOt
[2011/10/04 23:38:14 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\qgTZqjYCwIrOtPu
[2011/10/05 00:24:14 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\qI8GSGJAasri
[2011/10/05 00:20:56 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\qKXtumETB13dhIA
[2011/10/04 23:46:47 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\QNyyxxA1uvD2bFp
[2011/10/04 23:25:13 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\QpmH5sQJ7E8R9Yw
[2011/10/04 23:40:05 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\qqjUCekIBzNx0v2
[2011/10/04 23:53:35 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\QUVeeIItzPNc1vD
[2011/10/05 00:17:20 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\QVHB71T3BKcqGlE
[2011/10/04 23:23:17 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\qvS2obF3pQ6W
[2011/10/04 23:20:01 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\QWJ7dEL8gZh
[2011/10/05 00:02:40 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\QwwjUVelItzPyAu
[2011/10/04 23:51:02 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\RaQH66dK7fL9Tq
[2011/10/04 23:58:00 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\RgTXXjjYekIrONx
[2011/10/05 00:16:25 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\rGwvKrnqS
[2011/10/05 00:20:38 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\RjzSm9Iun7COSn
[2011/10/05 00:23:35 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\RKiO8dn0Cfaie73
[2011/10/04 23:18:28 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\rmH6sWJ7fLgZ
[2011/10/05 00:19:32 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\rNxA2mfwyshzbHq
[2011/10/04 23:37:28 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\RPNycA1uv2b4m5Q
[2011/10/04 23:20:49 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\rTZqhYCwkVlB
[2011/10/04 23:59:09 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\rUVrrOOtxP0c1v3
[2011/10/04 23:33:34 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\rVelIBtzP
[2011/10/04 23:51:16 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Ryyxx00vS2bFpG
[2011/10/05 00:22:58 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\RZwlzxvbmQWRTCB
[2011/10/05 00:02:26 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\s1uvv22bF4pGsJd
[2011/10/04 23:34:53 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\S5aQJ6dWKf
[2011/10/05 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\SoftGrid Client
[2011/10/04 23:36:57 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\StxP0yyS1i3n4
[2011/10/04 23:47:44 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\SvD3onF4aHsJdLg
[2011/10/04 23:53:07 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\sWK88fRLhTXjUeI
[2011/10/05 00:22:35 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\SXypfIS6qxnLIca
[2011/10/05 00:17:57 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\SZDh4e5z8uUGN
[2011/10/04 23:26:48 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\T0ucS1ibD
[2011/10/05 00:22:40 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\T3WXr2HTNbsZ
[2011/10/04 23:57:04 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\T5sQQJ7dK8gZ
[2011/10/05 15:53:36 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\taq06wcJwA5YNmh
[2011/10/04 23:20:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\TbF3pnG5aHdKfLg
[2011/10/04 23:14:31 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\tgRZ9hYXwUeItNc
[2011/10/04 23:26:31 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ThYXwjUVeItPyAu
[2010/12/10 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Tific
[2011/10/04 23:15:01 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\TjUCelIBrPyAuSo
[2011/10/05 00:20:10 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\TN26I4h2jbZzaCi
[2011/10/04 23:55:55 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\TOBttxP0cS1vDoF
[2011/10/04 23:45:49 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\TooobFF3pmG5
[2010/12/10 12:42:40 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Toshiba
[2011/10/05 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\tOZJDBRGyk
[2010/12/10 13:05:56 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\TP
[2011/10/04 23:47:30 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\TqhYXwkUVlBz
[2011/10/04 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\tRL9gTXqjCkVzNx
[2010/12/11 09:30:10 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\TuneUp Software
[2011/10/04 23:28:52 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\TVVelIBtzNyc1Do
[2011/10/05 11:59:03 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\U6KRhwCIzy1Sb3G
[2011/10/04 23:49:36 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\U8gRZqhYXkV
[2011/10/05 00:00:19 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\UA11uvD2bF4pGsJ
[2011/10/04 23:14:01 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\uBtxP0ycSiDoFaH
[2011/10/04 23:46:19 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\UhhhTXXqjUCeIBz
[2011/10/04 23:37:12 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\UkUVelOBtPyAiD
[2011/10/04 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\upG5sQJ6dKfZhXj
[2011/10/04 23:48:26 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\UtxA0ucS2b3n4Q
[2011/10/04 23:48:13 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\UTZqhYCwkVlBx0c
[2011/10/04 23:53:49 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\v2oonF4pH5sQ7E8
[2011/10/04 23:40:36 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\v3onF4amHsJE8Rq
[2011/10/05 11:58:14 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\V4gAHgBDdCSdCvH
[2011/10/04 23:52:53 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\V77fRL9gTqjYeIr
[2011/10/04 23:35:08 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\v9gTXqjYCkVzNx0
[2011/10/04 23:53:21 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\vbF33pmGaQ
[2011/10/04 23:25:45 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\vD3pnG4aQ6W7E9T
[2011/10/04 23:56:22 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\VG55aQH6WK7fLgX
[2011/10/05 15:52:57 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\vipdYBupETIAGRe
[2011/10/04 23:54:04 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\VnnFFppH5sJ7
[2011/10/04 23:22:44 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\VONtxA0uc2b3
[2011/10/04 23:14:15 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\vsWJ7fEL8T
[2011/10/05 00:24:46 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\vTCrtcpa7TCrx1o
[2011/10/04 23:24:57 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\vtxP0ucS1b
[2011/10/04 23:58:14 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\vvvS2ibF3pG5Q
[2011/10/04 23:32:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\vxA00ccSiD3pGaH
[2011/10/04 23:47:01 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\vYYYXwwjUV
[2011/10/04 23:27:50 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\vzPNyxA1uSoFpGa
[2011/10/05 00:18:03 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\W1qsPf2UaNLi
[2011/10/04 23:22:12 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\w3onF4amHs
[2011/10/04 23:56:36 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\wBBrzONyxAuv2b3
[2011/10/04 23:31:17 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\wbD46sWJ7E8TqYw
[2011/10/05 15:53:02 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\WbsYoEVD7log
[2011/10/05 00:23:49 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\WgkxDH9IPosTl1m
[2011/10/04 23:49:22 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\wIBtzPNyc1
[2010/12/10 12:32:14 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\WinBatch
[2011/02/05 22:05:16 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Windows Live Writer
[2011/10/05 11:59:48 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\WlOBtzP0yAiDoFp
[2011/10/05 11:58:12 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\wsUvd04Ke1Qwx
[2011/10/05 00:20:09 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\WsXAGqxn9OF7k27
[2011/10/04 23:27:35 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\WuvD2obF4m5Q6E8
[2011/10/04 23:18:45 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\WUVelIBtzNc1v2b
[2011/10/04 23:33:19 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\wVelBtzP0c1v2n4
[2011/10/05 15:53:42 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\WwpjbZy7BGlmVGr
[2011/10/05 00:23:15 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\WZkNcoHfqUt1n5E
[2011/10/04 23:24:08 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\x3G4aQH6sKfLCk
[2011/10/04 23:16:14 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\xelIBrzPNx1v2b3
[2011/10/05 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\XEYeyns8XB14JZI
[2011/10/04 23:37:59 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\XH6dWK7fR9TqYeI
[2011/10/04 23:41:10 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\XhhYCwkUVr
[2011/10/04 23:28:05 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\XJ6dWK8fR9TqUeI
[2011/10/04 23:23:00 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\xjYCwkIVrOtPuSi
[2011/10/04 23:36:42 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\xkkVVllNtxPuSiD
[2011/10/05 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\XlJPEcRbjm
[2011/10/04 23:14:46 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\XmG5sQJ6dK
[2011/10/04 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\xobF3pmG5Q6W8R9
[2011/10/04 23:50:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\xqjjYCwkIrlOtPu
[2011/10/04 23:24:25 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\xRZ9hTXwjClBzNx
[2011/10/04 23:21:39 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\XUVelIBtzNc1v2b
[2011/10/05 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\xUW1YmNZFyfu9nw
[2011/10/04 23:28:36 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\xVrllBBtP0ySiv3
[2011/10/04 23:34:04 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\XXwjUCelIrPyAuS
[2011/10/04 23:54:45 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\xYCeeIIrzONx0u
[2011/10/04 23:58:55 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Y4aamH5sJ7dE8Rq
[2011/10/05 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Y4lWchpzRFr9GN9
[2011/10/05 00:01:44 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Y666sWKL9gTqY
[2011/10/05 15:53:47 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\YeAnRVc4Lk
[2011/10/05 15:53:48 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\yFH9etiH9wxaECB
[2011/10/04 23:19:00 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\YmmGGa6WKf
[2011/10/04 23:08:16 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ysQJ7dEK8R9YwUe
[2011/10/05 15:53:37 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\yt49cQjxahyQ9r2
[2011/10/05 00:16:54 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\ytn8zGT1KrpgxQ
[2011/10/04 23:16:00 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\yxA1uvS2oFpGaJd
[2011/10/05 15:53:35 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\z00zPNzjjq8sZTf
[2011/10/04 23:42:33 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Z1ivD2onFpHsJdK
[2011/10/04 23:21:56 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\zF3pnG5aQ6W7R
[2011/10/05 00:22:21 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\zKSYWDVscj4OK2I
[2011/10/04 23:58:41 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\zllIBtzPNyA1v
[2011/10/04 23:13:46 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\znG4amH6sJfLgZh
[2011/10/04 23:21:07 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\zqjUCekIBzNx0v2
[2011/10/04 23:17:42 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\zrzPNyxA1v2b3m5
[2011/10/05 15:53:35 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\zUnV6A96tgoV6yW
[2011/09/28 19:22:08 | 000,032,646 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
This looks like the zero access rootkit to me. It's the latest fad in infections and has been constantly evolving so is getting harder to kill but it usually is not as bad on a 64bit system like yours so there is a good chance of success. For what it is worth your granddaughter may not have downloaded it. Just going to an infected website may be enough.

Uninstall Superantispyware so it doesn't get in the way.

Let's try ComboFix first as it has the best success rate.

First: Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK
Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

:!: It must be saved to your desktop, do not run it from your browser:!:

Download and Save ComboFix.exe -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes. I'll need to see that in your reply. The file will also be at => C:\Combofix.txt if you lose it.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work. The program says it will only take about 10 minutes but with Zero Access actively fighting it it may take several hours.

Then run TDSSKiller

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Then aswMBR:
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.

IF you lose Internet connectivity after one of the scans:


Start, All Programs, Accessories, right click on Command Prompt and Run As Administrator. Type with an Enter after each line in the code box:


ipconfig /flushdns

netsh  winsock  reset catalog

netsh  int ip reset reset.log


(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:


1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test.

Ron
  • 0

#3
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Thank you very much for your help, Don't know what I'd do without you guys.
I know she's into a lot of weird typical teenager stuff online, maybe a few days without the ever important laptop will make her think twice?
(but I doubt it, lol!)

