Win32/patched Google redirect virus removal

Inactive
By Jason Miller
Aug 7, 2012
  1. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    New log from ComboFix

    We would like to see a ☆new log☆ from ComboFix. Please find the ComboFix icon on your Desktop, and double-click on it. Once it finishes running, post the new log.
  2. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    Here is the new ComboFix Log. Thanks again.

    ComboFix 12-08-22.03 - JASON 08/23/2012 17:14:23.4.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1638 [GMT -7:00]
    Running from: c:\users\JASON\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\regebaa.tmp
    c:\users\JASON\g2mdlhlpx.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-24 to 2012-08-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-24 00:30 . 2012-08-24 00:30--------d-----w-c:\users\Public\AppData\Local\temp
    2012-08-24 00:30 . 2012-08-24 00:30--------d-----w-c:\users\Default\AppData\Local\temp
    2012-08-22 05:52 . 2012-08-22 05:51289768----a-w-c:\windows\system32\javaws.exe
    2012-08-22 05:51 . 2012-08-22 05:51108008----a-w-c:\windows\system32\WindowsAccessBridge-64.dll
    2012-08-22 05:51 . 2012-08-22 05:51189416----a-w-c:\windows\system32\javaw.exe
    2012-08-22 05:51 . 2012-08-22 05:51188904----a-w-c:\windows\system32\java.exe
    2012-08-22 05:51 . 2012-08-22 05:51--------d-----w-c:\program files\Java
    2012-08-16 10:05 . 2012-08-16 10:05--------d-----w-c:\users\Default\AppData\Local\Microsoft Help
    2012-08-15 11:24 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
    2012-08-15 11:24 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
    2012-08-15 11:24 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
    2012-08-15 11:24 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
    2012-08-15 11:24 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
    2012-08-15 11:24 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
    2012-08-15 11:24 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2012-08-15 11:24 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2012-08-15 11:24 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2012-08-15 11:24 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2012-08-15 11:24 . 2012-07-18 18:153148800----a-w-c:\windows\system32\win32k.sys
    2012-08-15 11:24 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
    2012-08-14 18:31 . 2012-08-14 18:3335712----a-w-c:\windows\SysWow64\drivers\kxhaBH20.sys
    2012-08-14 18:31 . 2012-08-14 18:33--------d-----w-c:\program files\unhook
    2012-08-14 18:19 . 2012-08-14 18:2635712----a-w-c:\windows\SysWow64\drivers\JmUjk3Ai.sys
    2012-08-14 18:18 . 2012-08-14 18:2635712----a-w-c:\windows\SysWow64\drivers\sS43NcfQ.sys
    2012-08-12 04:31 . 2012-08-08 18:11460888----a-w-c:\windows\system32\drivers\72999610.sys
    2012-08-11 16:53 . 2012-08-11 16:53--------d-----w-c:\programdata\Kaspersky Lab
    2012-08-10 20:05 . 2012-08-10 20:050----a-w-c:\windows\SysWow64\sho2CEA.tmp
    2012-08-10 18:33 . 2012-08-10 18:330----a-w-c:\windows\SysWow64\sho26C6.tmp
    2012-08-10 00:11 . 2012-08-10 00:110----a-w-c:\windows\SysWow64\shoA071.tmp
    2012-08-07 02:29 . 2012-08-07 02:29--------d-----w-c:\users\JASON\AppData\Roaming\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28--------d-----w-c:\programdata\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-07 02:28 . 2012-07-03 20:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-22 05:51 . 2012-01-23 07:47916456----a-w-c:\windows\system32\deployJava1.dll
    2012-08-22 05:51 . 2012-01-23 07:471034216----a-w-c:\windows\system32\npdeployJava1.dll
    2012-08-16 10:00 . 2011-02-08 03:1162134624----a-w-c:\windows\system32\MRT.exe
    2012-08-01 22:46 . 2012-04-05 08:41426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-01 22:46 . 2011-05-18 18:0370344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-24 21:53 . 2012-07-24 21:530----a-w-c:\windows\SysWow64\sho8F12.tmp
    2012-07-16 19:35 . 2012-07-16 19:350----a-w-c:\windows\SysWow64\sho61F2.tmp
    2012-07-15 18:41 . 2012-07-15 18:410----a-w-c:\windows\SysWow64\sho1C27.tmp
    2012-07-08 05:24 . 2012-07-08 05:240----a-w-c:\windows\SysWow64\shoD2A7.tmp
    2012-06-16 16:12 . 2012-06-16 16:120----a-w-c:\windows\SysWow64\sho8934.tmp
    2012-06-09 05:43 . 2012-07-15 06:1214172672----a-w-c:\windows\system32\shell32.dll
    2012-06-06 15:49 . 2012-06-06 15:491070152----a-w-c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06 . 2012-07-15 06:122004480----a-w-c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-15 06:121881600----a-w-c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-15 06:111133568----a-w-c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-15 06:121390080----a-w-c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-15 06:121236992----a-w-c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-15 06:11805376----a-w-c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-22 07:2138424----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 07:222428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 07:2257880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 07:2244056----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 07:20186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-22 07:21701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 07:222622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 07:2036864----a-w-c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-22 07:2199840----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 05:50 . 2012-07-15 06:12458704----a-w-c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-15 06:1295600----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-15 06:12151920----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-15 06:12340992----a-w-c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-15 06:12307200----a-w-c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-15 06:1222016----a-w-c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-15 06:12225280----a-w-c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-15 06:12219136----a-w-c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-15 06:1296768----a-w-c:\windows\SysWow64\sspicli.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-20 . 58877D39A2D4E120CEE1EFF4DAD3D3FD . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-08-10_00.15.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-15 11:24 . 2012-07-04 21:1657344 c:\windows\SysWOW64\netapi32.dll
    + 2012-08-16 10:04 . 2012-06-29 00:0173216 c:\windows\SysWOW64\mshtmled.dll
    - 2012-07-15 18:37 . 2012-06-02 08:1773216 c:\windows\SysWOW64\mshtmled.dll
    - 2012-07-15 18:37 . 2012-06-02 08:2266048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    + 2012-08-16 10:04 . 2012-06-29 00:0666048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    + 2012-08-16 10:04 . 2012-06-29 00:0665024 c:\windows\SysWOW64\jsproxy.dll
    - 2012-07-15 18:37 . 2012-06-02 08:2165024 c:\windows\SysWOW64\jsproxy.dll
    - 2012-08-07 02:59 . 2012-08-07 02:5925094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2012-08-24 03:41 . 2012-08-24 03:4125094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-07-04 18:36 . 2012-08-09 23:0916384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-07-04 18:36 . 2012-08-24 00:1116384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-08-23 05:04 . 2012-08-23 05:0741472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC482F11-ECDF-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-18 15:47 . 2012-08-18 15:4833280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC1F5989-E94B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-22 05:41 . 2012-08-22 05:4830720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F873664B-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 05:05 . 2012-08-16 05:0612288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F218BCA0-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:05 . 2012-08-16 05:0612288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F218BC9F-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 15:37 . 2012-08-20 15:3765536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFEE9D7F-EADC-11E1-B291-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:0615360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7FD1207-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 04:42 . 2012-08-23 04:4829696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E671504C-ECDC-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 06:25 . 2012-08-20 06:2611776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2460DEA-EA8F-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 04:59 . 2012-08-14 05:0410240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0028F39-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-17 09:06 . 2012-08-17 09:0910240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DE5B547D-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 18:54 . 2012-08-10 18:5514848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDF9796F-E31C-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-14 07:58 . 2012-08-14 08:0493184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D94A1750-E5E5-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 07:22 . 2012-08-14 07:2729184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7DF4C10-E5E0-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 07:22 . 2012-08-14 07:2731744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7DF4C0E-E5E0-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:0615360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7B9EE8E-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:44 . 2012-08-10 19:4889600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D38552AE-E323-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-23 04:41 . 