the fix button you mentioned was not highlighted

ComboFix 11-10-08.01 - Princess Shantell 10/08/2011 8:47.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2935.1612 [GMT -4:00]
Running from: c:\users\Princess Shantell\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
c:\users\Princess Shantell\AppData\Local\{26D55D66-F4E8-4642-A683-C1E67E4768B2}
c:\users\Princess Shantell\AppData\Local\{26D55D66-F4E8-4642-A683-C1E67E4768B2}\chrome.manifest
c:\users\Princess Shantell\AppData\Local\{26D55D66-F4E8-4642-A683-C1E67E4768B2}\chrome\content\_cfg.js
c:\users\Princess Shantell\AppData\Local\{26D55D66-F4E8-4642-A683-C1E67E4768B2}\chrome\content\overlay.xul
c:\users\Princess Shantell\AppData\Local\{26D55D66-F4E8-4642-A683-C1E67E4768B2}\install.rdf
c:\users\Princess Shantell\AppData\Roaming\chrtmp
c:\users\Princess Shantell\Documents\~WRL0001.tmp
c:\users\Princess Shantell\Documents\~WRL0003.tmp
c:\users\Princess Shantell\Documents\~WRL1167.tmp
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\assembly\tmp\U\trz3342.tmp
c:\windows\assembly\tmp\U\trz8F73.tmp
c:\windows\assembly\tmp\U\trzCFFB.tmp
c:\windows\system32\consrv.dll
c:\windows\system32\Thumbs.db
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))
.
.
2011-10-08 12:53 . 2011-10-08 12:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-07 15:06 . 2011-09-21 13:00 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7223187-7873-49EC-9B45-E95E96153F0E}\mpengine.dll
2011-10-05 22:00 . 2011-10-05 22:00 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\Malwarebytes
2011-10-05 22:00 . 2011-10-05 22:00 -------- d-----w- c:\programdata\Malwarebytes
2011-10-05 22:00 . 2011-10-05 22:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-05 22:00 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-05 20:27 . 2011-10-05 20:27 -------- d-----w- c:\windows\system32\SPReview
2011-10-05 19:58 . 2011-10-05 19:58 -------- d-----w- c:\windows\system32\EventProviders
2011-10-05 19:58 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-05 19:58 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-05 16:00 . 2011-10-05 16:00 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\aQdKg9YwVlBPy
2011-10-05 16:00 . 2011-10-05 16:00 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\OL9gTXqjYeIrOtA
2011-10-05 15:59 . 2011-10-05 15:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\WlOBtzP0yAiDoFp
2011-10-05 15:59 . 2011-10-05 15:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\GelIBtzPNc1v2b4
2011-10-05 15:59 . 2011-10-05 15:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\ijUCekIBrOyAuSi
2011-10-05 15:59 . 2011-10-05 15:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\o6dWK8fRLhXjCk
2011-10-05 15:59 . 2011-10-05 15:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\OaQH6sZqjC
2011-10-05 15:59 . 2011-10-05 15:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\bsWJ7fEL8Tqlz0c
2011-10-05 15:59 . 2011-10-05 15:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\U6KRhwCIzy1Sb3G
2011-10-05 15:59 . 2011-10-05 15:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\j6KRhwCIzy1Sb3G
2011-10-05 15:59 . 2011-10-05 15:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\oKfZhXUCeIrNAu2
2011-10-05 15:58 . 2011-10-05 15:58 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\OReAmRISHT
2011-10-05 15:58 . 2011-10-05 15:58 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\mYCekIVrzN
2011-10-05 15:58 . 2011-10-05 15:58 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\XEYeyns8XB14JZI
2011-10-05 15:58 . 2011-10-05 15:58 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\V4gAHgBDdCSdCvH
2011-10-05 15:58 . 2011-10-05 15:58 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\wsUvd04Ke1Qwx
2011-10-05 15:58 . 2011-10-05 15:58 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\fGj28zGXuW
2011-10-05 04:24 . 2011-10-05 04:24 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\DGtC4IW2T3B
2011-10-05 04:24 . 2011-10-05 04:24 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\fNJy7vtd1Zsl6
2011-10-05 04:24 . 2011-10-05 04:25 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\eZoYFCGtC4IW2T
2011-10-05 04:24 . 2011-10-05 04:24 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\vTCrtcpa7TCrx1o
2011-10-05 04:24 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\AdRXlNv35dLqkOA
2011-10-05 04:24 . 2011-10-05 04:24 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\gnHdRYez1bGJ89U
2011-10-05 04:24 . 2011-10-05 04:24 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\DoafXk0FHRYNSGK
2011-10-05 04:24 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\G1J9AaLBSWTVA
2011-10-05 04:24 . 2011-10-05 04:24 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\qI8GSGJAasri
2011-10-05 04:24 . 2011-10-05 04:24 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\AG7hO1aEwzD5gjN
2011-10-05 04:24 . 2011-10-05 04:24 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\J4ylTfp2crZJQZy
2011-10-05 04:24 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\BJjAQXu36hkybQR
2011-10-05 04:23 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\cBgWpurj74vlXRW
2011-10-05 04:23 . 2011-10-05 04:23 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\O36LYrPiGs
2011-10-05 04:23 . 2011-10-05 04:23 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\WgkxDH9IPosTl1m
2011-10-05 04:23 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\p1FsKYePuFsRUPS
2011-10-05 04:23 . 2011-10-05 04:23 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\RKiO8dn0Cfaie73
2011-10-05 04:23 . 2011-10-05 04:23 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\LEYO14dhlAFJZey
2011-10-05 04:23 . 2011-10-05 04:23 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\IPTdn0UfaFyUs1e
2011-10-05 04:23 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\yFH9etiH9wxaECB
2011-10-05 04:23 . 2011-10-05 04:23 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\WZkNcoHfqUt1n5E
2011-10-05 04:23 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\NcGKjlcG7qr
2011-10-05 04:22 . 2011-10-05 04:22 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\RZwlzxvbmQWRTCB
2011-10-05 04:22 . 2011-10-05 04:22 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\gYVtADFH789wlz
2011-10-05 04:22 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\FKDBL5bORGPkE3N
2011-10-05 04:22 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\YeAnRVc4Lk
2011-10-05 04:22 . 2011-10-05 04:22 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\T3WXr2HTNbsZ
2011-10-05 04:22 . 2011-10-05 04:22 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\SXypfIS6qxnLIca
2011-10-05 04:22 . 2011-10-05 04:22 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\AI5yh4x82e6v
2011-10-05 04:22 . 2011-10-05 04:22 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\boe7vk6zRnNLvjQ
2011-10-05 04:22 . 2011-10-05 04:22 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\Bua9lDJwyaRO27j
2011-10-05 04:22 . 2011-10-05 04:22 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\zKSYWDVscj4OK2I
2011-10-05 04:21 . 2011-10-05 04:21 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\DUPD58wtvGKwru
2011-10-05 04:21 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\ak5N93VE3zLFyYs
2011-10-05 04:21 . 2011-10-05 04:21 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\BVQATntT5Ph62rJ
2011-10-05 04:21 . 2011-10-05 04:21 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\EkuGfw0mLXBipdh
2011-10-05 04:21 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\pdXOi6Tr2Q9Vc4L
2011-10-05 04:21 . 2011-10-05 04:21 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\ooJYtDQ9ybQZCNo
2011-10-05 04:21 . 2011-10-05 04:21 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\nHlsPWxg2ksO
2011-10-05 04:21 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\n8wtvmEXB14EhCz
2011-10-05 04:21 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\WwpjbZy7BGlmVGr
2011-10-05 04:21 . 2011-10-05 04:21 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\CtSGs8kxvmLXBip
2011-10-05 04:21 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\FtiaqIPiaJTV
2011-10-05 04:19 . 2011-10-05 04:19 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\dQhr26qAG9zD
2011-10-05 04:19 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\PV48UyFdXNGRlua
2011-10-05 04:19 . 2011-10-05 04:19 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\FkndXP2J9zpKUxG
2011-10-05 04:19 . 2011-10-05 04:19 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\A39Naq0sV4YDgNK
2011-10-05 04:19 . 2011-10-05 04:19 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\rNxA2mfwyshzbHq
2011-10-05 04:19 . 2011-10-05 04:19 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\FXSLAWOHIGCFkpI
2011-10-05 04:19 . 2011-10-05 04:19 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\fO5lHzJr6O
2011-10-05 04:19 . 2011-10-05 04:19 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\A1S2p4WRVlyANlw
2011-10-05 04:19 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\zUnV6A96tgoV6yW
2011-10-05 04:19 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\kIzztubmghC
2011-10-05 04:17 . 2011-10-05 04:17 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\SZDh4e5z8uUGN
2011-10-05 04:17 . 2011-10-05 04:17 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\IuToeJyhpC6OKxE
2011-10-05 04:17 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\tOZJDBRGyk
2011-10-05 04:17 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\XlJPEcRbjm
2011-10-05 04:17 . 2011-10-05 04:17 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\ivUWikW1VwJDI
2011-10-05 04:17 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\Y4lWchpzRFr9GN9
2011-10-05 04:17 . 2011-10-05 04:17 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\Q4I4k4k4V4eWuLi
2011-10-05 04:17 . 2011-10-05 04:17 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\QVHB71T3BKcqGlE
2011-10-05 04:17 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\mdotZpB7AgHBWPK
2011-10-05 04:17 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\nVmrgiqvXmI5
2011-10-05 04:17 . 2011-10-05 04:17 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\l6rGCnXDw4esImI
2011-10-05 04:16 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\Htn8zGT1KrpgxQ
2011-10-05 04:16 . 2011-10-05 04:16 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\ytn8zGT1KrpgxQ
2011-10-05 04:16 . 2011-10-05 04:16 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\f2f16e2fOGT06
2011-10-05 04:16 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\Ghx5TtGgAHYSLS7
2011-10-05 04:16 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\WbsYoEVD7log
2011-10-05 04:16 . 2011-10-05 04:16 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\rGwvKrnqS
2011-10-05 04:16 . 2011-10-05 04:16 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\cwP3JwPFEk0F
2011-10-05 04:16 . 2011-10-05 19:53 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\OzngBFRrmhNnL
2011-10-05 04:16 . 2011-10-05 19:52 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\vipdYBupETIAGRe
2011-10-05 04:16 . 2011-10-05 04:16 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\lcbJ9CN3K
2011-10-05 04:16 . 2011-10-05 04:16 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\GdZjBx2p69CrA2G
2011-10-05 04:02 . 2011-10-05 04:02 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\lonnF4pmHsQJdK8
2011-10-05 04:02 . 2011-10-05 04:02 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\QwwjUVelItzPyAu
2011-10-05 04:02 . 2011-10-05 04:02 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\s1uvv22bF4pGsJd
2011-10-05 04:02 . 2011-10-05 04:02 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\ajUUCekIrzONx
2011-10-05 04:01 . 2011-10-05 04:01 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\InG55QQ6dWKfLgT
2011-10-05 04:01 . 2011-10-05 04:01 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\Y666sWKL9gTqY
2011-10-05 04:01 . 2011-10-05 04:01 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\J0uucS2iD
2011-10-05 04:01 . 2011-10-05 04:01 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\g8gTTqqYCwkVlO
2011-10-05 04:01 . 2011-10-05 04:01 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\mffEL8gTZqYCkVl
2011-10-05 04:00 . 2011-10-05 04:00 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\PF4ppHHsQJ7E8R
2011-10-05 04:00 . 2011-10-05 04:00 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\NzzPNyyA1uD2b4m
2011-10-05 04:00 . 2011-10-05 04:00 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\UA11uvD2bF4pGsJ
2011-10-05 04:00 . 2011-10-05 04:00 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\fdWKKffR9hTqUCk
2011-10-05 03:59 . 2011-10-05 03:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\lUCeeIIrzONx0vS
2011-10-05 03:59 . 2011-10-05 03:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\BiibD33nG4QHsKf
2011-10-05 03:59 . 2011-10-05 03:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\O77fEL9gTZjYwIr
2011-10-05 03:59 . 2011-10-05 03:59 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\rUVrrOOtxP0c1v3
2011-10-05 03:58 . 2011-10-05 03:58 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\Y4aamH5sJ7dE8Rq
2011-10-05 03:58 . 2011-10-05 03:58 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\zllIBtzPNyA1v
2011-10-05 03:58 . 2011-10-05 03:58 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\O8ffRZ9hTwjUeIr
2011-10-05 03:58 . 2011-10-05 03:58 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\vvvS2ibF3pG5Q
2011-10-05 03:58 . 2011-10-05 03:58 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\RgTXXjjYekIrONx
2011-10-05 03:57 . 2011-10-05 03:57 -------- d-----w- c:\users\Princess Shantell\AppData\Roaming\o7fRRL9gTqjYeIr
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-08 12:57 . 2011-10-08 12:57 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7223187-7873-49EC-9B45-E95E96153F0E}\offreg.dll
2011-10-05 20:40 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-05 20:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-27 11:53 . 2010-12-11 13:30 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-09-27 11:47 . 2010-12-11 13:30 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-09-27 11:46 . 2010-12-11 13:30 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-09-27 11:46 . 2010-12-11 13:30 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-09-27 11:46 . 2010-12-11 13:30 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-09-06 20:45 . 2010-12-10 17:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-12-10 17:29 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:38 . 2010-12-10 17:30 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-12-10 17:30 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-12-10 17:30 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-12-10 17:30 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2010-12-10 17:30 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-08 08:55 . 2011-08-08 08:55 0 ----a-w- c:\windows\SysWow64\sho8E7F.tmp
2011-08-07 21:59 . 2011-08-07 21:59 0 ----a-w- c:\windows\SysWow64\shoCF0.tmp
2011-07-22 22:10 . 2011-07-22 22:10 0 ----a-w- c:\windows\SysWow64\sho81FB.tmp
2011-07-16 04:26 . 2011-09-28 06:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-01-29 103792]
R4 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-09-27 2027840]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 05:20]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 05:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 505696]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 508216]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 913720]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"combofix"="c:\combofix\CF14782.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1127810984-1504035405-255614096-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1127810984-1504035405-255614096-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-10-08 09:04:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-08 13:03
.
Pre-Run: 260,388,208,640 bytes free
Post-Run: 259,915,165,696 bytes free
.
- - End Of File - - 09B4061238202538D9B0AE58BE656C1A


09:31:37.0973 3972 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
09:31:38.0441 3972 ============================================================
09:31:38.0441 3972 Current date / time: 2011/10/08 09:31:38.0441
09:31:38.0441 3972 SystemInfo:
09:31:38.0441 3972
09:31:38.0441 3972 OS Version: 6.1.7601 ServicePack: 1.0
09:31:38.0441 3972 Product type: Workstation
09:31:38.0441 3972 ComputerName: PRINCESSSHANTEL
09:31:38.0441 3972 UserName: Princess Shantell
09:31:38.0441 3972 Windows directory: C:\windows
09:31:38.0441 3972 System windows directory: C:\windows
09:31:38.0441 3972 Running under WOW64
09:31:38.0441 3972 Processor architecture: Intel x64
09:31:38.0441 3972 Number of processors: 2
09:31:38.0441 3972 Page size: 0x1000
09:31:38.0441 3972 Boot type: Normal boot
09:31:38.0441 3972 ============================================================
09:31:38.0706 3972 Initialize success
09:31:45.0258 2672 ============================================================
09:31:45.0258 2672 Scan started
09:31:45.0258 2672 Mode: Manual;
09:31:45.0258 2672 ============================================================
09:31:45.0820 2672 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
09:31:45.0820 2672 1394ohci - ok
09:31:45.0960 2672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
09:31:45.0960 2672 ACPI - ok
09:31:46.0101 2672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
09:31:46.0101 2672 AcpiPmi - ok
09:31:46.0257 2672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
09:31:46.0272 2672 adp94xx - ok
09:31:46.0428 2672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
09:31:46.0444 2672 adpahci - ok
09:31:46.0584 2672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
09:31:46.0584 2672 adpu320 - ok
09:31:46.0740 2672 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
09:31:46.0740 2672 AFD - ok
09:31:46.0881 2672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
09:31:46.0881 2672 agp440 - ok
09:31:47.0037 2672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
09:31:47.0037 2672 aliide - ok
09:31:47.0161 2672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
09:31:47.0161 2672 amdide - ok
09:31:47.0302 2672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
09:31:47.0302 2672 AmdK8 - ok
09:31:47.0411 2672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
09:31:47.0411 2672 AmdPPM - ok
09:31:47.0567 2672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
09:31:47.0567 2672 amdsata - ok
09:31:47.0707 2672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
09:31:47.0707 2672 amdsbs - ok
09:31:47.0832 2672 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
09:31:47.0832 2672 amdxata - ok
09:31:47.0973 2672 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
09:31:47.0973 2672 AppID - ok
09:31:48.0129 2672 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
09:31:48.0144 2672 arc - ok
09:31:48.0285 2672 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
09:31:48.0285 2672 arcsas - ok
09:31:48.0425 2672 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\windows\system32\drivers\aswFsBlk.sys
09:31:48.0425 2672 aswFsBlk - ok
09:31:48.0597 2672 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\windows\system32\drivers\aswMonFlt.sys
09:31:48.0597 2672 aswMonFlt - ok
09:31:48.0737 2672 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\windows\system32\drivers\aswRdr.sys
09:31:48.0737 2672 aswRdr - ok
09:31:48.0909 2672 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\windows\system32\drivers\aswSnx.sys
09:31:48.0909 2672 aswSnx - ok
09:31:49.0049 2672 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\windows\system32\drivers\aswSP.sys
09:31:49.0049 2672 aswSP - ok
09:31:49.0205 2672 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\windows\system32\drivers\aswTdi.sys
09:31:49.0205 2672 aswTdi - ok
09:31:49.0345 2672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
09:31:49.0345 2672 AsyncMac - ok
09:31:49.0486 2672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
09:31:49.0486 2672 atapi - ok
09:31:49.0657 2672 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
09:31:49.0689 2672 athr - ok
09:31:49.0860 2672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
09:31:49.0876 2672 b06bdrv - ok
09:31:50.0016 2672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
09:31:50.0016 2672 b57nd60a - ok
09:31:50.0172 2672 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
09:31:50.0172 2672 Beep - ok
09:31:50.0328 2672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
09:31:50.0328 2672 blbdrive - ok
09:31:50.0484 2672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
09:31:50.0484 2672 bowser - ok
09:31:50.0609 2672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
09:31:50.0609 2672 BrFiltLo - ok
09:31:50.0734 2672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
09:31:50.0734 2672 BrFiltUp - ok
09:31:50.0843 2672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
09:31:50.0859 2672 Brserid - ok
09:31:50.0968 2672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
09:31:50.0968 2672 BrSerWdm - ok
09:31:51.0093 2672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
09:31:51.0093 2672 BrUsbMdm - ok
09:31:51.0186 2672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
09:31:51.0186 2672 BrUsbSer - ok
09:31:51.0311 2672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
09:31:51.0311 2672 BTHMODEM - ok
09:31:51.0389 2672 catchme - ok
09:31:51.0498 2672 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
09:31:51.0514 2672 cdfs - ok
09:31:51.0639 2672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
09:31:51.0654 2672 cdrom - ok
09:31:51.0779 2672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
09:31:51.0795 2672 circlass - ok
09:31:51.0888 2672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
09:31:51.0888 2672 CLFS - ok
09:31:52.0044 2672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
09:31:52.0060 2672 CmBatt - ok
09:31:52.0153 2672 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
09:31:52.0153 2672 cmdide - ok
09:31:52.0278 2672 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
09:31:52.0294 2672 CNG - ok
09:31:52.0419 2672 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
09:31:52.0419 2672 CnxtHdAudService - ok
09:31:52.0575 2672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
09:31:52.0575 2672 Compbatt - ok
09:31:52.0715 2672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
09:31:52.0715 2672 CompositeBus - ok
09:31:52.0871 2672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
09:31:52.0871 2672 crcdisk - ok
09:31:53.0058 2672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
09:31:53.0058 2672 DfsC - ok
09:31:53.0183 2672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
09:31:53.0183 2672 discache - ok
09:31:53.0323 2672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
09:31:53.0323 2672 Disk - ok
09:31:53.0479 2672 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
09:31:53.0479 2672 drmkaud - ok
09:31:53.0651 2672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
09:31:53.0651 2672 DXGKrnl - ok
09:31:53.0869 2672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
09:31:53.0901 2672 ebdrv - ok
09:31:54.0057 2672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
09:31:54.0057 2672 elxstor - ok
09:31:54.0166 2672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
09:31:54.0166 2672 ErrDev - ok
09:31:54.0306 2672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
09:31:54.0306 2672 exfat - ok
09:31:54.0431 2672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
09:31:54.0431 2672 fastfat - ok
09:31:54.0571 2672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
09:31:54.0571 2672 fdc - ok
09:31:54.0696 2672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
09:31:54.0696 2672 FileInfo - ok
09:31:54.0790 2672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
09:31:54.0805 2672 Filetrace - ok
09:31:54.0946 2672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
09:31:54.0946 2672 flpydisk - ok
09:31:55.0102 2672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
09:31:55.0102 2672 FltMgr - ok
09:31:55.0227 2672 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
09:31:55.0227 2672 FsDepends - ok
09:31:55.0320 2672 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
09:31:55.0320 2672 Fs_Rec - ok
09:31:55.0476 2672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
09:31:55.0476 2672 fvevol - ok
09:31:55.0601 2672 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
09:31:55.0617 2672 FwLnk - ok
09:31:55.0710 2672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
09:31:55.0726 2672 gagp30kx - ok
09:31:55.0882 2672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
09:31:55.0882 2672 hcw85cir - ok
09:31:56.0022 2672 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
09:31:56.0022 2672 HdAudAddService - ok
09:31:56.0163 2672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
09:31:56.0163 2672 HDAudBus - ok
09:31:56.0272 2672 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
09:31:56.0272 2672 HECIx64 - ok
09:31:56.0381 2672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
09:31:56.0381 2672 HidBatt - ok
09:31:56.0506 2672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
09:31:56.0506 2672 HidBth - ok
09:31:56.0615 2672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
09:31:56.0615 2672 HidIr - ok
09:31:56.0771 2672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
09:31:56.0787 2672 HidUsb - ok
09:31:56.0927 2672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
09:31:56.0927 2672 HpSAMD - ok
09:31:57.0083 2672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
09:31:57.0099 2672 HTTP - ok
09:31:57.0223 2672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
09:31:57.0223 2672 hwpolicy - ok
09:31:57.0379 2672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
09:31:57.0379 2672 i8042prt - ok
09:31:57.0504 2672 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
09:31:57.0520 2672 iaStor - ok
09:31:57.0676 2672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
09:31:57.0676 2672 iaStorV - ok
09:31:58.0019 2672 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
09:31:58.0206 2672 igfx - ok
09:31:58.0331 2672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
09:31:58.0331 2672 iirsp - ok
09:31:58.0471 2672 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\windows\system32\DRIVERS\Impcd.sys
09:31:58.0471 2672 Impcd - ok
09:31:58.0581 2672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
09:31:58.0581 2672 intelide - ok
09:31:58.0705 2672 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
09:31:58.0705 2672 intelppm - ok
09:31:58.0830 2672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
09:31:58.0830 2672 IpFilterDriver - ok
09:31:58.0971 2672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
09:31:58.0971 2672 IPMIDRV - ok
09:31:59.0080 2672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
09:31:59.0080 2672 IPNAT - ok
09:31:59.0220 2672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
09:31:59.0220 2672 IRENUM - ok
09:31:59.0345 2672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
09:31:59.0361 2672 isapnp - ok
09:31:59.0470 2672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
09:31:59.0485 2672 iScsiPrt - ok
09:31:59.0610 2672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
09:31:59.0610 2672 kbdclass - ok
09:31:59.0735 2672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
09:31:59.0735 2672 kbdhid - ok
09:31:59.0844 2672 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
09:31:59.0844 2672 KSecDD - ok
09:31:59.0969 2672 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
09:31:59.0969 2672 KSecPkg - ok
09:32:00.0094 2672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
09:32:00.0094 2672 ksthunk - ok
09:32:00.0234 2672 L1C (48686c29856f46443952a831424f8d6f) C:\windows\system32\DRIVERS\L1C62x64.sys
09:32:00.0234 2672 L1C - ok
09:32:00.0375 2672 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
09:32:00.0375 2672 lltdio - ok
09:32:00.0562 2672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
09:32:00.0562 2672 LSI_FC - ok
09:32:00.0718 2672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
09:32:00.0718 2672 LSI_SAS - ok
09:32:00.0843 2672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
09:32:00.0858 2672 LSI_SAS2 - ok
09:32:00.0983 2672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
09:32:00.0983 2672 LSI_SCSI - ok
09:32:01.0123 2672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
09:32:01.0123 2672 luafv - ok
09:32:01.0264 2672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
09:32:01.0264 2672 megasas - ok
09:32:01.0389 2672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
09:32:01.0389 2672 MegaSR - ok
09:32:01.0529 2672 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
09:32:01.0529 2672 Modem - ok
09:32:01.0669 2672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
09:32:01.0669 2672 monitor - ok
09:32:01.0794 2672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
09:32:01.0794 2672 mouclass - ok
09:32:01.0935 2672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
09:32:01.0935 2672 mouhid - ok
09:32:02.0044 2672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
09:32:02.0044 2672 mountmgr - ok
09:32:02.0153 2672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
09:32:02.0169 2672 mpio - ok
09:32:02.0278 2672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
09:32:02.0278 2672 mpsdrv - ok
09:32:02.0387 2672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
09:32:02.0387 2672 MRxDAV - ok
09:32:02.0496 2672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
09:32:02.0496 2672 mrxsmb - ok
09:32:02.0621 2672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
09:32:02.0621 2672 mrxsmb10 - ok
09:32:02.0730 2672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
09:32:02.0746 2672 mrxsmb20 - ok
09:32:02.0855 2672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
09:32:02.0855 2672 msahci - ok
09:32:02.0964 2672 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
09:32:02.0964 2672 msdsm - ok
09:32:03.0089 2672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
09:32:03.0089 2672 Msfs - ok
09:32:03.0229 2672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
09:32:03.0229 2672 mshidkmdf - ok
09:32:03.0339 2672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
09:32:03.0339 2672 msisadrv - ok
09:32:03.0479 2672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
09:32:03.0479 2672 MSKSSRV - ok
09:32:03.0604 2672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
09:32:03.0619 2672 MSPCLOCK - ok
09:32:03.0744 2672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
09:32:03.0744 2672 MSPQM - ok
09:32:03.0869 2672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
09:32:03.0869 2672 MsRPC - ok
09:32:03.0978 2672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
09:32:03.0978 2672 mssmbios - ok
09:32:04.0103 2672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
09:32:04.0103 2672 MSTEE - ok
09:32:04.0228 2672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
09:32:04.0228 2672 MTConfig - ok
09:32:04.0353 2672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
09:32:04.0353 2672 Mup - ok
09:32:04.0509 2672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
09:32:04.0509 2672 NativeWifiP - ok
09:32:04.0665 2672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
09:32:04.0680 2672 NDIS - ok
09:32:04.0805 2672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
09:32:04.0805 2672 NdisCap - ok
09:32:04.0945 2672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
09:32:04.0945 2672 NdisTapi - ok
09:32:05.0086 2672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
09:32:05.0086 2672 Ndisuio - ok
09:32:05.0211 2672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
09:32:05.0211 2672 NdisWan - ok
09:32:05.0320 2672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
09:32:05.0320 2672 NDProxy - ok
09:32:05.0460 2672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
09:32:05.0460 2672 NetBIOS - ok
09:32:05.0569 2672 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
09:32:05.0585 2672 NetBT - ok
09:32:05.0710 2672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
09:32:05.0725 2672 nfrd960 - ok
09:32:05.0850 2672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
09:32:05.0850 2672 Npfs - ok
09:32:05.0959 2672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
09:32:05.0959 2672 nsiproxy - ok
09:32:06.0115 2672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
09:32:06.0131 2672 Ntfs - ok
09:32:06.0225 2672 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
09:32:06.0225 2672 Null - ok
09:32:06.0365 2672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
09:32:06.0381 2672 nvraid - ok
09:32:06.0490 2672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
09:32:06.0490 2672 nvstor - ok
09:32:06.0599 2672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
09:32:06.0615 2672 nv_agp - ok
09:32:06.0724 2672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
09:32:06.0724 2672 ohci1394 - ok
09:32:06.0895 2672 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
09:32:06.0895 2672 Parport - ok
09:32:07.0005 2672 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
09:32:07.0005 2672 partmgr - ok
09:32:07.0129 2672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
09:32:07.0129 2672 pci - ok
09:32:07.0223 2672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
09:32:07.0223 2672 pciide - ok
09:32:07.0332 2672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
09:32:07.0348 2672 pcmcia - ok
09:32:07.0457 2672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
09:32:07.0457 2672 pcw - ok
09:32:07.0582 2672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
09:32:07.0597 2672 PEAUTH - ok
09:32:07.0769 2672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
09:32:07.0769 2672 PptpMiniport - ok
09:32:07.0878 2672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
09:32:07.0894 2672 Processor - ok
09:32:08.0034 2672 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
09:32:08.0034 2672 Psched - ok
09:32:08.0206 2672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
09:32:08.0221 2672 ql2300 - ok
09:32:08.0331 2672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
09:32:08.0331 2672 ql40xx - ok
09:32:08.0455 2672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
09:32:08.0455 2672 QWAVEdrv - ok
09:32:08.0565 2672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
09:32:08.0565 2672 RasAcd - ok
09:32:08.0721 2672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
09:32:08.0721 2672 RasAgileVpn - ok
09:32:08.0861 2672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
09:32:08.0861 2672 Rasl2tp - ok
09:32:09.0001 2672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
09:32:09.0001 2672 RasPppoe - ok
09:32:09.0142 2672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
09:32:09.0157 2672 RasSstp - ok
09:32:09.0267 2672 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
09:32:09.0282 2672 rdbss - ok
09:32:09.0391 2672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
09:32:09.0391 2672 rdpbus - ok
09:32:09.0501 2672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
09:32:09.0501 2672 RDPCDD - ok
09:32:09.0641 2672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
09:32:09.0641 2672 RDPENCDD - ok
09:32:09.0750 2672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
09:32:09.0766 2672 RDPREFMP - ok
09:32:09.0875 2672 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
09:32:09.0875 2672 RDPWD - ok
09:32:10.0031 2672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
09:32:10.0031 2672 rdyboost - ok
09:32:10.0171 2672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
09:32:10.0187 2672 rspndr - ok
09:32:10.0296 2672 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
09:32:10.0296 2672 RSUSBSTOR - ok
09:32:10.0405 2672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
09:32:10.0405 2672 sbp2port - ok
09:32:10.0530 2672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
09:32:10.0530 2672 scfilter - ok
09:32:10.0671 2672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
09:32:10.0671 2672 secdrv - ok
09:32:10.0795 2672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
09:32:10.0795 2672 Serenum - ok
09:32:10.0920 2672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
09:32:10.0920 2672 Serial - ok
09:32:11.0029 2672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
09:32:11.0029 2672 sermouse - ok
09:32:11.0139 2672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
09:32:11.0154 2672 sffdisk - ok
09:32:11.0248 2672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
09:32:11.0248 2672 sffp_mmc - ok
09:32:11.0357 2672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
09:32:11.0357 2672 sffp_sd - ok
09:32:11.0466 2672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
09:32:11.0466 2672 sfloppy - ok
09:32:11.0607 2672 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
09:32:11.0622 2672 Sftfs - ok
09:32:11.0763 2672 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
09:32:11.0763 2672 Sftplay - ok
09:32:11.0872 2672 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
09:32:11.0872 2672 Sftredir - ok
09:32:11.0981 2672 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
09:32:11.0981 2672 Sftvol - ok
09:32:12.0090 2672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
09:32:12.0090 2672 SiSRaid2 - ok
09:32:12.0199 2672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
09:32:12.0199 2672 SiSRaid4 - ok
09:32:12.0324 2672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
09:32:12.0340 2672 Smb - ok
09:32:12.0465 2672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
09:32:12.0465 2672 spldr - ok
09:32:12.0589 2672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
09:32:12.0605 2672 srv - ok
09:32:12.0745 2672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
09:32:12.0745 2672 srv2 - ok
09:32:12.0870 2672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
09:32:12.0870 2672 srvnet - ok
09:32:13.0011 2672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
09:32:13.0011 2672 stexstor - ok
09:32:13.0135 2672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
09:32:13.0151 2672 swenum - ok
09:32:13.0323 2672 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
09:32:13.0323 2672 SynTP - ok
09:32:13.0541 2672 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\drivers\tcpip.sys
09:32:13.0557 2672 Tcpip - ok
09:32:13.0728 2672 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\DRIVERS\tcpip.sys
09:32:13.0759 2672 TCPIP6 - ok
09:32:13.0884 2672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
09:32:13.0884 2672 tcpipreg - ok
09:32:14.0025 2672 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
09:32:14.0025 2672 tdcmdpst - ok
09:32:14.0134 2672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
09:32:14.0134 2672 TDPIPE - ok
09:32:14.0243 2672 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
09:32:14.0243 2672 TDTCP - ok
09:32:14.0368 2672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
09:32:14.0368 2672 tdx - ok
09:32:14.0493 2672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
09:32:14.0508 2672 TermDD - ok
09:32:14.0711 2672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
09:32:14.0711 2672 tssecsrv - ok
09:32:14.0836 2672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
09:32:14.0836 2672 TsUsbFlt - ok
09:32:14.0929 2672 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
09:32:14.0929 2672 TuneUpUtilitiesDrv - ok
09:32:15.0070 2672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
09:32:15.0085 2672 tunnel - ok
09:32:15.0210 2672 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
09:32:15.0210 2672 TVALZ - ok
09:32:15.0319 2672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
09:32:15.0319 2672 uagp35 - ok
09:32:15.0429 2672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
09:32:15.0429 2672 udfs - ok
09:32:15.0553 2672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
09:32:15.0553 2672 uliagpkx - ok
09:32:15.0678 2672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
09:32:15.0694 2672 umbus - ok
09:32:15.0787 2672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
09:32:15.0787 2672 UmPass - ok
09:32:15.0928 2672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\drivers\usbccgp.sys
09:32:15.0928 2672 usbccgp - ok
09:32:16.0037 2672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
09:32:16.0037 2672 usbcir - ok
09:32:16.0162 2672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
09:32:16.0162 2672 usbehci - ok
09:32:16.0287 2672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
09:32:16.0302 2672 usbhub - ok
09:32:16.0411 2672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
09:32:16.0411 2672 usbohci - ok
09:32:16.0521 2672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
09:32:16.0521 2672 usbprint - ok
09:32:16.0614 2672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
09:32:16.0614 2672 USBSTOR - ok
09:32:16.0739 2672 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
09:32:16.0739 2672 usbuhci - ok
09:32:16.0911 2672 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
09:32:16.0911 2672 usbvideo - ok
09:32:17.0082 2672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
09:32:17.0082 2672 vdrvroot - ok
09:32:17.0207 2672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
09:32:17.0207 2672 vga - ok
09:32:17.0316 2672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
09:32:17.0316 2672 VgaSave - ok
09:32:17.0425 2672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
09:32:17.0441 2672 vhdmp - ok
09:32:17.0550 2672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
09:32:17.0550 2672 viaide - ok
09:32:17.0659 2672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
09:32:17.0659 2672 volmgr - ok
09:32:17.0784 2672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
09:32:17.0800 2672 volmgrx - ok
09:32:17.0909 2672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
09:32:17.0909 2672 volsnap - ok
09:32:18.0018 2672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
09:32:18.0018 2672 vsmraid - ok
09:32:18.0112 2672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
09:32:18.0112 2672 vwifibus - ok
09:32:18.0237 2672 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
09:32:18.0252 2672 vwififlt - ok
09:32:18.0346 2672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
09:32:18.0346 2672 WacomPen - ok
09:32:18.0502 2672 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
09:32:18.0502 2672 WANARP - ok
09:32:18.0533 2672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
09:32:18.0533 2672 Wanarpv6 - ok
09:32:18.0673 2672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
09:32:18.0673 2672 Wd - ok
09:32:18.0798 2672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
09:32:18.0814 2672 Wdf01000 - ok
09:32:18.0954 2672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
09:32:18.0954 2672 WfpLwf - ok
09:32:19.0063 2672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
09:32:19.0063 2672 WIMMount - ok
09:32:19.0219 2672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
09:32:19.0235 2672 WmiAcpi - ok
09:32:19.0344 2672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
09:32:19.0344 2672 ws2ifsl - ok
09:32:19.0469 2672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
09:32:19.0469 2672 WudfPf - ok
09:32:19.0609 2672 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
09:32:19.0609 2672 WUDFRd - ok
09:32:19.0672 2672 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
09:32:19.0687 2672 \Device\Harddisk0\DR0 - ok
09:32:19.0703 2672 Boot (0x1200) (e930a38113f5d01f58625eac3b7884ab) \Device\Harddisk0\DR0\Partition0
09:32:19.0703 2672 \Device\Harddisk0\DR0\Partition0 - ok
09:32:19.0703 2672 ============================================================
09:32:19.0703 2672 Scan finished
09:32:19.0703 2672 ============================================================
09:32:19.0703 3000 Detected object count: 0
09:32:19.0703 3000 Actual detected object count: 0
09:32:59.0171 3052 Deinitialize success


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-08 09:33:24
-----------------------------
09:33:24.742 OS Version: Windows x64 6.1.7601 Service Pack 1
09:33:24.742 Number of processors: 2 586 0x2505
09:33:24.742 ComputerName: PRINCESSSHANTEL UserName:
09:33:25.849 Initialize success
09:33:25.943 AVAST engine defs: 11100800
09:34:01.979 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:34:01.979 Disk 0 Vendor: TOSHIBA_ GH01 Size: 305245MB BusType: 3
09:34:02.026 Disk 0 MBR read successfully
09:34:02.026 Disk 0 MBR scan
09:34:02.026 Disk 0 Windows VISTA default MBR code
09:34:02.041 Service scanning
09:34:03.196 Modules scanning
09:34:03.196 Scan finished successfully
09:35:10.416 Disk 0 MBR has been saved successfully to "C:\Users\Princess Shantell\Desktop\MBR.dat"
09:35:10.416 The log file has been saved successfully to "C:\Users\Princess Shantell\Desktop\aswMBR.txt"


OTL logfile created on: 10/8/2011 9:46:22 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Princess Shantell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 65.03% Memory free
5.73 Gb Paging File | 4.66 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.58 Gb Total Space | 242.16 Gb Free Space | 84.21% Space Free | Partition Type: NTFS