2012-08-23 04:4822016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3026BC0-ECDC-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 04:58 . 2012-08-15 05:0437376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D26B5E5E-E695-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:0615360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D103DD9E-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:0615360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D103DD9C-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 17:36 . 2012-08-21 17:3792160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD6F4331-EBB6-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-23 05:02 . 2012-08-23 05:0728672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CCB97A86-ECDF-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-13 07:59 . 2012-08-13 08:0131744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6487FDD-E51C-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 18:39 . 2012-08-10 18:4014848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C4F199A2-E31A-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-17 05:02 . 2012-08-17 05:0856832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C05356D8-E828-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 07:08 . 2012-08-13 07:1324576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB81EF6D-E515-11E1-84A5-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:2812800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B698D8DC-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 05:03 . 2012-08-16 05:0615360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B5799B87-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:2838400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0635CA5-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 05:03 . 2012-08-16 05:0622016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF20ECFA-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 20:09 . 2012-08-18 20:1019456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB00F5FE-E970-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-15 07:34 . 2012-08-15 07:3814848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A6AF537A-E6AB-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 05:55 . 2012-08-14 05:5738400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4A2EA64-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:0622016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A28C188E-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 07:08 . 2012-08-13 07:1311776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A1143905-E515-11E1-84A5-64315024E3AB}.dat
    + 2012-08-21 04:06 . 2012-08-21 04:0718944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A02CA918-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-19 04:44 . 2012-08-19 04:4721504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9AFF21B6-E9B8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 05:01 . 2012-08-17 05:0624064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97279204-E828-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:08 . 2012-08-12 23:1110240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{95E3631F-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-13 09:52 . 2012-08-13 09:5242496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8ED594CF-E52C-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 05:54 . 2012-08-14 05:5739936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B0FF47F-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:0639424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8ADDD821-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:0625600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8ADDD820-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:14 . 2012-08-10 19:1513824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{896CF68B-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-19 07:07 . 2012-08-19 07:1268096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85842197-E9CC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 01:22 . 2012-08-20 01:2251200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85192DD7-EA65-11E1-B291-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:0612800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8450BF98-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:1738400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{827060CA-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:1513824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81D13845-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-12 21:55 . 2012-08-12 21:5618944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78194822-E4C8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-21 02:03 . 2012-08-21 02:0427136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{746D75A4-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-19 04:43 . 2012-08-19 04:4766048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7434B0EF-E9B8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 08:04 . 2012-08-13 08:0531744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{72A264D0-E51D-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:01 . 2012-08-16 05:0612288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A32F214-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:01 . 2012-08-16 05:0615872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A32F212-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 11:07 . 2012-08-21 11:1478336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{68088BCA-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-10 19:12 . 2012-08-10 19:1514336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5D383EC6-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-21 04:04 . 2012-08-21 04:0548640 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5BAD2353-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-19 07:27 . 2012-08-19 07:2717408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{59D59468-E9CF-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 04:48 . 2012-08-20 04:4928672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5652FA5C-EA82-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 05:02 . 2012-08-14 05:0423040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4F00C704-E5CD-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:00 . 2012-08-16 05:0612800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4AFC0E39-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:00 . 2012-08-16 05:0612800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4AFC0E37-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-11 04:52 . 2012-08-11 04:5919968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{49EEB601-E370-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 08:06 . 2012-08-16 08:0796256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{478D4BEE-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 04:56 . 2012-08-13 05:0374240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{465AD5AC-E503-11E1-84A5-64315024E3AB}.dat
    + 2012-08-17 05:06 . 2012-08-17 05:0810752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40FBD23F-E829-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 00:10 . 2012-08-13 00:1428672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F74682D-E4DB-11E1-AA63-64315024E3AB}.dat
    + 2012-08-21 09:04 . 2012-08-21 09:0410240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3740E744-EB6F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-20 04:47 . 2012-08-20 04:4826624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3704DD73-EA82-11E1-B291-64315024E3AB}.dat
    + 2012-08-21 04:03 . 2012-08-21 04:0420992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34CE3510-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-10 19:11 . 2012-08-10 19:1512800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{31FBAC23-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-18 15:48 . 2012-08-18 15:5486528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B3E82E7-E94C-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 05:07 . 2012-08-21 05:0948640 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{27F76F68-EB4E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 09:08 . 2012-08-17 09:0810240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{250AF511-E84B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 04:45 . 2012-08-21 04:5116896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1344E621-EB4B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 05:05 . 2012-08-16 05:0612288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D8A9472-E760-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 15:47 . 2012-08-18 15:4821504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{075B2DAC-E94C-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 05:05 . 2012-08-16 05:0612288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{03420DAD-E760-11E1-8084-64315024E3AB}.dat
    + 2012-07-04 18:33 . 2012-08-23 11:0281920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-07-04 18:33 . 2012-08-09 23:0981920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2009-07-14 05:10 . 2012-08-24 03:4740292 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-07 03:46 . 2012-08-24 03:4714790 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4151112255-51104295-1799264657-1000_UserData.bin
    + 2011-09-05 17:04 . 2011-09-05 17:0437264 c:\windows\system32\spool\drivers\x64\3\ADREGP.DLL
    - 2010-10-26 01:13 . 2011-09-05 17:0437264 c:\windows\system32\spool\drivers\x64\3\ADREGP.DLL
    + 2011-09-05 17:04 . 2011-09-05 17:0424984 c:\windows\system32\spool\drivers\x64\3\AdobePDFUI.dll
    - 2010-10-26 01:13 . 2011-09-05 17:0424984 c:\windows\system32\spool\drivers\x64\3\AdobePDFUI.dll
    - 2010-10-26 01:13 . 2011-09-05 17:0553656 c:\windows\system32\spool\drivers\x64\3\AdobePdf.dll
    + 2011-09-05 17:05 . 2011-09-05 17:0553656 c:\windows\system32\spool\drivers\x64\3\AdobePdf.dll
    - 2012-07-15 18:37 . 2012-06-02 11:5796768 c:\windows\system32\mshtmled.dll
    + 2012-08-16 10:04 . 2012-06-29 03:4096768 c:\windows\system32\mshtmled.dll
    - 2012-07-15 18:37 . 2012-06-02 12:0386528 c:\windows\system32\migration\WininetPlugin.dll
    + 2012-08-16 10:04 . 2012-06-29 03:4686528 c:\windows\system32\migration\WininetPlugin.dll
    + 2012-08-16 10:04 . 2012-06-29 03:4585504 c:\windows\system32\jsproxy.dll
    - 2012-07-15 18:37 . 2012-06-02 12:0385504 c:\windows\system32\jsproxy.dll
    + 2009-07-14 05:30 . 2012-08-16 10:2286016 c:\windows\system32\DriverStore\infpub.dat
    - 2009-07-14 05:30 . 2012-07-24 21:4286016 c:\windows\system32\DriverStore\infpub.dat
    + 2011-07-12 23:32 . 2011-04-28 03:5480384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
    + 2009-07-14 00:06 . 2009-07-14 00:0641984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
    + 2011-02-07 04:31 . 2012-08-24 00:0816384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-07 04:31 . 2012-08-09 22:2116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-07 04:31 . 2012-08-24 00:0832768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-07 04:31 . 2012-08-09 22:2132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-24 00:0816384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-09 22:2116384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:46 . 2012-08-07 02:1794640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-07-14 04:46 . 2012-08-19 23:3094640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-02-20 04:46 . 2012-08-16 10:0534144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
    - 2011-02-20 04:46 . 2012-07-15 10:0634144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
    + 2011-02-20 04:46 . 2012-08-16 10:0543608 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
    - 2011-02-20 04:46 . 2012-07-15 10:0619296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-02-20 04:46 . 2012-08-16 10:0519296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
    + 2012-08-22 08:03 . 2012-08-23 05:093584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{CBD0FFEF-EC2F-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 05:09 . 2012-08-24 00:113584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{BACB6136-ECE0-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 05:09 . 2012-08-23 05:096656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{BACB6135-ECE0-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-24 00:11 . 2012-08-24 00:116144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{49EC3960-ED80-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 07:02 . 2012-08-20 07:075632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FA9FB2D2-EA94-11E1-B291-64315024E3AB}.dat
    + 2012-08-20 07:02 . 2012-08-20 07:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FA0C1D81-EA94-11E1-B291-64315024E3AB}.dat
    + 2012-08-22 05:41 . 2012-08-22 05:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F873664A-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 06:38 . 2012-08-16 06:395120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F6EDE423-E76C-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 03:02 . 2012-08-17 03:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F53A4D2D-E817-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 03:02 . 2012-08-17 03:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5201E09-E817-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-19 11:06 . 2012-08-19 11:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F51A7727-E9ED-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 14:29 . 2012-08-11 14:305120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5060DA4-E3C0-11E1-83B5-64315024E3AB}.dat
    + 2012-08-20 15:37 . 2012-08-20 15:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EFEE9D7E-EADC-11E1-B291-64315024E3AB}.dat
    + 2012-08-19 23:45 . 2012-08-19 23:465120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EF7D697C-EA57-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 16:04 . 2012-08-15 16:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EF36DB6C-E6F2-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 18:05 . 2012-08-16 18:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EE973283-E7CC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-23 00:17 . 2012-08-23 00:185120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EDA1B099-ECB7-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 22:30 . 2012-08-10 22:305120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EBFCAF34-E33A-11E1-83B5-64315024E3AB}.dat
    + 2012-08-19 23:45 . 2012-08-19 23:454608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E99A9562-EA57-11E1-B291-64315024E3AB}.dat
    + 2012-08-23 18:54 . 2012-08-23 18:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E8791CAA-ED53-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 07:07 . 2012-08-15 07:146144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E7B7F21B-E6A7-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 04:42 . 2012-08-23 04:485120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E671504B-ECDC-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-14 12:16 . 2012-08-14 12:175120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E232719D-E609-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 22:08 . 2012-08-16 22:085120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E1612DED-E7EE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 06:36 . 2012-08-17 06:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E086684D-E835-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 05:46 . 2012-08-17 05:495632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E0343BBF-E82E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 18:54 . 2012-08-10 18:544608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DDF9796E-E31C-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-21 07:07 . 2012-08-21 07:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DDE2DA7B-EB5E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 07:58 . 2012-08-14 08:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D94A174F-E5E5-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 04:07 . 2012-08-16 04:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D906B429-E757-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 02:18 . 2012-08-23 02:195120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D6AC76C6-ECC8-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-11 22:35 . 2012-08-11 22:353584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D6444550-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-20 04:45 . 2012-08-20 04:495632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D5777DEB-EA81-11E1-B291-64315024E3AB}.dat
    + 2012-08-18 20:03 . 2012-08-18 20:095120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D55BB180-E96F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 06:02 . 2012-08-21 06:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4B824A9-EB55-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-19 17:53 . 2012-08-19 17:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3DF2DBE-EA26-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-22 05:40 . 2012-08-22 05:403584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3894F52-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-23 04:41 . 2012-08-23 04:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3026BBF-ECDC-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-17 12:05 . 2012-08-17 12:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D2EFFE28-E863-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-15 04:58 . 2012-08-15 04:584608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D26B5E5D-E695-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 00:07 . 2012-08-13 00:104608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D0F18F05-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-21 17:36 . 2012-08-21 17:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CD6F4330-EBB6-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-22 05:39 . 2012-08-22 05:405120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB87CE87-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 23:57 . 2012-08-14 23:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C906DB62-E66B-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 01:05 . 2012-08-18 01:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C743650A-E8D0-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 15:14 . 2012-08-20 15:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C6CBABF0-EAD9-11E1-B291-64315024E3AB}.dat
    + 2012-08-13 18:14 . 2012-08-13 18:155120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5FDCFAD-E572-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 19:02 . 2012-08-15 19:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5EA8F63-E70B-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 09:03 . 2012-08-19 09:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C547E62C-E9DC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 18:39 . 2012-08-10 18:404608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C4F199A1-E31A-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-15 08:32 . 2012-08-15 08:335120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C3738091-E6B3-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 23:35 . 2012-08-20 23:355120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C3648E6C-EB1F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 03:42 . 2012-08-12 03:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BF5F0DDC-E42F-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 02:11 . 2012-08-16 02:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BB2B54E0-E747-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 07:11 . 2012-08-17 07:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B989C83E-E83A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 16:12 . 2012-08-13 16:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B91F4737-E561-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 06:53 . 2012-08-20 06:534608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B91BF00F-EA93-11E1-B291-64315024E3AB}.dat