Computer Name: PRINCESSSHANTEL | User Name: Princess Shantell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 15:34:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Princess Shantell\Desktop\OTL.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/07 16:58:16 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/12/09 19:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 19:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/27 07:46:50 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/27 07:52:38 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/27 07:46:44 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 20:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/12/09 19:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/12/09 19:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/08/13 14:09:08 | 000,297,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 16:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 16:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 16:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 16:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 16:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 16:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/31 17:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 20:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 11:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 18:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/15 15:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/10/07 13:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{26D55D66-F4E8-4642-A683-C1E67E4768B2}: C:\Users\Princess Shantell\AppData\Local\{26D55D66-F4E8-4642-A683-C1E67E4768B2}

[2011/01/26 14:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Princess Shantell\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.127\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.127\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.127\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: GameVance = C:\Users\Princess Shantell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\

O1 HOSTS File: ([2011/10/08 08:55:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\rsvpsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\rsvpsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A97E58D-C5C8-4ACC-A4F3-736A7CA10E05}: DhcpNameServer = 10.5.1.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCB55CC5-C4B0-4554-8237-E6619F65E4E3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/08 09:31:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Princess Shantell\Desktop\aswMBR (1).exe
[2011/10/08 09:30:47 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Princess Shantell\Desktop\tdsskiller.exe
[2011/10/08 08:55:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/08 08:46:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/10/08 08:46:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/10/08 08:46:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/10/08 08:46:52 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/10/08 08:46:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/08 08:46:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/08 08:43:41 | 004,249,093 | R--- | C] (Swearware) -- C:\Users\Princess Shantell\Desktop\ComboFix.exe
[2011/10/07 15:34:07 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Princess Shantell\Desktop\OTL.exe
[2011/10/05 18:00:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Malwarebytes
[2011/10/05 18:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/05 18:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/05 18:00:47 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/10/05 18:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/05 16:27:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/10/05 15:58:33 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2011/10/05 15:58:17 | 000,601,944 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2011/10/05 15:58:17 | 000,254,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/10/05 12:00:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aQdKg9YwVlBPy
[2011/10/05 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OL9gTXqjYeIrOtA
[2011/10/05 11:59:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WlOBtzP0yAiDoFp
[2011/10/05 11:59:39 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GelIBtzPNc1v2b4
[2011/10/05 11:59:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ijUCekIBrOyAuSi
[2011/10/05 11:59:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\o6dWK8fRLhXjCk
[2011/10/05 11:59:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OaQH6sZqjC
[2011/10/05 11:59:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bsWJ7fEL8Tqlz0c
[2011/10/05 11:59:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\U6KRhwCIzy1Sb3G
[2011/10/05 11:59:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\j6KRhwCIzy1Sb3G
[2011/10/05 11:59:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\oKfZhXUCeIrNAu2
[2011/10/05 11:58:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OReAmRISHT
[2011/10/05 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mYCekIVrzN
[2011/10/05 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XEYeyns8XB14JZI
[2011/10/05 11:58:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\V4gAHgBDdCSdCvH
[2011/10/05 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wsUvd04Ke1Qwx
[2011/10/05 11:58:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fGj28zGXuW
[2011/10/05 00:24:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DGtC4IW2T3B
[2011/10/05 00:24:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fNJy7vtd1Zsl6
[2011/10/05 00:24:51 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eZoYFCGtC4IW2T
[2011/10/05 00:24:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vTCrtcpa7TCrx1o
[2011/10/05 00:24:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AdRXlNv35dLqkOA
[2011/10/05 00:24:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gnHdRYez1bGJ89U
[2011/10/05 00:24:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DoafXk0FHRYNSGK
[2011/10/05 00:24:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\G1J9AaLBSWTVA
[2011/10/05 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qI8GSGJAasri
[2011/10/05 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AG7hO1aEwzD5gjN
[2011/10/05 00:24:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\J4ylTfp2crZJQZy
[2011/10/05 00:24:06 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BJjAQXu36hkybQR
[2011/10/05 00:23:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O36LYrPiGs
[2011/10/05 00:23:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cBgWpurj74vlXRW
[2011/10/05 00:23:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WgkxDH9IPosTl1m
[2011/10/05 00:23:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\p1FsKYePuFsRUPS
[2011/10/05 00:23:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RKiO8dn0Cfaie73
[2011/10/05 00:23:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LEYO14dhlAFJZey
[2011/10/05 00:23:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\IPTdn0UfaFyUs1e
[2011/10/05 00:23:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\yFH9etiH9wxaECB
[2011/10/05 00:23:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WZkNcoHfqUt1n5E
[2011/10/05 00:23:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\NcGKjlcG7qr
[2011/10/05 00:22:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RZwlzxvbmQWRTCB
[2011/10/05 00:22:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gYVtADFH789wlz
[2011/10/05 00:22:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FKDBL5bORGPkE3N
[2011/10/05 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\YeAnRVc4Lk
[2011/10/05 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\T3WXr2HTNbsZ
[2011/10/05 00:22:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\SXypfIS6qxnLIca
[2011/10/05 00:22:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AI5yh4x82e6v
[2011/10/05 00:22:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\boe7vk6zRnNLvjQ
[2011/10/05 00:22:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Bua9lDJwyaRO27j
[2011/10/05 00:22:21 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zKSYWDVscj4OK2I
[2011/10/05 00:21:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DUPD58wtvGKwru
[2011/10/05 00:21:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BVQATntT5Ph62rJ
[2011/10/05 00:21:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ak5N93VE3zLFyYs
[2011/10/05 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\EkuGfw0mLXBipdh
[2011/10/05 00:21:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pdXOi6Tr2Q9Vc4L
[2011/10/05 00:21:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ooJYtDQ9ybQZCNo
[2011/10/05 00:21:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nHlsPWxg2ksO
[2011/10/05 00:21:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\n8wtvmEXB14EhCz
[2011/10/05 00:21:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WwpjbZy7BGlmVGr
[2011/10/05 00:21:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CtSGs8kxvmLXBip
[2011/10/05 00:21:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FtiaqIPiaJTV
[2011/10/05 00:20:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\KNmBmXusjFfl4hN
[2011/10/05 00:20:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qKXtumETB13dhIA
[2011/10/05 00:20:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\j8YOco5EqU
[2011/10/05 00:20:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aObR06Tl1d
[2011/10/05 00:20:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l3lFZyHIi
[2011/10/05 00:20:38 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RjzSm9Iun7COSn
[2011/10/05 00:20:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fly3He0HEUNKjzS
[2011/10/05 00:20:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\HtJhymhyG9zF7I3
[2011/10/05 00:20:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GdYymhyG9zF7I
[2011/10/05 00:20:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PmXnhvEkHrJNd1X
[2011/10/05 00:20:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\I6qx5qx4qP6wcHq
[2011/10/05 00:20:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mS8BmqcJVof2LP5
[2011/10/05 00:20:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LLrvsqzFhB2JhIv
[2011/10/05 00:20:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\yt49cQjxahyQ9r2
[2011/10/05 00:20:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TN26I4h2jbZzaCi
[2011/10/05 00:20:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WsXAGqxn9OF7k27
[2011/10/05 00:20:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\taq06wcJwA5YNmh
[2011/10/05 00:20:06 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mOGTxahP5Y0mZzF
[2011/10/05 00:20:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Q1bHYcpRUbgyEAf
[2011/10/05 00:20:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\o8r5qvKkifr3Lln
[2011/10/05 00:19:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dQhr26qAG9zD
[2011/10/05 00:19:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PV48UyFdXNGRlua
[2011/10/05 00:19:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FkndXP2J9zpKUxG
[2011/10/05 00:19:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\A39Naq0sV4YDgNK
[2011/10/05 00:19:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rNxA2mfwyshzbHq
[2011/10/05 00:19:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FXSLAWOHIGCFkpI
[2011/10/05 00:19:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fO5lHzJr6O
[2011/10/05 00:19:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\A1S2p4WRVlyANlw
[2011/10/05 00:19:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zUnV6A96tgoV6yW
[2011/10/05 00:19:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kIzztubmghC
[2011/10/05 00:18:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eWOQenCDTcdzdtQ
[2011/10/05 00:18:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\k9DhSL0Wz6r4CD
[2011/10/05 00:18:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FnesPdP6rGYDji8
[2011/10/05 00:18:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\z00zPNzjjq8sZTf
[2011/10/05 00:18:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Oc0Scvu0A00zP
[2011/10/05 00:18:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OrWPESZvvhbea
[2011/10/05 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\HuY4lstEyUf
[2011/10/05 00:18:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kWyWcgcTiR1gvZb
[2011/10/05 00:18:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\HO9hKFzga0XJvrj
[2011/10/05 00:18:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gtLWcgvXFrKuCHB
[2011/10/05 00:18:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dWcgvXFrKuCHBsz
[2011/10/05 00:18:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\iegWm3AtURHSIL3
[2011/10/05 00:18:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xUW1YmNZFyfu9nw
[2011/10/05 00:18:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\W1qsPf2UaNLi
[2011/10/05 00:18:02 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aIRnrJ1XsujJuY6
[2011/10/05 00:17:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\SZDh4e5z8uUGN
[2011/10/05 00:17:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\IuToeJyhpC6OKxE
[2011/10/05 00:17:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\tOZJDBRGyk
[2011/10/05 00:17:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XlJPEcRbjm
[2011/10/05 00:17:37 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ivUWikW1VwJDI
[2011/10/05 00:17:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Y4lWchpzRFr9GN9
[2011/10/05 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Q4I4k4k4V4eWuLi
[2011/10/05 00:17:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QVHB71T3BKcqGlE
[2011/10/05 00:17:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mdotZpB7AgHBWPK
[2011/10/05 00:17:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nVmrgiqvXmI5
[2011/10/05 00:17:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l6rGCnXDw4esImI
[2011/10/05 00:16:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ytn8zGT1KrpgxQ
[2011/10/05 00:16:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Htn8zGT1KrpgxQ
[2011/10/05 00:16:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\f2f16e2fOGT06
[2011/10/05 00:16:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Ghx5TtGgAHYSLS7
[2011/10/05 00:16:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WbsYoEVD7log
[2011/10/05 00:16:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rGwvKrnqS
[2011/10/05 00:16:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cwP3JwPFEk0F
[2011/10/05 00:16:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OzngBFRrmhNnL
[2011/10/05 00:16:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vipdYBupETIAGRe
[2011/10/05 00:16:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lcbJ9CN3K
[2011/10/05 00:16:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GdZjBx2p69CrA2G
[2011/10/05 00:02:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lonnF4pmHsQJdK8
[2011/10/05 00:02:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QwwjUVelItzPyAu
[2011/10/05 00:02:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\s1uvv22bF4pGsJd
[2011/10/05 00:02:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ajUUCekIrzONx
[2011/10/05 00:01:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\InG55QQ6dWKfLgT
[2011/10/05 00:01:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Y666sWKL9gTqY
[2011/10/05 00:01:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\J0uucS2iD
[2011/10/05 00:01:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\g8gTTqqYCwkVlO
[2011/10/05 00:01:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mffEL8gTZqYCkVl
[2011/10/05 00:00:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PF4ppHHsQJ7E8R
[2011/10/05 00:00:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\NzzPNyyA1uD2b4m
[2011/10/05 00:00:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UA11uvD2bF4pGsJ
[2011/10/05 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fdWKKffR9hTqUCk
[2011/10/04 23:59:51 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lUCeeIIrzONx0vS
[2011/10/04 23:59:37 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BiibD33nG4QHsKf
[2011/10/04 23:59:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O77fEL9gTZjYwIr
[2011/10/04 23:59:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rUVrrOOtxP0c1v3
[2011/10/04 23:58:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Y4aamH5sJ7dE8Rq
[2011/10/04 23:58:41 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zllIBtzPNyA1v
[2011/10/04 23:58:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O8ffRZ9hTwjUeIr
[2011/10/04 23:58:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vvvS2ibF3pG5Q
[2011/10/04 23:58:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RgTXXjjYekIrONx
[2011/10/04 23:57:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\o7fRRL9gTqjYeIr
[2011/10/04 23:57:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bD33onG4aH6sJf
[2011/10/04 23:57:18 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PZqqhYCwUVrlBx0
[2011/10/04 23:57:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\T5sQQJ7dK8gZ
[2011/10/04 23:56:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\L55sQJ6dEKfR9T
[2011/10/04 23:56:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wBBrzONyxAuv2b3
[2011/10/04 23:56:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\VG55aQH6WK7fLgX
[2011/10/04 23:56:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\K0uucS1ib3on4m6
[2011/10/04 23:55:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TOBttxP0cS1vDoF
[2011/10/04 23:55:41 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pRZZqhYXw
[2011/10/04 23:55:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lellIBtzNycAuDo
[2011/10/04 23:55:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bvDD2obF4mG5Q6E
[2011/10/04 23:54:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OBrzzNNxA0uSiF3
[2011/10/04 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xYCeeIIrzONx0u
[2011/10/04 23:54:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cSS1ibD3on4aHsJ
[2011/10/04 23:54:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kEELLggZqhYwUrO
[2011/10/04 23:54:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\VnnFFppH5sJ7
[2011/10/04 23:53:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\v2oonF4pH5sQ7E8
[2011/10/04 23:53:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QUVeeIItzPNc1vD
[2011/10/04 23:53:21 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vbF33pmGaQ
[2011/10/04 23:53:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\sWK88fRLhTXjUeI
[2011/10/04 23:52:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\V77fRL9gTqjYeIr
[2011/10/04 23:52:39 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ekkIIrrONtx0c2
[2011/10/04 23:52:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\JccSSiiD3oG4
[2011/10/04 23:52:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\iJ7ffEL8TZqYC
[2011/10/04 23:51:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lonFFppm5
[2011/10/04 23:51:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aXXwjUUelItzN
[2011/10/04 23:51:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cddEK8fRZ
[2011/10/04 23:51:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Ryyxx00vS2bFpG
[2011/10/04 23:51:02 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RaQH66dK7fL9Tq
[2011/10/04 23:50:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CnGG4amH6WJ7E8
[2011/10/04 23:50:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xqjjYCwkIrlOtPu
[2011/10/04 23:50:18 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mVrlONtP0c1iDoG
[2011/10/04 23:50:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aD3onG4am6W7E8T
[2011/10/04 23:49:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ConF4amH5W7
[2011/10/04 23:49:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\U8gRZqhYXkV
[2011/10/04 23:49:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wIBtzPNyc1
[2011/10/04 23:49:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l4pmG5sQJdKf
[2011/10/04 23:48:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nuvS2obF3
[2011/10/04 23:48:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mdWK7fRL9T
[2011/10/04 23:48:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UtxA0ucS2b3n4Q
[2011/10/04 23:48:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UTZqhYCwkVlBx0c
[2011/10/04 23:47:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pUVrlOBtx0c1v3n
[2011/10/04 23:47:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\SvD3onF4aHsJdLg
[2011/10/04 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TqhYXwkUVlBz
[2011/10/04 23:47:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\msQJ6dEK8R9TwUe
[2011/10/04 23:47:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vYYYXwwjUV
[2011/10/04 23:46:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QNyyxxA1uvD2bFp
[2011/10/04 23:46:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cqqqjUUCekIBzOy