    + 2012-08-11 07:03 . 2012-08-11 07:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B8FE51D3-E382-11E1-83B5-64315024E3AB}.dat
  3. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    + 2012-08-16 08:02 . 2012-08-16 08:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B791D8D9-E778-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 13:56 . 2012-08-19 13:575120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B627054F-EA05-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 01:03 . 2012-08-13 01:095120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B60A283C-E4E2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-16 04:06 . 2012-08-16 04:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B59F4691-E757-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 01:52 . 2012-08-14 01:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B524E97B-E5B2-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 09:03 . 2012-08-13 09:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B4FD4724-E525-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 09:30 . 2012-08-20 09:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B4C38EB4-EAA9-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 14:37 . 2012-08-15 14:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B347366D-E6E6-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:07 . 2012-08-10 19:158192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B1E2E688-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:286656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B0635CA4-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 18:14 . 2012-08-13 18:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B05F7053-E572-11E1-84A5-64315024E3AB}.dat
    + 2012-08-11 07:25 . 2012-08-11 07:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE887BE9-E385-11E1-83B5-64315024E3AB}.dat
    + 2012-08-14 01:52 . 2012-08-14 01:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ADF4E1C8-E5B2-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 23:10 . 2012-08-23 23:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ADDEFAD1-ED77-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 02:12 . 2012-08-15 02:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD05DDF8-E67E-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 03:18 . 2012-08-20 03:185120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ACE75F8A-EA75-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 07:21 . 2012-08-14 07:275120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB7300F2-E5E0-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 21:34 . 2012-08-13 21:355120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AABB3CB6-E58E-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 01:40 . 2012-08-12 01:405120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A9976AE9-E41E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-11 16:29 . 2012-08-11 16:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A7B32D08-E3D1-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 23:36 . 2012-08-13 23:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A7496527-E59F-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 22:29 . 2012-08-15 22:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A655CBBA-E728-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 21:34 . 2012-08-13 21:355120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A620F38F-E58E-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 06:58 . 2012-08-15 06:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A5324001-E6A6-11E1-8084-64315024E3AB}.dat
    + 2012-08-12 03:41 . 2012-08-12 03:413584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A49298E9-E42F-11E1-83B5-64315024E3AB}.dat
    + 2012-08-14 07:07 . 2012-08-14 07:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4719944-E5DE-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 19:01 . 2012-08-15 19:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A2A36A9B-E70B-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 04:06 . 2012-08-21 04:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A02CA917-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 21:16 . 2012-08-16 21:163584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9CB7903F-E7E7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-18 15:44 . 2012-08-18 15:474608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9B1039C9-E94B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 10:47 . 2012-08-21 10:485120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9B0C30FB-EB7D-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 22:25 . 2012-08-12 22:254608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9AFD112D-E4CC-11E1-AA63-64315024E3AB}.dat
    + 2012-08-16 02:10 . 2012-08-16 02:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9A4B0793-E747-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 14:28 . 2012-08-16 14:285120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{985D2CA8-E7AE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 05:01 . 2012-08-17 05:064608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{97DEDBF9-E828-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 02:04 . 2012-08-21 02:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{97BCAB89-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-23 16:42 . 2012-08-23 16:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9765CF14-ED41-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-17 05:01 . 2012-08-17 05:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{97279203-E828-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 19:42 . 2012-08-10 19:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{96996773-E323-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-16 14:28 . 2012-08-16 14:285120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{965FC62D-E7AE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-23 06:05 . 2012-08-23 06:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{953B0E88-ECE8-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 02:04 . 2012-08-21 02:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{94E1E514-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 22:37 . 2012-08-14 22:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93B059E8-E660-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 02:02 . 2012-08-17 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9326D93C-E80F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 02:02 . 2012-08-17 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{930CAA18-E80F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 13:29 . 2012-08-11 13:305120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92C57584-E3B8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 01:57 . 2012-08-15 01:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9097305A-E67C-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 00:05 . 2012-08-13 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8EDC3B59-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-13 09:52 . 2012-08-13 09:525120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8ED594CE-E52C-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 15:31 . 2012-08-23 15:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8B303988-ED37-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 04:13 . 2012-08-15 04:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{884811E0-E68F-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 19:09 . 2012-08-14 19:094608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{882F2F65-E643-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 00:05 . 2012-08-13 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{87AE9506-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-14 04:57 . 2012-08-14 05:025632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{87284517-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-19 07:07 . 2012-08-19 07:114608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{85842196-E9CC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 14:58 . 2012-08-14 14:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{85413DED-E620-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 07:03 . 2012-08-22 07:095632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{83D4DF53-EC27-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-12 23:57 . 2012-08-13 00:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{833782C2-E4D9-11E1-AA63-64315024E3AB}.dat
    + 2012-08-15 10:32 . 2012-08-15 10:325120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8300DB52-E6C4-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 09:04 . 2012-08-17 09:087168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8278BE84-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 10:02 . 2012-08-16 10:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7F784023-E789-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 20:13 . 2012-08-14 20:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7F4401CC-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 05:00 . 2012-08-23 05:044608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7EAACF18-ECDF-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-13 07:57 . 2012-08-13 07:594608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7E674B5E-E51C-11E1-84A5-64315024E3AB}.dat
    + 2012-08-19 22:44 . 2012-08-19 22:455120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D2B1804-EA4F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:07 . 2012-08-12 23:073584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C77CA5C-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-14 17:00 . 2012-08-14 17:005120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B57E3A1-E631-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 20:13 . 2012-08-14 20:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B35C5EA-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 01:22 . 2012-08-20 01:225120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A6B238B-EA65-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 15:04 . 2012-08-15 15:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{79E41CFF-E6EA-11E1-8084-64315024E3AB}.dat
    + 2012-08-12 21:55 . 2012-08-12 21:565120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78194821-E4C8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-23 10:36 . 2012-08-23 10:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{75729A06-ED0E-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 02:03 . 2012-08-21 02:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{746D75A3-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-22 09:19 . 2012-08-22 09:194608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73BB1115-EC3A-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 23:53 . 2012-08-21 23:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73471294-EBEB-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 05:02 . 2012-08-21 05:095120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{704769B2-EB4D-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 22:38 . 2012-08-12 22:384608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6EFDEE40-E4CE-11E1-AA63-64315024E3AB}.dat
    + 2012-08-13 18:55 . 2012-08-13 18:555120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6D2E6070-E578-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 19:55 . 2012-08-23 19:555120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6B4B93FC-ED5C-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 01:18 . 2012-08-23 01:185120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{69B0D051-ECC0-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 11:07 . 2012-08-21 11:145632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{68088BC9-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-20 06:22 . 2012-08-20 06:265120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{62D945FC-EA8F-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 12:41 . 2012-08-14 12:415120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61331522-E60D-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 14:40 . 2012-08-22 14:415120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{60A152C8-EC67-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 19:12 . 2012-08-10 19:174608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5F63B26C-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-18 00:05 . 2012-08-18 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5ECCFD98-E8C8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 20:17 . 2012-08-16 20:173584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E99B36C-E7DF-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 02:03 . 2012-08-21 02:034608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5D3D2EF0-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 05:53 . 2012-08-14 05:575632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5C5E6BE2-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-21 04:04 . 2012-08-21 04:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5BAD2352-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-13 07:06 . 2012-08-13 07:124608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5B5DD4A6-E515-11E1-84A5-64315024E3AB}.dat
    + 2012-08-21 17:33 . 2012-08-21 17:335120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5ACF15D5-EBB6-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-15 07:32 . 2012-08-15 07:344608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5A6CEF7C-E6AB-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 07:27 . 2012-08-19 07:274608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{59D59467-E9CF-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 04:02 . 2012-08-17 04:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{58A11C41-E820-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 15:12 . 2012-08-13 15:124608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5370EC57-E559-11E1-84A5-64315024E3AB}.dat
    + 2012-08-17 05:35 . 2012-08-17 05:354608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5367728B-E82D-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 19:11 . 2012-08-17 19:114608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{523C7974-E89F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 00:48 . 2012-08-11 00:495120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5234A066-E34E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-11 23:43 . 2012-08-11 23:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{506E015A-E40E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-19 16:52 . 2012-08-19 16:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{50699A5F-EA1E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 22:31 . 2012-08-11 22:313584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4F824929-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 21:21 . 2012-08-16 21:215120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4F3F5CCE-E7E8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 21:21 . 2012-08-16 21:225120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4F0253C8-E7E8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 07:03 . 2012-08-21 07:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E732F57-EB5E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-11 04:52 . 2012-08-11 04:524608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{49EEB600-E370-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 09:33 . 2012-08-15 09:345120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4974A3A7-E6BC-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 02:05 . 2012-08-19 02:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{485E00EE-E9A2-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-15 13:15 . 2012-08-15 13:165120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4832E999-E6DB-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 04:56 . 2012-08-13 04:575632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{465AD5AB-E503-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 06:11 . 2012-08-22 06:175120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{422E0014-EC20-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 09:33 . 2012-08-15 09:345632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{418D51FF-E6BC-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 20:34 . 2012-08-13 20:345120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4009FD7D-E586-11E1-84A5-64315024E3AB}.dat
    + 2012-08-11 22:31 . 2012-08-11 22:313584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F971558-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 22:35 . 2012-08-13 22:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F0702CD-E597-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 21:54 . 2012-08-12 21:543584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F013A85-E4C8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 17:13 . 2012-08-13 17:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3CE9E2CB-E56A-11E1-84A5-64315024E3AB}.dat
    + 2012-08-11 22:31 . 2012-08-11 22:314608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3C8A51FB-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-20 05:45 . 2012-08-20 05:465120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{39FDF26D-EA8A-11E1-B291-64315024E3AB}.dat
    + 2012-08-18 17:57 . 2012-08-18 17:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{39B01376-E95E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 12:05 . 2012-08-13 12:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{398BF9F2-E53F-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 03:01 . 2012-08-13 03:024608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{398B4C78-E4F3-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 20:51 . 2012-08-10 20:524608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{398B40F5-E32D-11E1-83B5-64315024E3AB}.dat
    + 2012-08-19 04:42 . 2012-08-19 04:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{38A2869C-E9B8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 09:04 . 2012-08-21 09:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3740E743-EB6F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-22 09:03 . 2012-08-22 09:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{36D501BF-EC38-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 19:26 . 2012-08-10 19:265120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{36BFC681-E321-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-14 07:54 . 2012-08-14 07:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{36B79C3C-E5E5-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 05:58 . 2012-08-15 05:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{36217FAB-E69E-11E1-8084-64315024E3AB}.dat
    + 2012-08-22 22:03 . 2012-08-22 22:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34EAE3A0-ECA5-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 04:03 . 2012-08-21 04:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34CE350F-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 00:12 . 2012-08-17 00:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{340F60CE-E800-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 20:11 . 2012-08-14 20:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{33D73581-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 21:28 . 2012-08-15 21:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{31A5C77B-E720-11E1-8084-64315024E3AB}.dat