[2011/10/04 23:46:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UhhhTXXqjUCeIBz
[2011/10/04 23:46:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hddWWK77f
[2011/10/04 23:45:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TooobFF3pmG5
[2011/10/04 23:45:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DZ9hYXwjUeI
[2011/10/04 23:45:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\edWK8fRL9TqUeIr
[2011/10/04 23:44:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CJ7dEL8gRqYwUeO
[2011/10/04 23:44:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\B9gTXqjYCkVzNx0
[2011/10/04 23:44:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OcA1ivD2oFpHsJd
[2011/10/04 23:44:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eK8gRZ9hYwUeIt
[2011/10/04 23:43:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\g3onG4amHsJfLgZ
[2011/10/04 23:43:38 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O9hTXqjUCkBzNx0
[2011/10/04 23:43:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LRZ9hYXwjVlBzNc
[2011/10/04 23:43:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dWJ7dEL8gZhXkVl
[2011/10/04 23:42:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l8fRL9hTX
[2011/10/04 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Z1ivD2onFpHsJdK
[2011/10/04 23:42:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BekIVrzONx
[2011/10/04 23:42:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PtttzPNyc12oFpG
[2011/10/04 23:41:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\b9gTZqjYCkVlNx
[2011/10/04 23:41:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\KyxA1uvS2b3m5Q6
[2011/10/04 23:41:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XhhYCwkUVr
[2011/10/04 23:40:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\H7fRL9gTXjCkVzN
[2011/10/04 23:40:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\v3onF4amHsJE8Rq
[2011/10/04 23:40:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mrzONtxA0c2b3n4
[2011/10/04 23:40:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qqjUCekIBzNx0v2
[2011/10/04 23:39:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\K3pmG5aQJdKfLhX
[2011/10/04 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\upG5sQJ6dKfZhXj
[2011/10/04 23:39:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kzP0ycA1v2n4m5Q
[2011/10/04 23:39:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hibD3onG4
[2011/10/04 23:38:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\n6sWK7fELgZjCkV
[2011/10/04 23:38:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BZqhYXwkUeOtPyA
[2011/10/04 23:38:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qgTZqjYCwIrOtPu
[2011/10/04 23:37:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XH6dWK7fR9TqYeI
[2011/10/04 23:37:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\B5aQH6dWKfLgXjC
[2011/10/04 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RPNycA1uv2b4m5Q
[2011/10/04 23:37:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UkUVelOBtPyAiD
[2011/10/04 23:36:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\StxP0yyS1i3n4
[2011/10/04 23:36:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xkkVVllNtxPuSiD
[2011/10/04 23:36:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eNyxA0uvSiF
[2011/10/04 23:36:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\imG5aQJ6dKfLhXj
[2011/10/04 23:35:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pF4pmG5sQ6E8
[2011/10/04 23:35:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nelOBtPD2n4HsJd
[2011/10/04 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bYCwkIVrlNx
[2011/10/04 23:35:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\v9gTXqjYCkVzNx0
[2011/10/04 23:34:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\S5aQJ6dWKf
[2011/10/04 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hJ7dEK8gR9YwUeI
[2011/10/04 23:34:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cRZ9hTXwjClrPyA
[2011/10/04 23:34:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XXwjUCelIrPyAuS
[2011/10/04 23:33:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AlIBtzPNyAuDoFp
[2011/10/04 23:33:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rVelIBtzP
[2011/10/04 23:33:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wVelBtzP0c1v2n4
[2011/10/04 23:33:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hYCwkUVrlBx0c1v
[2011/10/04 23:32:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QfEL9gTZqYwIrOt
[2011/10/04 23:32:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vxA00ccSiD3pGaH
[2011/10/04 23:32:18 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xobF3pmG5Q6W8R9
[2011/10/04 23:32:02 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O1uvD2obFpGsJdK
[2011/10/04 23:31:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mtzP0ycA1v2n4m5
[2011/10/04 23:31:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LgRZqhYXwUeOtPy
[2011/10/04 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wbD46sWJ7E8TqYw
[2011/10/04 23:31:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\oYCwkIVrlNx0c1b
[2011/10/04 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\IA0uvS2ib3n5
[2011/10/04 23:30:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GL9hTXqjCe
[2011/10/04 23:30:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FdEK8gRZ9YwUeIt
[2011/10/04 23:30:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\N4pmH5sQJdK
[2011/10/04 23:29:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gucS2ibD3naQ6W7
[2011/10/04 23:29:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bsQJ6dEK8R9TwUe
[2011/10/04 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ixA0ucS2iDpGaHs
[2011/10/04 23:28:52 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TVVelIBtzNyc1Do
[2011/10/04 23:28:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xVrllBBtP0ySiv3
[2011/10/04 23:28:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\tRL9gTXqjCkVzNx
[2011/10/04 23:28:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XJ6dWK8fR9TqUeI
[2011/10/04 23:27:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vzPNyxA1uSoFpGa
[2011/10/04 23:27:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WuvD2obF4m5Q6E8
[2011/10/04 23:27:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nQJ6dEK8fZhXjCl
[2011/10/04 23:27:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cOBtzP0yc1v2n4m
[2011/10/04 23:26:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\T0ucS1ibD
[2011/10/04 23:26:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ThYXwjUVeItPyAu
[2011/10/04 23:26:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QamH5sWJ7E8
[2011/10/04 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BONtxPuibD
[2011/10/04 23:25:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vD3pnG4aQ6W7E9T
[2011/10/04 23:25:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LpmG5aQJ6W8R9Tq
[2011/10/04 23:25:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QpmH5sQJ7E8R9Yw
[2011/10/04 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vtxP0ucS1b
[2011/10/04 23:24:41 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nucS2ibD3n4Q
[2011/10/04 23:24:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xRZ9hTXwjClBzNx
[2011/10/04 23:24:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\x3G4aQH6sKfLCk
[2011/10/04 23:23:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ojUVelIBtPyAuDo
[2011/10/04 23:23:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\p3pnG4aQHsKf
[2011/10/04 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qvS2obF3pQ6W
[2011/10/04 23:23:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xjYCwkIVrOtPuSi
[2011/10/04 23:22:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\VONtxA0uc2b3
[2011/10/04 23:22:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dXwjUVelI
[2011/10/04 23:22:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\w3onF4amHs
[2011/10/04 23:21:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zF3pnG5aQ6W7R
[2011/10/04 23:21:39 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XUVelIBtzNc1v2b
[2011/10/04 23:21:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AxP0ucS1iDoG
[2011/10/04 23:21:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zqjUCekIBzNx0v2
[2011/10/04 23:20:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rTZqhYCwkVlB
[2011/10/04 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TbF3pnG5aHdKfLg
[2011/10/04 23:20:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mycA1ivD2n4m5Q7
[2011/10/04 23:20:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QWJ7dEL8gZh
[2011/10/04 23:19:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\f3pnG4aQHsKfLgZ
[2011/10/04 23:19:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\oxA0ucSib3n4Q6W
[2011/10/04 23:19:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\C9hTXqjUCkBzNx0
[2011/10/04 23:19:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\YmmGGa6WKf
[2011/10/04 23:18:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WUVelIBtzNc1v2b
[2011/10/04 23:18:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rmH6sWJ7fLgZ
[2011/10/04 23:18:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\JxA1uvS2oFpGaJd
[2011/10/04 23:17:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\iRL9hTXqjCkBzNx
[2011/10/04 23:17:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zrzPNyxA1v2b3m5
[2011/10/04 23:17:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\jbF3pmG5aJdKfLh
[2011/10/04 23:17:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CCelIBrzPyAuSoF
[2011/10/04 23:16:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\jpmG5aQJ6W
[2011/10/04 23:16:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qCelIBrzPyAuSoF
[2011/10/04 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AmG5aQJ6dKfL
[2011/10/04 23:16:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xelIBrzPNx1v2b3
[2011/10/04 23:16:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\yxA1uvS2oFpGaJd
[2011/10/04 23:15:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mK8fRZ9hTwUeI
[2011/10/04 23:15:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LmG5aQJ6dKfLhX
[2011/10/04 23:15:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\chTXwjUCeIrPyAu
[2011/10/04 23:15:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TjUCelIBrPyAuSo
[2011/10/04 23:14:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XmG5sQJ6dK
[2011/10/04 23:14:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\tgRZ9hYXwUeItNc
[2011/10/04 23:14:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vsWJ7fEL8T
[2011/10/04 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\uBtxP0ycSiDoFaH
[2011/10/04 23:13:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\znG4amH6sJfLgZh
[2011/10/04 23:08:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ysQJ7dEK8R9YwUe
[2011/10/04 23:08:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bVelOBtzPyAiDoF
[2011/10/04 15:00:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LPPP0yycA1iDon4
[2011/10/04 15:00:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gZqqhhYXwkUVlOt
[2011/10/04 15:00:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\j8ggTTZqhYCwUVl
[2011/10/04 15:00:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DccSS1iivDonFa
[2011/09/30 13:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/09/30 13:03:51 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/28 02:25:13 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xmllite.dll
[2011/09/28 02:25:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccu32.dll
[2011/09/28 02:25:12 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbcjt32.dll
[2011/09/28 02:25:12 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbctrac.dll
[2011/09/28 02:25:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbctrac.dll
[2011/09/28 02:25:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccp32.dll
[2011/09/28 02:25:12 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccp32.dll
[2011/09/28 02:25:12 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccr32.dll
[2011/09/28 02:25:12 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccu32.dll
[2011/09/28 02:25:12 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccr32.dll
[2011/09/28 02:25:05 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2011/09/28 02:25:05 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2011/09/28 02:25:05 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2011/09/28 02:25:04 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2011/09/28 02:25:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2011/09/28 02:25:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2011/09/28 02:25:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2011/09/28 02:25:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2011/09/28 02:25:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2011/09/28 02:25:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2011/09/28 02:25:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/09/28 02:25:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/09/28 02:25:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/09/28 02:25:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2011/09/28 02:25:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/09/28 02:25:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/09/28 02:25:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/09/28 02:25:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/09/28 02:25:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/09/28 02:25:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/09/28 02:25:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/09/28 02:25:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/09/28 02:25:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/09/28 02:25:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/09/28 02:25:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/09/28 02:25:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/09/28 02:25:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/09/28 02:25:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/09/28 02:25:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/09/28 02:25:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/09/28 02:25:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/09/28 02:25:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/09/28 02:25:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/09/28 02:25:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/09/28 02:25:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/09/28 02:25:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/09/28 02:25:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/09/28 02:25:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/09/28 02:25:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/09/28 02:25:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/09/28 02:25:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/09/28 02:25:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/09/28 02:25:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/09/28 02:25:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/09/28 02:24:59 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/09/28 02:24:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/09/28 02:24:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/09/28 02:24:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/09/28 02:24:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/09/28 02:24:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2011/09/28 02:24:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/09/28 02:24:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/09/28 02:24:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/09/28 02:24:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2011/09/28 02:24:43 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2011/09/28 02:24:42 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/09/28 02:24:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/09/28 02:24:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/09/28 02:24:41 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/09/28 02:24:41 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/09/28 02:24:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/09/28 02:24:36 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2011/09/28 02:24:35 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2011/09/28 02:24:35 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/08 09:44:31 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 09:44:31 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 09:41:25 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/08 09:41:25 | 000,624,668 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/08 09:41:25 | 000,106,754 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/08 09:37:27 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/08 09:36:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/08 09:36:44 | 2308,063,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/08 09:35:10 | 000,000,512 | ---- | M] () -- C:\Users\Princess Shantell\Desktop\MBR.dat
[2011/10/08 09:28:48 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Princess Shantell\Desktop\aswMBR (1).exe
[2011/10/08 09:28:28 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Princess Shantell\Desktop\tdsskiller.exe
[2011/10/08 09:16:03 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/08 08:55:38 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/10/08 08:43:48 | 004,249,093 | R--- | M] (Swearware) -- C:\Users\Princess Shantell\Desktop\ComboFix.exe
[2011/10/07 15:34:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Princess Shantell\Desktop\OTL.exe
[2011/10/07 15:27:30 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011/10/05 20:21:11 | 000,274,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/05 18:44:34 | 000,001,228 | ---- | M] () -- C:\Users\Princess Shantell\Desktop\Windows Explorer.lnk
[2011/10/05 18:03:29 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/05 16:40:15 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msclmd.dll
[2011/10/05 16:40:14 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msclmd.dll
[2011/09/30 15:51:17 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/30 11:02:15 | 011,224,111 | ---- | M] () -- C:\Users\Princess Shantell\Documents\xid-208399_1.pdf
[2011/09/29 01:38:15 | 000,000,000 | ---- | M] () -- C:\Users\Princess Shantell\AppData\Local\{62B40893-A939-474A-8592-995BF1C9383F}
[2011/09/28 19:19:33 | 000,000,000 | ---- | M] () -- C:\Users\Princess Shantell\AppData\Local\{AEA11880-FFD2-4887-B83C-D09B32004181}
[2011/09/28 03:14:19 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/09/27 07:53:40 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe
[2011/09/27 07:47:02 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
[2011/09/27 07:46:56 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll
[2011/09/27 07:46:50 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\uxtuneup.dll
[2011/09/27 07:46:44 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\windows\SysWow64\uxtuneup.dll
[2011/09/18 09:45:30 | 000,116,014 | ---- | M] () -- C:\Users\Princess Shantell\AppData\Roaming\shoot_1a.jpg
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/08 09:35:10 | 000,000,512 | ---- | C] () -- C:\Users\Princess Shantell\Desktop\MBR.dat
[2011/10/08 08:46:57 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/10/08 08:46:57 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/10/08 08:46:57 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/10/08 08:46:57 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/10/08 08:46:57 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/10/05 18:44:34 | 000,001,228 | ---- | C] () -- C:\Users\Princess Shantell\Desktop\Windows Explorer.lnk
[2011/10/05 18:00:51 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/30 11:02:15 | 011,224,111 | ---- | C] () -- C:\Users\Princess Shantell\Documents\xid-208399_1.pdf
[2011/09/29 01:38:15 | 000,000,000 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\{62B40893-A939-474A-8592-995BF1C9383F}
[2011/09/28 19:19:33 | 000,000,000 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\{AEA11880-FFD2-4887-B83C-D09B32004181}
[2011/07/22 17:37:20 | 000,116,014 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Roaming\shoot_1a.jpg
[2011/01/28 16:45:34 | 000,000,120 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\Fjopiroquqo.dat
[2011/01/28 16:45:34 | 000,000,000 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\Azezogune.bin
[2010/12/10 13:03:37 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/02/20 11:22:24 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/02/20 11:22:24 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/02/20 11:22:24 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/02/20 10:27:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/02/20 10:27:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