    + 2012-08-24 00:11 . 2012-08-24 00:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{30A62E59-ED80-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 08:11 . 2012-08-23 08:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{30588ABB-ECFA-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 00:57 . 2012-08-15 00:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2CB144AB-E674-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 05:17 . 2012-08-19 05:225120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2BEDA037-E9BD-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 11:11 . 2012-08-16 11:124608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2B797EAA-E793-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-18 15:48 . 2012-08-18 15:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2B3E82E6-E94C-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 20:52 . 2012-08-21 20:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{277938F2-EBD2-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 03:12 . 2012-08-16 03:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{26DC8B48-E750-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 02:52 . 2012-08-14 02:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{26298ACA-E5BB-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 22:09 . 2012-08-23 22:095120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{24ACC165-ED6F-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 01:25 . 2012-08-21 01:265120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{243D1A28-EB2F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-11 12:29 . 2012-08-11 12:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{23FBF766-E3B0-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 03:13 . 2012-08-15 03:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2362A268-E687-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 03:46 . 2012-08-23 03:475120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{22821DC2-ECD5-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 04:09 . 2012-08-16 04:095120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{22438250-E758-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 21:40 . 2012-08-17 21:405120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2241DE70-E8B4-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 02:52 . 2012-08-14 02:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{21B2F647-E5BB-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 04:59 . 2012-08-16 05:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{219299B8-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 01:10 . 2012-08-16 01:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1F893F6F-E73F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 04:59 . 2012-08-16 05:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1E284547-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 09:02 . 2012-08-16 09:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1CFDCF2D-E781-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 21:44 . 2012-08-19 21:455120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1AF84192-EA47-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:04 . 2012-08-12 23:116656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1A1A94B1-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-16 15:29 . 2012-08-16 15:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19F3A21C-E7B7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 15:29 . 2012-08-16 15:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19E09719-E7B7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 03:05 . 2012-08-21 03:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19A322DA-EB3D-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-22 10:49 . 2012-08-22 10:505120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1984B160-EC47-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-22 02:43 . 2012-08-22 02:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1850F51E-EC03-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-20 10:30 . 2012-08-20 10:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16E79650-EAB2-11E1-B291-64315024E3AB}.dat
    + 2012-08-12 02:40 . 2012-08-12 02:415120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{143F339D-E427-11E1-83B5-64315024E3AB}.dat
    + 2012-08-10 19:25 . 2012-08-10 19:255120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13F207E7-E321-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-21 04:45 . 2012-08-21 04:515120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1344E620-EB4B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-11 08:10 . 2012-08-11 08:175120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{131B4C2E-E38C-11E1-83B5-64315024E3AB}.dat
    + 2012-08-18 02:26 . 2012-08-18 02:265120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1280EFC5-E8DC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 13:58 . 2012-08-14 13:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1243F8E4-E618-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 21:57 . 2012-08-20 21:574608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1159C06D-EB12-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 15:15 . 2012-08-21 15:165120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{10AFAF7E-EBA3-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 13:56 . 2012-08-21 13:575120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0F5CB119-EB98-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 13:27 . 2012-08-16 13:275120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0F116272-E7A6-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 20:10 . 2012-08-14 20:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E568282-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 08:01 . 2012-08-13 08:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E4D5878-E51D-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 04:53 . 2012-08-14 04:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E4502E7-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 20:36 . 2012-08-22 20:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0D657772-EC99-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-14 00:50 . 2012-08-14 00:515120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{093176AF-E5AA-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 07:22 . 2012-08-15 07:265120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{039D2A91-E6AA-11E1-8084-64315024E3AB}.dat
    + 2012-08-11 07:05 . 2012-08-11 07:107168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FF68AE8C-E382-11E1-83B5-64315024E3AB}.dat
    + 2012-08-18 20:04 . 2012-08-18 20:056144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC049B81-E96F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 07:02 . 2012-08-20 07:024096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA0C1D82-EA94-11E1-B291-64315024E3AB}.dat
    + 2012-08-19 07:10 . 2012-08-19 07:105632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9668CBB-E9CC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 19:09 . 2012-08-10 19:157168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F8E0E063-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-22 07:07 . 2012-08-22 07:106144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F7BC2A55-EC27-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 06:38 . 2012-08-16 06:396144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F6EDE424-E76C-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 23:45 . 2012-08-19 23:456144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F59816AA-EA57-11E1-B291-64315024E3AB}.dat
    + 2012-08-17 03:02 . 2012-08-17 03:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F53A4D2E-E817-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 03:02 . 2012-08-17 03:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F5201E0A-E817-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-19 11:06 . 2012-08-19 11:076656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F51A7728-E9ED-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 14:29 . 2012-08-11 14:305120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F5060DA5-E3C0-11E1-83B5-64315024E3AB}.dat
    + 2012-08-21 11:11 . 2012-08-21 11:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F3DF0805-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 23:10 . 2012-08-12 23:116656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0D33F20-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-12 23:10 . 2012-08-12 23:105632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0D33F1F-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-10 19:09 . 2012-08-10 19:098192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F06DAAB8-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:09 . 2012-08-10 19:157168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F06DAAB6-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-19 23:45 . 2012-08-19 23:465120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF7D697D-EA57-11E1-B291-64315024E3AB}.dat
  4. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    + 2012-08-15 16:04 . 2012-08-15 16:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF36DB6D-E6F2-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 18:05 . 2012-08-16 18:054096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EE973284-E7CC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-23 00:17 . 2012-08-23 00:186144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EDA1B09A-ECB7-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-17 09:07 . 2012-08-17 09:087680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ECB713D1-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 09:07 . 2012-08-17 09:089216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ECB713D0-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 22:30 . 2012-08-10 22:304608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EBFCAF35-E33A-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 07:10 . 2012-08-13 07:105632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EA4C2F62-E515-11E1-84A5-64315024E3AB}.dat
    + 2012-08-19 23:45 . 2012-08-19 23:456144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E99A9563-EA57-11E1-B291-64315024E3AB}.dat
    + 2012-08-23 18:54 . 2012-08-23 18:546656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E8791CAB-ED53-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:044096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7FD1206-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:044096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7FD1204-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:16 . 2012-08-10 19:165632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E782EAA7-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-21 11:11 . 2012-08-21 11:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2E8BDF0-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 12:16 . 2012-08-14 12:176144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E232719E-E609-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 22:08 . 2012-08-16 22:085632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1612DEE-E7EE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 06:36 . 2012-08-17 06:364608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E086684E-E835-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:10 . 2012-08-12 23:104096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E07232F6-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-11 07:05 . 2012-08-11 07:056656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DE97C5B0-E382-11E1-83B5-64315024E3AB}.dat
    + 2012-08-21 07:07 . 2012-08-21 07:074608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDE2DA7C-EB5E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-15 07:14 . 2012-08-15 07:146144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBB63F25-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 07:14 . 2012-08-15 07:146656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBB63F1E-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 04:07 . 2012-08-16 04:074608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D906B42A-E757-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 08:03 . 2012-08-16 08:067168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D70109E3-E778-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 02:18 . 2012-08-23 02:195632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6AC76C7-ECC8-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-11 22:35 . 2012-08-11 22:354608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6444551-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-22 05:40 . 2012-08-22 05:404608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D58B7889-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 06:02 . 2012-08-21 06:036656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4B824AA-EB55-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-15 07:14 . 2012-08-15 07:146656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D49CD222-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:08 . 2012-08-10 19:156144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D44CAB54-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-12 23:09 . 2012-08-12 23:116656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D402ACDD-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-19 17:53 . 2012-08-19 17:546656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3DF2DBF-EA26-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-22 05:40 . 2012-08-22 05:404608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3894F53-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 12:05 . 2012-08-17 12:054608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D2EFFE29-E863-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 09:06 . 2012-08-17 09:089216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D2BFF7FE-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 09:06 . 2012-08-17 09:087680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D2BFF7FD-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 18:40 . 2012-08-10 18:406144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D220F8DF-E31A-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:044096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D103DD9F-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 11:10 . 2012-08-21 11:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D048BA3E-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 23:57 . 2012-08-14 23:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C906DB63-E66B-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 01:05 . 2012-08-18 01:065632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C743650B-E8D0-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 15:14 . 2012-08-20 15:147680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6CBABF1-EAD9-11E1-B291-64315024E3AB}.dat
    + 2012-08-13 18:14 . 2012-08-13 18:155120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C5FDCFAE-E572-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 19:02 . 2012-08-15 19:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C5EA8F64-E70B-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 09:03 . 2012-08-19 09:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C547E62D-E9DC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-15 08:32 . 2012-08-15 08:335120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3738092-E6B3-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 23:35 . 2012-08-20 23:357680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3648E6D-EB1F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 03:42 . 2012-08-12 03:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BF5F0DDD-E42F-11E1-83B5-64315024E3AB}.dat
    + 2012-08-14 05:56 . 2012-08-14 05:567680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BDCCC827-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 05:56 . 2012-08-14 05:567680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BDCCC826-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 02:11 . 2012-08-16 02:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB2B54E1-E747-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 07:13 . 2012-08-15 07:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BA20CCEB-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 07:11 . 2012-08-17 07:114608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B989C83F-E83A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 16:12 . 2012-08-13 16:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B91F4738-E561-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 06:53 . 2012-08-20 06:538704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B91BF010-EA93-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 04:58 . 2012-08-14 04:584608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B79D718E-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:283584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B698D8E0-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:284096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B698D8DB-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-19 13:56 . 2012-08-19 13:575632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B6270550-EA05-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 04:06 . 2012-08-16 04:064608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B59F4692-E757-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 01:52 . 2012-08-14 01:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B524E97C-E5B2-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 09:03 . 2012-08-13 09:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B4FD4725-E525-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 09:30 . 2012-08-20 09:316656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B4C38EB5-EAA9-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 14:37 . 2012-08-15 14:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B347366E-E6E6-11E1-8084-64315024E3AB}.dat
    + 2012-08-11 07:11 . 2012-08-11 07:116144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0F7D424-E383-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 07:13 . 2012-08-15 07:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0ED038D-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:288192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0635CA7-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 18:14 . 2012-08-13 18:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B05F7054-E572-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:03 . 2012-08-16 05:034096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF20ECF9-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 09:05 . 2012-08-17 09:058704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE262D44-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 09:05 . 2012-08-17 09:087168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE262D43-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 01:52 . 2012-08-14 01:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADF4E1C9-E5B2-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 23:10 . 2012-08-23 23:106656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADDEFAD2-ED77-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 02:12 . 2012-08-15 02:124608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AD05DDF9-E67E-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 03:18 . 2012-08-20 03:186656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ACE75F8B-EA75-11E1-B291-64315024E3AB}.dat