< End of report >


OTL Extras logfile created on: 10/8/2011 9:46:22 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Princess Shantell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 65.03% Memory free
5.73 Gb Paging File | 4.66 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.58 Gb Total Space | 242.16 Gb Free Space | 84.21% Space Free | Partition Type: NTFS

Computer Name: PRINCESSSHANTEL | User Name: Princess Shantell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/4/2011 11:50:37 PM | Computer Name = PrincessShantel | Source = Application Error | ID = 1000
Description = Faulting application name: OffSpon.EXE, version: 0.0.0.0, time stamp:
0x4b8a345a Faulting module name: sftldr_wow64.dll, version: 4.6.1.10263, time stamp:
0x4c8e9b5e Exception code: 0xc0000005 Fault offset: 0x0007dc96 Faulting process id:
0xeb0 Faulting application start time: 0x01cc8311f016b9cb Faulting application path:
Q:\140066.enu\Office14\OffSpon.EXE Faulting module path: C:\windows\system32\sftldr_wow64.dll
Report
Id: 2ed42b7c-ef05-11e0-8cea-00266c8c8eb8

Error - 10/4/2011 11:51:03 PM | Computer Name = PrincessShantel | Source = Application Error | ID = 1000
Description = Faulting application name: OffSpon.EXE, version: 0.0.0.0, time stamp:
0x4b8a345a Faulting module name: sftldr_wow64.dll, version: 4.6.1.10263, time stamp:
0x4c8e9b5e Exception code: 0xc0000005 Fault offset: 0x0007dc96 Faulting process id:
0x12a8 Faulting application start time: 0x01cc8311ffea1f6c Faulting application path:
Q:\140066.enu\Office14\OffSpon.EXE Faulting module path: C:\windows\system32\sftldr_wow64.dll
Report
Id: 3ec5eeb6-ef05-11e0-8cea-00266c8c8eb8

Error - 10/4/2011 11:51:28 PM | Computer Name = PrincessShantel | Source = Application Error | ID = 1000
Description = Faulting application name: OffSpon.EXE, version: 0.0.0.0, time stamp:
0x4b8a345a Faulting module name: sftldr_wow64.dll, version: 4.6.1.10263, time stamp:
0x4c8e9b5e Exception code: 0xc0000005 Fault offset: 0x0007dc96 Faulting process id:
0x1184 Faulting application start time: 0x01cc83120f41ea6c Faulting application path:
Q:\140066.enu\Office14\OffSpon.EXE Faulting module path: C:\windows\system32\sftldr_wow64.dll
Report
Id: 4dc3b248-ef05-11e0-8cea-00266c8c8eb8

Error - 10/4/2011 11:51:54 PM | Computer Name = PrincessShantel | Source = Application Error | ID = 1000
Description = Faulting application name: OffSpon.EXE, version: 0.0.0.0, time stamp:
0x4b8a345a Faulting module name: sftldr_wow64.dll, version: 4.6.1.10263, time stamp:
0x4c8e9b5e Exception code: 0xc0000005 Fault offset: 0x0007dc96 Faulting process id:
0x10d0 Faulting application start time: 0x01cc83121e3cef32 Faulting application path:
Q:\140066.enu\Office14\OffSpon.EXE Faulting module path: C:\windows\system32\sftldr_wow64.dll
Report
Id: 5ccc24b5-ef05-11e0-8cea-00266c8c8eb8