    + 2012-08-18 20:09 . 2012-08-18 20:095632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB00F5FC-E970-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 21:34 . 2012-08-13 21:355120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AABB3CB7-E58E-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 01:40 . 2012-08-12 01:405120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A9976AEA-E41E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-11 16:29 . 2012-08-11 16:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7B32D09-E3D1-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 23:36 . 2012-08-13 23:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7496528-E59F-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 22:29 . 2012-08-15 22:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A655CBBB-E728-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 21:34 . 2012-08-13 21:354608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A620F390-E58E-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 19:14 . 2012-08-10 19:145632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5FFEF99-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:14 . 2012-08-10 19:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5FFEF98-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:14 . 2012-08-10 19:145632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5FFEF96-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:024096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5BD5BA1-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 06:58 . 2012-08-15 06:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5324002-E6A6-11E1-8084-64315024E3AB}.dat
    + 2012-08-12 03:41 . 2012-08-12 03:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A49298EA-E42F-11E1-83B5-64315024E3AB}.dat
    + 2012-08-14 07:07 . 2012-08-14 07:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4719945-E5DE-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 19:01 . 2012-08-15 19:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A2A36A9C-E70B-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 21:16 . 2012-08-16 21:164608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9CB79040-E7E7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 10:47 . 2012-08-21 10:485120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9B0C30FC-EB7D-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 22:25 . 2012-08-12 22:256144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9AFD112F-E4CC-11E1-AA63-64315024E3AB}.dat
    + 2012-08-12 22:25 . 2012-08-12 22:259728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9AFD112E-E4CC-11E1-AA63-64315024E3AB}.dat
    + 2012-08-16 02:10 . 2012-08-16 02:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9A4B0794-E747-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 14:28 . 2012-08-16 14:286144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{985D2CA9-E7AE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 02:04 . 2012-08-21 02:056144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97BCAB8A-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-23 16:42 . 2012-08-23 16:436144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9765CF15-ED41-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 14:28 . 2012-08-16 14:285120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{965FC62E-E7AE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 11:08 . 2012-08-21 11:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{96559FF2-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-23 06:05 . 2012-08-23 06:066656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{953B0E89-ECE8-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 19:14 . 2012-08-10 19:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{95187FE9-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-21 02:04 . 2012-08-21 02:046656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94E1E515-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 19:09 . 2012-08-14 19:096144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{942DDE81-E643-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 22:37 . 2012-08-14 22:374608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93B059E9-E660-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 02:02 . 2012-08-17 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9326D93D-E80F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 02:02 . 2012-08-17 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{930CAA19-E80F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-18 20:09 . 2012-08-18 20:095632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{92D32F2A-E970-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 13:29 . 2012-08-11 13:305120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{92C57585-E3B8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 01:57 . 2012-08-15 01:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9097305B-E67C-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 00:05 . 2012-08-13 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8EDC3B5A-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-15 07:12 . 2012-08-15 07:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8DC5C7E7-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 15:31 . 2012-08-23 15:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B303989-ED37-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-14 05:54 . 2012-08-14 05:547680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B0FF482-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 05:54 . 2012-08-14 05:547680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B0FF480-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{896CF68A-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-15 04:13 . 2012-08-15 04:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{884811E1-E68F-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 19:09 . 2012-08-14 19:096144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{882F2F66-E643-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 00:05 . 2012-08-13 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87AE9507-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-14 14:58 . 2012-08-14 14:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85413DEE-E620-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 23:57 . 2012-08-13 00:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{833782C3-E4D9-11E1-AA63-64315024E3AB}.dat
    + 2012-08-15 10:32 . 2012-08-15 10:324608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8300DB53-E6C4-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81D13847-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-16 10:02 . 2012-08-16 10:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7F784024-E789-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 20:13 . 2012-08-14 20:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7F4401CD-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 22:44 . 2012-08-19 22:457168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D2B1805-EA4F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:07 . 2012-08-12 23:074608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C77CA5D-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-14 17:00 . 2012-08-14 17:005120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B57E3A2-E631-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 20:13 . 2012-08-14 20:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B35C5EB-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-22 09:19 . 2012-08-22 09:195120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B1D8AFB-EC3A-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 01:22 . 2012-08-20 01:226656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A6B238D-EA65-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 15:04 . 2012-08-15 15:044608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{79E41D00-E6EA-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:01 . 2012-08-16 05:015120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7949B748-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 10:36 . 2012-08-23 10:376656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{75729A07-ED0E-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 23:53 . 2012-08-21 23:546656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73471295-EBEB-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:137168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{731ECC2E-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-13 04:57 . 2012-08-13 04:574608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70A5AD15-E503-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 22:38 . 2012-08-12 22:384096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6EFDEE41-E4CE-11E1-AA63-64315024E3AB}.dat
    + 2012-08-13 18:55 . 2012-08-13 18:554096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D2E6071-E578-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 08:07 . 2012-08-16 08:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B664DFC-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 19:55 . 2012-08-23 19:556656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B4B93FD-ED5C-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 01:18 . 2012-08-23 01:186656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{69B0D052-ECC0-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:137168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{678C496E-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:136144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{678C496D-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-15 07:11 . 