Error - 10/4/2011 11:53:05 PM | Computer Name = PrincessShantel | Source = Application Error | ID = 1000
Description = Faulting application name: OffSpon.EXE, version: 0.0.0.0, time stamp:
0x4b8a345a Faulting module name: sftldr_wow64.dll, version: 4.6.1.10263, time stamp:
0x4c8e9b5e Exception code: 0xc0000005 Fault offset: 0x00044c2a Faulting process id:
0xc34 Faulting application start time: 0x01cc831248a46445 Faulting application path:
Q:\140066.enu\Office14\OffSpon.EXE Faulting module path: C:\windows\system32\sftldr_wow64.dll
Report
Id: 8746379e-ef05-11e0-8cea-00266c8c8eb8

Error - 10/4/2011 11:53:28 PM | Computer Name = PrincessShantel | Source = Application Error | ID = 1000
Description = Faulting application name: OffSpon.EXE, version: 0.0.0.0, time stamp:
0x4b8a345a Faulting module name: sftldr_wow64.dll, version: 4.6.1.10263, time stamp:
0x4c8e9b5e Exception code: 0xc0000005 Fault offset: 0x0007dc96 Faulting process id:
0x384 Faulting application start time: 0x01cc8312568d37ed Faulting application path:
Q:\140066.enu\Office14\OffSpon.EXE Faulting module path: C:\windows\system32\sftldr_wow64.dll
Report
Id: 9536d3b5-ef05-11e0-8cea-00266c8c8eb8

Error - 10/4/2011 11:53:52 PM | Computer Name = PrincessShantel | Source = Application Error | ID = 1000
Description = Faulting application name: OffSpon.EXE, version: 14.0.4750.1000, time
stamp: 0x4b8a345a Faulting module name: sftldr_wow64.dll, version: 4.6.1.10263,
time stamp: 0x4c8e9b5e Exception code: 0xc0000005 Fault offset: 0x0007dc96 Faulting
process id: 0xf88 Faulting application start time: 0x01cc831264ab72ce Faulting application
path: Q:\140066.enu\Office14\OffSpon.EXE Faulting module path: C:\windows\system32\sftldr_wow64.dll
Report
Id: a359efb2-ef05-11e0-8cea-00266c8c8eb8

Error - 10/5/2011 12:04:04 AM | Computer Name = PrincessShantel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/5/2011 11:57:54 AM | Computer Name = PrincessShantel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/5/2011 3:53:04 PM | Computer Name = PrincessShantel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 10/8/2011 8:31:03 AM | Computer Name = PrincessShantel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/8/2011 8:31:03 AM | Computer Name = PrincessShantel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/8/2011 8:31:05 AM | Computer Name = PrincessShantel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/8/2011 8:31:09 AM | Computer Name = PrincessShantel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/8/2011 8:31:12 AM | Computer Name = PrincessShantel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/8/2011 8:47:16 AM | Computer Name = PrincessShantel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/8/2011 8:50:11 AM | Computer Name = PrincessShantel | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/8/2011 8:52:21 AM | Computer Name = PrincessShantel | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 10/8/2011 8:53:30 AM | Computer Name = PrincessShantel | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/8/2011 8:53:36 AM | Computer Name = PrincessShantel | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

Edited by njlock, 08 October 2011 - 08:36 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
Uninstall
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java™ 6 Update 17
Toshiba Laptop Checkup
Adobe Reader 9.3

Download, Save and Install by right clicking and Run As Administrator (some software may not want to install as Administrator so just install it by double clicking to run it):

The latest Java from: http://www.java.com/...nload/index.jsp
The latest version of Adobe Reader from: http://www.adobe.com...cts/reader.html

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\rsvpsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\rsvpsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
[2011/09/29 01:38:15 | 000,000,000 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\{62B40893-A939-474A-8592-995BF1C9383F}
[2011/09/28 19:19:33 | 000,000,000 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\{AEA11880-FFD2-4887-B83C-D09B32004181}
[2011/01/28 16:45:34 | 000,000,120 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\Fjopiroquqo.dat
[2011/01/28 16:45:34 | 000,000,000 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Local\Azezogune.bin
[2011/10/05 12:00:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aQdKg9YwVlBPy
[2011/10/05 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OL9gTXqjYeIrOtA
[2011/10/05 11:59:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WlOBtzP0yAiDoFp
[2011/10/05 11:59:39 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GelIBtzPNc1v2b4
[2011/10/05 11:59:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ijUCekIBrOyAuSi
[2011/10/05 11:59:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\o6dWK8fRLhXjCk
[2011/10/05 11:59:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OaQH6sZqjC
[2011/10/05 11:59:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bsWJ7fEL8Tqlz0c
[2011/10/05 11:59:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\U6KRhwCIzy1Sb3G
[2011/10/05 11:59:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\j6KRhwCIzy1Sb3G
[2011/10/05 11:59:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\oKfZhXUCeIrNAu2
[2011/10/05 11:58:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OReAmRISHT
[2011/10/05 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mYCekIVrzN
[2011/10/05 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XEYeyns8XB14JZI
[2011/10/05 11:58:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\V4gAHgBDdCSdCvH
[2011/10/05 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wsUvd04Ke1Qwx
[2011/10/05 11:58:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fGj28zGXuW
[2011/10/05 00:24:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DGtC4IW2T3B
[2011/10/05 00:24:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fNJy7vtd1Zsl6
[2011/10/05 00:24:51 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eZoYFCGtC4IW2T
[2011/10/05 00:24:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vTCrtcpa7TCrx1o
[2011/10/05 00:24:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AdRXlNv35dLqkOA
[2011/10/05 00:24:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gnHdRYez1bGJ89U
[2011/10/05 00:24:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DoafXk0FHRYNSGK
[2011/10/05 00:24:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\G1J9AaLBSWTVA
[2011/10/05 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qI8GSGJAasri
[2011/10/05 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AG7hO1aEwzD5gjN
[2011/10/05 00:24:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\J4ylTfp2crZJQZy
[2011/10/05 00:24:06 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BJjAQXu36hkybQR
[2011/10/05 00:23:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O36LYrPiGs
[2011/10/05 00:23:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cBgWpurj74vlXRW
[2011/10/05 00:23:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WgkxDH9IPosTl1m
[2011/10/05 00:23:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\p1FsKYePuFsRUPS
[2011/10/05 00:23:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RKiO8dn0Cfaie73
[2011/10/05 00:23:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LEYO14dhlAFJZey
[2011/10/05 00:23:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\IPTdn0UfaFyUs1e
[2011/10/05 00:23:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\yFH9etiH9wxaECB
[2011/10/05 00:23:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WZkNcoHfqUt1n5E
[2011/10/05 00:23:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\NcGKjlcG7qr
[2011/10/05 00:22:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RZwlzxvbmQWRTCB
[2011/10/05 00:22:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gYVtADFH789wlz
[2011/10/05 00:22:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FKDBL5bORGPkE3N
[2011/10/05 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\YeAnRVc4Lk
[2011/10/05 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\T3WXr2HTNbsZ
[2011/10/05 00:22:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\SXypfIS6qxnLIca
[2011/10/05 00:22:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AI5yh4x82e6v
[2011/10/05 00:22:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\boe7vk6zRnNLvjQ
[2011/10/05 00:22:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Bua9lDJwyaRO27j
[2011/10/05 00:22:21 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zKSYWDVscj4OK2I
[2011/10/05 00:21:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DUPD58wtvGKwru
[2011/10/05 00:21:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BVQATntT5Ph62rJ
[2011/10/05 00:21:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ak5N93VE3zLFyYs
[2011/10/05 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\EkuGfw0mLXBipdh
[2011/10/05 00:21:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pdXOi6Tr2Q9Vc4L
[2011/10/05 00:21:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ooJYtDQ9ybQZCNo
[2011/10/05 00:21:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nHlsPWxg2ksO
[2011/10/05 00:21:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\n8wtvmEXB14EhCz
[2011/10/05 00:21:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WwpjbZy7BGlmVGr
[2011/10/05 00:21:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CtSGs8kxvmLXBip
[2011/10/05 00:21:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FtiaqIPiaJTV
[2011/10/05 00:20:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\KNmBmXusjFfl4hN
[2011/10/05 00:20:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qKXtumETB13dhIA
[2011/10/05 00:20:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\j8YOco5EqU
[2011/10/05 00:20:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aObR06Tl1d
[2011/10/05 00:20:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l3lFZyHIi
[2011/10/05 00:20:38 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RjzSm9Iun7COSn
[2011/10/05 00:20:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fly3He0HEUNKjzS
[2011/10/05 00:20:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\HtJhymhyG9zF7I3
[2011/10/05 00:20:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GdYymhyG9zF7I
[2011/10/05 00:20:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PmXnhvEkHrJNd1X
[2011/10/05 00:20:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\I6qx5qx4qP6wcHq
[2011/10/05 00:20:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mS8BmqcJVof2LP5
[2011/10/05 00:20:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LLrvsqzFhB2JhIv
[2011/10/05 00:20:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\yt49cQjxahyQ9r2
[2011/10/05 00:20:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TN26I4h2jbZzaCi
[2011/10/05 00:20:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WsXAGqxn9OF7k27
[2011/10/05 00:20:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\taq06wcJwA5YNmh
[2011/10/05 00:20:06 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mOGTxahP5Y0mZzF
[2011/10/05 00:20:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Q1bHYcpRUbgyEAf
[2011/10/05 00:20:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\o8r5qvKkifr3Lln
[2011/10/05 00:19:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dQhr26qAG9zD
[2011/10/05 00:19:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PV48UyFdXNGRlua
[2011/10/05 00:19:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FkndXP2J9zpKUxG
[2011/10/05 00:19:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\A39Naq0sV4YDgNK
[2011/10/05 00:19:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rNxA2mfwyshzbHq
[2011/10/05 00:19:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FXSLAWOHIGCFkpI
[2011/10/05 00:19:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fO5lHzJr6O
[2011/10/05 00:19:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\A1S2p4WRVlyANlw
[2011/10/05 00:19:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zUnV6A96tgoV6yW
[2011/10/05 00:19:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kIzztubmghC
[2011/10/05 00:18:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eWOQenCDTcdzdtQ
[2011/10/05 00:18:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\k9DhSL0Wz6r4CD
[2011/10/05 00:18:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FnesPdP6rGYDji8
[2011/10/05 00:18:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\z00zPNzjjq8sZTf
[2011/10/05 00:18:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Oc0Scvu0A00zP
[2011/10/05 00:18:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OrWPESZvvhbea
[2011/10/05 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\HuY4lstEyUf
[2011/10/05 00:18:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kWyWcgcTiR1gvZb
[2011/10/05 00:18:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\HO9hKFzga0XJvrj
[2011/10/05 00:18:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gtLWcgvXFrKuCHB
[2011/10/05 00:18:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dWcgvXFrKuCHBsz
[2011/10/05 00:18:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\iegWm3AtURHSIL3
[2011/10/05 00:18:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xUW1YmNZFyfu9nw
[2011/10/05 00:18:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\W1qsPf2UaNLi
[2011/10/05 00:18:02 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aIRnrJ1XsujJuY6
[2011/10/05 00:17:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\SZDh4e5z8uUGN
[2011/10/05 00:17:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\IuToeJyhpC6OKxE
[2011/10/05 00:17:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\tOZJDBRGyk
[2011/10/05 00:17:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XlJPEcRbjm
[2011/10/05 00:17:37 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ivUWikW1VwJDI
[2011/10/05 00:17:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Y4lWchpzRFr9GN9
[2011/10/05 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Q4I4k4k4V4eWuLi
[2011/10/05 00:17:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QVHB71T3BKcqGlE
[2011/10/05 00:17:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mdotZpB7AgHBWPK
[2011/10/05 00:17:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nVmrgiqvXmI5
[2011/10/05 00:17:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l6rGCnXDw4esImI
[2011/10/05 00:16:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ytn8zGT1KrpgxQ
[2011/10/05 00:16:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Htn8zGT1KrpgxQ
[2011/10/05 00:16:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\f2f16e2fOGT06
[2011/10/05 00:16:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Ghx5TtGgAHYSLS7
[2011/10/05 00:16:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WbsYoEVD7log
[2011/10/05 00:16:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rGwvKrnqS
[2011/10/05 00:16:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cwP3JwPFEk0F
[2011/10/05 00:16:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OzngBFRrmhNnL
[2011/10/05 00:16:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vipdYBupETIAGRe
[2011/10/05 00:16:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lcbJ9CN3K
[2011/10/05 00:16:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GdZjBx2p69CrA2G
[2011/10/05 00:02:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lonnF4pmHsQJdK8
[2011/10/05 00:02:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QwwjUVelItzPyAu
[2011/10/05 00:02:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\s1uvv22bF4pGsJd
[2011/10/05 00:02:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ajUUCekIrzONx
[2011/10/05 00:01:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\InG55QQ6dWKfLgT
[2011/10/05 00:01:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Y666sWKL9gTqY
[2011/10/05 00:01:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\J0uucS2iD
[2011/10/05 00:01:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\g8gTTqqYCwkVlO
[2011/10/05 00:01:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mffEL8gTZqYCkVl
[2011/10/05 00:00:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PF4ppHHsQJ7E8R
[2011/10/05 00:00:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\NzzPNyyA1uD2b4m
[2011/10/05 00:00:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UA11uvD2bF4pGsJ
[2011/10/05 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\fdWKKffR9hTqUCk
[2011/10/04 23:59:51 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lUCeeIIrzONx0vS
[2011/10/04 23:59:37 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BiibD33nG4QHsKf
[2011/10/04 23:59:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O77fEL9gTZjYwIr
[2011/10/04 23:59:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rUVrrOOtxP0c1v3
[2011/10/04 23:58:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Y4aamH5sJ7dE8Rq
[2011/10/04 23:58:41 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zllIBtzPNyA1v
[2011/10/04 23:58:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O8ffRZ9hTwjUeIr
[2011/10/04 23:58:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vvvS2ibF3pG5Q
[2011/10/04 23:58:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RgTXXjjYekIrONx
[2011/10/04 23:57:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\o7fRRL9gTqjYeIr
[2011/10/04 23:57:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bD33onG4aH6sJf
[2011/10/04 23:57:18 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PZqqhYCwUVrlBx0
[2011/10/04 23:57:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\T5sQQJ7dK8gZ
[2011/10/04 23:56:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\L55sQJ6dEKfR9T
[2011/10/04 23:56:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wBBrzONyxAuv2b3
[2011/10/04 23:56:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\VG55aQH6WK7fLgX
[2011/10/04 23:56:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\K0uucS1ib3on4m6
[2011/10/04 23:55:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TOBttxP0cS1vDoF
[2011/10/04 23:55:41 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pRZZqhYXw
[2011/10/04 23:55:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lellIBtzNycAuDo
[2011/10/04 23:55:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bvDD2obF4mG5Q6E
[2011/10/04 23:54:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OBrzzNNxA0uSiF3
[2011/10/04 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xYCeeIIrzONx0u
[2011/10/04 23:54:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cSS1ibD3on4aHsJ
[2011/10/04 23:54:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kEELLggZqhYwUrO
[2011/10/04 23:54:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\VnnFFppH5sJ7
[2011/10/04 23:53:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\v2oonF4pH5sQ7E8
[2011/10/04 23:53:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QUVeeIItzPNc1vD
[2011/10/04 23:53:21 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vbF33pmGaQ
[2011/10/04 23:53:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\sWK88fRLhTXjUeI
[2011/10/04 23:52:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\V77fRL9gTqjYeIr
[2011/10/04 23:52:39 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ekkIIrrONtx0c2
[2011/10/04 23:52:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\JccSSiiD3oG4
[2011/10/04 23:52:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\iJ7ffEL8TZqYC
[2011/10/04 23:51:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\lonFFppm5
[2011/10/04 23:51:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aXXwjUUelItzN
[2011/10/04 23:51:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cddEK8fRZ
[2011/10/04 23:51:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Ryyxx00vS2bFpG
[2011/10/04 23:51:02 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RaQH66dK7fL9Tq
[2011/10/04 23:50:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CnGG4amH6WJ7E8
[2011/10/04 23:50:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xqjjYCwkIrlOtPu
[2011/10/04 23:50:18 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mVrlONtP0c1iDoG
[2011/10/04 23:50:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\aD3onG4am6W7E8T
[2011/10/04 23:49:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ConF4amH5W7
[2011/10/04 23:49:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\U8gRZqhYXkV
[2011/10/04 23:49:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wIBtzPNyc1
[2011/10/04 23:49:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l4pmG5sQJdKf
[2011/10/04 23:48:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nuvS2obF3
[2011/10/04 23:48:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mdWK7fRL9T
[2011/10/04 23:48:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UtxA0ucS2b3n4Q
[2011/10/04 23:48:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UTZqhYCwkVlBx0c
[2011/10/04 23:47:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pUVrlOBtx0c1v3n
[2011/10/04 23:47:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\SvD3onF4aHsJdLg
[2011/10/04 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TqhYXwkUVlBz
[2011/10/04 23:47:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\msQJ6dEK8R9TwUe
[2011/10/04 23:47:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vYYYXwwjUV
[2011/10/04 23:46:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QNyyxxA1uvD2bFp
[2011/10/04 23:46:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cqqqjUUCekIBzOy
[2011/10/04 23:46:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UhhhTXXqjUCeIBz
[2011/10/04 23:46:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hddWWK77f
[2011/10/04 23:45:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TooobFF3pmG5
[2011/10/04 23:45:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DZ9hYXwjUeI
[2011/10/04 23:45:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\edWK8fRL9TqUeIr
[2011/10/04 23:44:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CJ7dEL8gRqYwUeO
[2011/10/04 23:44:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\B9gTXqjYCkVzNx0
[2011/10/04 23:44:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\OcA1ivD2oFpHsJd
[2011/10/04 23:44:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eK8gRZ9hYwUeIt
[2011/10/04 23:43:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\g3onG4amHsJfLgZ
[2011/10/04 23:43:38 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O9hTXqjUCkBzNx0
[2011/10/04 23:43:22 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LRZ9hYXwjVlBzNc
[2011/10/04 23:43:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dWJ7dEL8gZhXkVl
[2011/10/04 23:42:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\l8fRL9hTX
[2011/10/04 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Z1ivD2onFpHsJdK
[2011/10/04 23:42:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BekIVrzONx
[2011/10/04 23:42:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\PtttzPNyc12oFpG
[2011/10/04 23:41:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\b9gTZqjYCkVlNx
[2011/10/04 23:41:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\KyxA1uvS2b3m5Q6
[2011/10/04 23:41:10 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XhhYCwkUVr
[2011/10/04 23:40:54 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\H7fRL9gTXjCkVzN
[2011/10/04 23:40:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\v3onF4amHsJE8Rq
[2011/10/04 23:40:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mrzONtxA0c2b3n4
[2011/10/04 23:40:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qqjUCekIBzNx0v2
[2011/10/04 23:39:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\K3pmG5aQJdKfLhX
[2011/10/04 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\upG5sQJ6dKfZhXj
[2011/10/04 23:39:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\kzP0ycA1v2n4m5Q
[2011/10/04 23:39:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hibD3onG4
[2011/10/04 23:38:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\n6sWK7fELgZjCkV
[2011/10/04 23:38:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BZqhYXwkUeOtPyA
[2011/10/04 23:38:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qgTZqjYCwIrOtPu
[2011/10/04 23:37:59 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XH6dWK7fR9TqYeI
[2011/10/04 23:37:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\B5aQH6dWKfLgXjC
[2011/10/04 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\RPNycA1uv2b4m5Q
[2011/10/04 23:37:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\UkUVelOBtPyAiD
[2011/10/04 23:36:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\StxP0yyS1i3n4
[2011/10/04 23:36:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xkkVVllNtxPuSiD
[2011/10/04 23:36:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\eNyxA0uvSiF
[2011/10/04 23:36:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\imG5aQJ6dKfLhXj
[2011/10/04 23:35:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\pF4pmG5sQ6E8
[2011/10/04 23:35:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nelOBtPD2n4HsJd
[2011/10/04 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bYCwkIVrlNx
[2011/10/04 23:35:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\v9gTXqjYCkVzNx0
[2011/10/04 23:34:53 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\S5aQJ6dWKf
[2011/10/04 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hJ7dEK8gR9YwUeI
[2011/10/04 23:34:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cRZ9hTXwjClrPyA
[2011/10/04 23:34:04 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XXwjUCelIrPyAuS
[2011/10/04 23:33:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AlIBtzPNyAuDoFp
[2011/10/04 23:33:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rVelIBtzP
[2011/10/04 23:33:19 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wVelBtzP0c1v2n4
[2011/10/04 23:33:03 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\hYCwkUVrlBx0c1v
[2011/10/04 23:32:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QfEL9gTZqYwIrOt
[2011/10/04 23:32:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vxA00ccSiD3pGaH
[2011/10/04 23:32:18 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xobF3pmG5Q6W8R9
[2011/10/04 23:32:02 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\O1uvD2obFpGsJdK
[2011/10/04 23:31:47 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mtzP0ycA1v2n4m5
[2011/10/04 23:31:32 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LgRZqhYXwUeOtPy
[2011/10/04 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\wbD46sWJ7E8TqYw
[2011/10/04 23:31:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\oYCwkIVrlNx0c1b
[2011/10/04 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\IA0uvS2ib3n5
[2011/10/04 23:30:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\GL9hTXqjCe
[2011/10/04 23:30:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\FdEK8gRZ9YwUeIt
[2011/10/04 23:30:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\N4pmH5sQJdK
[2011/10/04 23:29:43 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gucS2ibD3naQ6W7
[2011/10/04 23:29:26 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bsQJ6dEK8R9TwUe
[2011/10/04 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ixA0ucS2iDpGaHs
[2011/10/04 23:28:52 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TVVelIBtzNyc1Do
[2011/10/04 23:28:36 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xVrllBBtP0ySiv3
[2011/10/04 23:28:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\tRL9gTXqjCkVzNx
[2011/10/04 23:28:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XJ6dWK8fR9TqUeI
[2011/10/04 23:27:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vzPNyxA1uSoFpGa
[2011/10/04 23:27:35 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WuvD2obF4m5Q6E8
[2011/10/04 23:27:20 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nQJ6dEK8fZhXjCl
[2011/10/04 23:27:05 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\cOBtzP0yc1v2n4m
[2011/10/04 23:26:48 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\T0ucS1ibD
[2011/10/04 23:26:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ThYXwjUVeItPyAu
[2011/10/04 23:26:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QamH5sWJ7E8
[2011/10/04 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\BONtxPuibD
[2011/10/04 23:25:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vD3pnG4aQ6W7E9T
[2011/10/04 23:25:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LpmG5aQJ6W8R9Tq
[2011/10/04 23:25:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QpmH5sQJ7E8R9Yw
[2011/10/04 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vtxP0ucS1b
[2011/10/04 23:24:41 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\nucS2ibD3n4Q
[2011/10/04 23:24:25 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xRZ9hTXwjClBzNx
[2011/10/04 23:24:08 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\x3G4aQH6sKfLCk
[2011/10/04 23:23:50 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ojUVelIBtPyAuDo
[2011/10/04 23:23:34 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\p3pnG4aQHsKf
[2011/10/04 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qvS2obF3pQ6W
[2011/10/04 23:23:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xjYCwkIVrOtPuSi
[2011/10/04 23:22:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\VONtxA0uc2b3
[2011/10/04 23:22:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\dXwjUVelI
[2011/10/04 23:22:12 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\w3onF4amHs
[2011/10/04 23:21:56 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zF3pnG5aQ6W7R
[2011/10/04 23:21:39 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XUVelIBtzNc1v2b
[2011/10/04 23:21:23 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AxP0ucS1iDoG
[2011/10/04 23:21:07 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zqjUCekIBzNx0v2
[2011/10/04 23:20:49 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rTZqhYCwkVlB
[2011/10/04 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TbF3pnG5aHdKfLg
[2011/10/04 23:20:17 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mycA1ivD2n4m5Q7
[2011/10/04 23:20:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\QWJ7dEL8gZh
[2011/10/04 23:19:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\f3pnG4aQHsKfLgZ
[2011/10/04 23:19:30 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\oxA0ucSib3n4Q6W
[2011/10/04 23:19:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\C9hTXqjUCkBzNx0
[2011/10/04 23:19:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\YmmGGa6WKf
[2011/10/04 23:18:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\WUVelIBtzNc1v2b
[2011/10/04 23:18:28 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\rmH6sWJ7fLgZ
[2011/10/04 23:18:11 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\JxA1uvS2oFpGaJd
[2011/10/04 23:17:57 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\iRL9hTXqjCkBzNx
[2011/10/04 23:17:42 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\zrzPNyxA1v2b3m5
[2011/10/04 23:17:27 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\jbF3pmG5aJdKfLh
[2011/10/04 23:17:13 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\CCelIBrzPyAuSoF
[2011/10/04 23:16:58 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\jpmG5aQJ6W
[2011/10/04 23:16:44 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\qCelIBrzPyAuSoF
[2011/10/04 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\AmG5aQJ6dKfL
[2011/10/04 23:16:14 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\xelIBrzPNx1v2b3
[2011/10/04 23:16:00 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\yxA1uvS2oFpGaJd
[2011/10/04 23:15:45 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\mK8fRZ9hTwUeI
[2011/10/04 23:15:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LmG5aQJ6dKfLhX
[2011/10/04 23:15:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\chTXwjUCeIrPyAu
[2011/10/04 23:15:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\TjUCelIBrPyAuSo
[2011/10/04 23:14:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\XmG5sQJ6dK
[2011/10/04 23:14:31 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\tgRZ9hYXwUeItNc
[2011/10/04 23:14:15 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\vsWJ7fEL8T
[2011/10/04 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\uBtxP0ycSiDoFaH
[2011/10/04 23:13:46 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\znG4amH6sJfLgZh
[2011/10/04 23:08:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\ysQJ7dEK8R9YwUe
[2011/10/04 23:08:16 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\bVelOBtzPyAiDoF
[2011/10/04 15:00:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\LPPP0yycA1iDon4
[2011/10/04 15:00:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\gZqqhhYXwkUVlOt
[2011/10/04 15:00:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\j8ggTTZqhYCwUVl
[2011/10/04 15:00:40 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\DccSS1iivDonFa

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
c:\windows\SysWow64\sho8E7F.tmp
c:\windows\SysWow64\shoCF0.tmp
c:\windows\SysWow64\sho81FB.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    
:Commands
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Thanks, Ron; seems to be running much better already.I deleted tuneup utilities 2011, but unable to find the language pack to delete?

Why was it necessary to delete this? is not considered a usefull program?


========== PROCESSES ==========
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Princess Shantell\AppData\Local\{62B40893-A939-474A-8592-995BF1C9383F} moved successfully.
C:\Users\Princess Shantell\AppData\Local\{AEA11880-FFD2-4887-B83C-D09B32004181} moved successfully.
C:\Users\Princess Shantell\AppData\Local\Fjopiroquqo.dat moved successfully.
C:\Users\Princess Shantell\AppData\Local\Azezogune.bin moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\aQdKg9YwVlBPy folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\OL9gTXqjYeIrOtA folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\WlOBtzP0yAiDoFp folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\GelIBtzPNc1v2b4 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ijUCekIBrOyAuSi folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\o6dWK8fRLhXjCk folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\OaQH6sZqjC folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\bsWJ7fEL8Tqlz0c folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\U6KRhwCIzy1Sb3G folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\j6KRhwCIzy1Sb3G folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\oKfZhXUCeIrNAu2 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\OReAmRISHT folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\mYCekIVrzN folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\XEYeyns8XB14JZI folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\V4gAHgBDdCSdCvH folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\wsUvd04Ke1Qwx folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\fGj28zGXuW folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\DGtC4IW2T3B folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\fNJy7vtd1Zsl6 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\eZoYFCGtC4IW2T folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\vTCrtcpa7TCrx1o folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\AdRXlNv35dLqkOA folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\gnHdRYez1bGJ89U folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\DoafXk0FHRYNSGK folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\G1J9AaLBSWTVA folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\qI8GSGJAasri folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\AG7hO1aEwzD5gjN folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\J4ylTfp2crZJQZy folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\BJjAQXu36hkybQR folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\O36LYrPiGs folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\cBgWpurj74vlXRW folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\WgkxDH9IPosTl1m folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\p1FsKYePuFsRUPS folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\RKiO8dn0Cfaie73 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\LEYO14dhlAFJZey folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\IPTdn0UfaFyUs1e folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\yFH9etiH9wxaECB folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\WZkNcoHfqUt1n5E folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\NcGKjlcG7qr folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\RZwlzxvbmQWRTCB folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\gYVtADFH789wlz folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\FKDBL5bORGPkE3N folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\YeAnRVc4Lk folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\T3WXr2HTNbsZ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\SXypfIS6qxnLIca folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\AI5yh4x82e6v folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\boe7vk6zRnNLvjQ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\Bua9lDJwyaRO27j folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\zKSYWDVscj4OK2I folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\DUPD58wtvGKwru folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\BVQATntT5Ph62rJ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ak5N93VE3zLFyYs folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\EkuGfw0mLXBipdh folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\pdXOi6Tr2Q9Vc4L folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ooJYtDQ9ybQZCNo folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\nHlsPWxg2ksO folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\n8wtvmEXB14EhCz folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\WwpjbZy7BGlmVGr folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\CtSGs8kxvmLXBip folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\FtiaqIPiaJTV folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\KNmBmXusjFfl4hN folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\qKXtumETB13dhIA folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\j8YOco5EqU folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\aObR06Tl1d folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\l3lFZyHIi folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\RjzSm9Iun7COSn folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\fly3He0HEUNKjzS folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\HtJhymhyG9zF7I3 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\GdYymhyG9zF7I folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\PmXnhvEkHrJNd1X folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\I6qx5qx4qP6wcHq folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\mS8BmqcJVof2LP5 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\LLrvsqzFhB2JhIv folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\yt49cQjxahyQ9r2 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\TN26I4h2jbZzaCi folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\WsXAGqxn9OF7k27 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\taq06wcJwA5YNmh folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\mOGTxahP5Y0mZzF folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\Q1bHYcpRUbgyEAf folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\o8r5qvKkifr3Lln folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\dQhr26qAG9zD folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\PV48UyFdXNGRlua folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\FkndXP2J9zpKUxG folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\A39Naq0sV4YDgNK folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\rNxA2mfwyshzbHq folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\FXSLAWOHIGCFkpI folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\fO5lHzJr6O folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\A1S2p4WRVlyANlw folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\zUnV6A96tgoV6yW folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\kIzztubmghC folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\eWOQenCDTcdzdtQ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\k9DhSL0Wz6r4CD folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\FnesPdP6rGYDji8 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\z00zPNzjjq8sZTf folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\Oc0Scvu0A00zP folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\OrWPESZvvhbea folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\HuY4lstEyUf folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\kWyWcgcTiR1gvZb folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\HO9hKFzga0XJvrj folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\gtLWcgvXFrKuCHB folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\dWcgvXFrKuCHBsz folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\iegWm3AtURHSIL3 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\xUW1YmNZFyfu9nw folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\W1qsPf2UaNLi folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\aIRnrJ1XsujJuY6 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\SZDh4e5z8uUGN folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\IuToeJyhpC6OKxE folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\tOZJDBRGyk folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\XlJPEcRbjm folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ivUWikW1VwJDI folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\Y4lWchpzRFr9GN9 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\Q4I4k4k4V4eWuLi folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\QVHB71T3BKcqGlE folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\mdotZpB7AgHBWPK folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\nVmrgiqvXmI5 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\l6rGCnXDw4esImI folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ytn8zGT1KrpgxQ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\Htn8zGT1KrpgxQ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\f2f16e2fOGT06 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\Ghx5TtGgAHYSLS7 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\WbsYoEVD7log folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\rGwvKrnqS folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\cwP3JwPFEk0F folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\OzngBFRrmhNnL folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\vipdYBupETIAGRe folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\lcbJ9CN3K folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\GdZjBx2p69CrA2G folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\lonnF4pmHsQJdK8 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\QwwjUVelItzPyAu folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\s1uvv22bF4pGsJd folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ajUUCekIrzONx folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\InG55QQ6dWKfLgT folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\Y666sWKL9gTqY folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\J0uucS2iD folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\g8gTTqqYCwkVlO folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\mffEL8gTZqYCkVl folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\PF4ppHHsQJ7E8R folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\NzzPNyyA1uD2b4m folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\UA11uvD2bF4pGsJ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\fdWKKffR9hTqUCk folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\lUCeeIIrzONx0vS folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\BiibD33nG4QHsKf folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\O77fEL9gTZjYwIr folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\rUVrrOOtxP0c1v3 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\Y4aamH5sJ7dE8Rq folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\zllIBtzPNyA1v folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\O8ffRZ9hTwjUeIr folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\vvvS2ibF3pG5Q folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\RgTXXjjYekIrONx folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\o7fRRL9gTqjYeIr folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\bD33onG4aH6sJf folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\PZqqhYCwUVrlBx0 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\T5sQQJ7dK8gZ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\L55sQJ6dEKfR9T folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\wBBrzONyxAuv2b3 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\VG55aQH6WK7fLgX folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\K0uucS1ib3on4m6 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\TOBttxP0cS1vDoF folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\pRZZqhYXw folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\lellIBtzNycAuDo folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\bvDD2obF4mG5Q6E folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\OBrzzNNxA0uSiF3 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\xYCeeIIrzONx0u folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\cSS1ibD3on4aHsJ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\kEELLggZqhYwUrO folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\VnnFFppH5sJ7 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\v2oonF4pH5sQ7E8 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\QUVeeIItzPNc1vD folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\vbF33pmGaQ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\sWK88fRLhTXjUeI folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\V77fRL9gTqjYeIr folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ekkIIrrONtx0c2 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\JccSSiiD3oG4 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\iJ7ffEL8TZqYC folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\lonFFppm5 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\aXXwjUUelItzN folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\cddEK8fRZ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\Ryyxx00vS2bFpG folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\RaQH66dK7fL9Tq folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\CnGG4amH6WJ7E8 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\xqjjYCwkIrlOtPu folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\mVrlONtP0c1iDoG folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\aD3onG4am6W7E8T folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ConF4amH5W7 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\U8gRZqhYXkV folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\wIBtzPNyc1 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\l4pmG5sQJdKf folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\nuvS2obF3 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\mdWK7fRL9T folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\UtxA0ucS2b3n4Q folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\UTZqhYCwkVlBx0c folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\pUVrlOBtx0c1v3n folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\SvD3onF4aHsJdLg folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\TqhYXwkUVlBz folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\msQJ6dEK8R9TwUe folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\vYYYXwwjUV folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\QNyyxxA1uvD2bFp folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\cqqqjUUCekIBzOy folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\UhhhTXXqjUCeIBz folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\hddWWK77f folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\TooobFF3pmG5 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\DZ9hYXwjUeI folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\edWK8fRL9TqUeIr folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\CJ7dEL8gRqYwUeO folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\B9gTXqjYCkVzNx0 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\OcA1ivD2oFpHsJd folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\eK8gRZ9hYwUeIt folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\g3onG4amHsJfLgZ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\O9hTXqjUCkBzNx0 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\LRZ9hYXwjVlBzNc folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\dWJ7dEL8gZhXkVl folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\l8fRL9hTX folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\Z1ivD2onFpHsJdK folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\BekIVrzONx folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\PtttzPNyc12oFpG folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\b9gTZqjYCkVlNx folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\KyxA1uvS2b3m5Q6 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\XhhYCwkUVr folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\H7fRL9gTXjCkVzN folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\v3onF4amHsJE8Rq folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\mrzONtxA0c2b3n4 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\qqjUCekIBzNx0v2 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\K3pmG5aQJdKfLhX folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\upG5sQJ6dKfZhXj folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\kzP0ycA1v2n4m5Q folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\hibD3onG4 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\n6sWK7fELgZjCkV folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\BZqhYXwkUeOtPyA folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\qgTZqjYCwIrOtPu folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\XH6dWK7fR9TqYeI folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\B5aQH6dWKfLgXjC folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\RPNycA1uv2b4m5Q folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\UkUVelOBtPyAiD folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\StxP0yyS1i3n4 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\xkkVVllNtxPuSiD folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\eNyxA0uvSiF folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\imG5aQJ6dKfLhXj folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\pF4pmG5sQ6E8 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\nelOBtPD2n4HsJd folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\bYCwkIVrlNx folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\v9gTXqjYCkVzNx0 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\S5aQJ6dWKf folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\hJ7dEK8gR9YwUeI folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\cRZ9hTXwjClrPyA folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\XXwjUCelIrPyAuS folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\AlIBtzPNyAuDoFp folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\rVelIBtzP folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\wVelBtzP0c1v2n4 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\hYCwkUVrlBx0c1v folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\QfEL9gTZqYwIrOt folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\vxA00ccSiD3pGaH folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\xobF3pmG5Q6W8R9 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\O1uvD2obFpGsJdK folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\mtzP0ycA1v2n4m5 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\LgRZqhYXwUeOtPy folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\wbD46sWJ7E8TqYw folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\oYCwkIVrlNx0c1b folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\IA0uvS2ib3n5 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\GL9hTXqjCe folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\FdEK8gRZ9YwUeIt folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\N4pmH5sQJdK folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\gucS2ibD3naQ6W7 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\bsQJ6dEK8R9TwUe folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ixA0ucS2iDpGaHs folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\TVVelIBtzNyc1Do folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\xVrllBBtP0ySiv3 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\tRL9gTXqjCkVzNx folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\XJ6dWK8fR9TqUeI folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\vzPNyxA1uSoFpGa folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\WuvD2obF4m5Q6E8 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\nQJ6dEK8fZhXjCl folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\cOBtzP0yc1v2n4m folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\T0ucS1ibD folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ThYXwjUVeItPyAu folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\QamH5sWJ7E8 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\BONtxPuibD folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\vD3pnG4aQ6W7E9T folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\LpmG5aQJ6W8R9Tq folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\QpmH5sQJ7E8R9Yw folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\vtxP0ucS1b folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\nucS2ibD3n4Q folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\xRZ9hTXwjClBzNx folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\x3G4aQH6sKfLCk folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ojUVelIBtPyAuDo folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\p3pnG4aQHsKf folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\qvS2obF3pQ6W folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\xjYCwkIVrOtPuSi folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\VONtxA0uc2b3 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\dXwjUVelI folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\w3onF4amHs folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\zF3pnG5aQ6W7R folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\XUVelIBtzNc1v2b folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\AxP0ucS1iDoG folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\zqjUCekIBzNx0v2 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\rTZqhYCwkVlB folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\TbF3pnG5aHdKfLg folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\mycA1ivD2n4m5Q7 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\QWJ7dEL8gZh folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\f3pnG4aQHsKfLgZ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\oxA0ucSib3n4Q6W folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\C9hTXqjUCkBzNx0 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\YmmGGa6WKf folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\WUVelIBtzNc1v2b folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\rmH6sWJ7fLgZ folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\JxA1uvS2oFpGaJd folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\iRL9hTXqjCkBzNx folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\zrzPNyxA1v2b3m5 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\jbF3pmG5aJdKfLh folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\CCelIBrzPyAuSoF folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\jpmG5aQJ6W folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\qCelIBrzPyAuSoF folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\AmG5aQJ6dKfL folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\xelIBrzPNx1v2b3 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\yxA1uvS2oFpGaJd folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\mK8fRZ9hTwUeI folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\LmG5aQJ6dKfLhX folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\chTXwjUCeIrPyAu folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\TjUCelIBrPyAuSo folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\XmG5sQJ6dK folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\tgRZ9hYXwUeItNc folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\vsWJ7fEL8T folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\uBtxP0ycSiDoFaH folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\znG4amH6sJfLgZh folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\ysQJ7dEK8R9YwUe folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\bVelOBtzPyAiDoF folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\LPPP0yycA1iDon4 folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\gZqqhhYXwkUVlOt folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\j8ggTTZqhYCwUVl folder moved successfully.
C:\Users\Princess Shantell\AppData\Roaming\DccSS1iivDonFa folder moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Princess Shantell\Desktop\cmd.bat deleted successfully.
C:\Users\Princess Shantell\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Princess Shantell\Desktop\cmd.bat deleted successfully.
C:\Users\Princess Shantell\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Princess Shantell\Desktop\cmd.bat deleted successfully.
C:\Users\Princess Shantell\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Princess Shantell\Desktop\cmd.bat deleted successfully.
C:\Users\Princess Shantell\Desktop\cmd.txt deleted successfully.
c:\windows\SysWow64\sho8E7F.tmp moved successfully.
c:\windows\SysWow64\shoCF0.tmp moved successfully.
c:\windows\SysWow64\sho81FB.tmp moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== COMMANDS ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\: LSP stack updated.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.2.29.1 log created on 10082011_112056

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


after I ran the command prompt, I got "all drivers digitally signed"?


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/10/2011 1:24:04 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/10/2011 5:01:18 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 08/10/2011 5:01:18 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 08/10/2011 5:01:18 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 08/10/2011 5:00:17 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 08/10/2011 4:59:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/10/2011 3:29:51 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/10/2011 1:34:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/10/2011 4:59:26 PM
Type: Error Category: 0
Event: 4107 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/10/2011 5:09:23 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 08/10/2011 5:09:22 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [01d4f272-71b8-489b-85d3-97c263eac3b7]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [1df917db-3056-41af-bbac-0489a6b63d4d]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [e4b859d8-de3c-4f9a-b55d-cdc1253ccbdb]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Error checking dependency [bbcf0586-8b94-46eb-a2b4-c5fefbce2751]: Unable to retrieve registry value!

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]

Log: 'Application' Date/Time: 08/10/2011 5:00:27 PM
Type: Warning Category: 0
Event: 0 Source: TOSHIBA Service Station
Skipping empty element [tsu:setup_args]
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
The tuneup stuff is just snake oil. Can cause more trouble than it fixes.

There are some strange errors in your logs. You might look on the Toshiba site and see if there is a new version of TOSHIBA Service Station available as the current version is throwing a lot of errors.

Could you run OTL, quickscan again and post the log?

Ron
  • 0

#7
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
can I delete all that tobisha stuff? is it necessary?

Thanks Again btw!


OTL logfile created on: 08/10/2011 2:40:03 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Princess Shantell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 51.71% Memory free
5.73 Gb Paging File | 4.23 Gb Available in Paging File | 73.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.58 Gb Total Space | 239.00 Gb Free Space | 83.11% Space Free | Partition Type: NTFS

Computer Name: PRINCESSSHANTEL | User Name: Princess Shantell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 15:34:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Princess Shantell\Desktop\OTL.exe
PRC - [2011/09/30 11:12:41 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/12/09 19:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 19:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 11:12:40 | 000,412,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 11:12:39 | 003,696,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 11:11:13 | 000,142,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 11:11:12 | 000,253,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 11:11:10 | 002,403,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/29 16:06:57 | 008,587,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 19:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/12/09 19:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/13 14:09:08 | 000,297,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 16:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 16:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 16:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 16:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 16:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 16:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/31 17:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 11:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 18:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/15 15:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{26D55D66-F4E8-4642-A683-C1E67E4768B2}: C:\Users\Princess Shantell\AppData\Local\{26D55D66-F4E8-4642-A683-C1E67E4768B2}

[2011/01/26 14:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Princess Shantell\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: GameVance = C:\Users\Princess Shantell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\

O1 HOSTS File: ([2011/10/08 08:55:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCB55CC5-C4B0-4554-8237-E6619F65E4E3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/08 13:22:10 | 000,061,440 | ---- | C] ( ) -- C:\Users\Princess Shantell\Desktop\VEW.exe
[2011/10/08 11:20:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/08 11:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/10/08 11:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/10/08 11:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/10/08 10:52:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/08 10:52:16 | 000,000,000 | ---D | C] -- C:\Macromedia
[2011/10/08 10:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/08 10:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/08 09:31:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Princess Shantell\Desktop\aswMBR (1).exe
[2011/10/08 09:30:47 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Princess Shantell\Desktop\tdsskiller.exe
[2011/10/08 08:55:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/08 08:46:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/10/08 08:46:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/10/08 08:46:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/10/08 08:46:52 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/10/08 08:46:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/08 08:46:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/08 08:43:41 | 004,249,093 | R--- | C] (Swearware) -- C:\Users\Princess Shantell\Desktop\ComboFix.exe
[2011/10/07 15:34:07 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Princess Shantell\Desktop\OTL.exe
[2011/10/05 18:00:55 | 000,000,000 | ---D | C] -- C:\Users\Princess Shantell\AppData\Roaming\Malwarebytes
[2011/10/05 18:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/05 18:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/05 18:00:47 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/10/05 18:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/05 16:27:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/10/05 15:58:33 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2011/10/05 15:58:17 | 000,601,944 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2011/10/05 15:58:17 | 000,254,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/09/30 13:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/08 13:21:44 | 000,061,440 | ---- | M] ( ) -- C:\Users\Princess Shantell\Desktop\VEW.exe
[2011/10/08 13:06:27 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 13:06:27 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 13:05:49 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/08 13:05:49 | 000,624,668 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/08 13:05:49 | 000,106,754 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/08 12:58:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/08 12:58:29 | 2308,063,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/08 12:57:56 | 000,003,608 | ---- | M] () -- C:\bootsqm.dat
[2011/10/08 11:14:27 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/08 10:23:17 | 000,002,369 | ---- | M] () -- C:\Users\Princess Shantell\Desktop\Google Chrome.lnk
[2011/10/08 09:35:10 | 000,000,512 | ---- | M] () -- C:\Users\Princess Shantell\Desktop\MBR.dat
[2011/10/08 09:28:48 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Princess Shantell\Desktop\aswMBR (1).exe
[2011/10/08 09:28:28 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Princess Shantell\Desktop\tdsskiller.exe
[2011/10/08 08:55:38 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/10/08 08:43:48 | 004,249,093 | R--- | M] (Swearware) -- C:\Users\Princess Shantell\Desktop\ComboFix.exe
[2011/10/07 15:34:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Princess Shantell\Desktop\OTL.exe
[2011/10/07 15:27:30 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011/10/05 20:21:11 | 000,274,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/05 18:44:34 | 000,001,228 | ---- | M] () -- C:\Users\Princess Shantell\Desktop\Windows Explorer.lnk
[2011/10/05 18:03:29 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/30 11:02:15 | 011,224,111 | ---- | M] () -- C:\Users\Princess Shantell\Documents\xid-208399_1.pdf
[2011/09/28 03:14:19 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/09/18 09:45:30 | 000,116,014 | ---- | M] () -- C:\Users\Princess Shantell\AppData\Roaming\shoot_1a.jpg
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/08 12:57:56 | 000,003,608 | ---- | C] () -- C:\bootsqm.dat
[2011/10/08 11:14:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/08 11:14:27 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/08 10:23:17 | 000,002,369 | ---- | C] () -- C:\Users\Princess Shantell\Desktop\Google Chrome.lnk
[2011/10/08 09:35:10 | 000,000,512 | ---- | C] () -- C:\Users\Princess Shantell\Desktop\MBR.dat
[2011/10/08 08:46:57 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/10/08 08:46:57 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/10/08 08:46:57 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/10/08 08:46:57 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/10/08 08:46:57 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/10/05 18:44:34 | 000,001,228 | ---- | C] () -- C:\Users\Princess Shantell\Desktop\Windows Explorer.lnk
[2011/10/05 18:00:51 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/30 11:02:15 | 011,224,111 | ---- | C] () -- C:\Users\Princess Shantell\Documents\xid-208399_1.pdf
[2011/07/22 17:37:20 | 000,116,014 | ---- | C] () -- C:\Users\Princess Shantell\AppData\Roaming\shoot_1a.jpg
[2010/12/10 13:03:37 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/02/20 11:22:24 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/02/20 11:22:24 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/02/20 11:22:24 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/02/20 10:27:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/02/20 10:27:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/12/10 12:46:26 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Book Place
[2011/10/05 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\SoftGrid Client
[2010/12/10 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Tific
[2010/12/10 12:42:40 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Toshiba
[2010/12/10 13:05:56 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\TP
[2010/12/11 09:30:10 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\TuneUp Software
[2010/12/10 12:32:14 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\WinBatch
[2011/02/05 22:05:16 | 000,000,000 | ---D | M] -- C:\Users\Princess Shantell\AppData\Roaming\Windows Live Writer
[2011/10/08 12:59:14 | 000,032,646 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
OTL log looks good. You can uninstall the Toshiba program and see if you miss it. I doubt that it is anything important.

I think we are done with malware:


We need to cleanup System Restore:

Copy the following:


:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.) If you get a blocked program notification from Windows then change it to not start when windows does and just run it once a week or so.


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Ron thank you so much, I appreciate all the time you spent on this. Its working great now.
Dave
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP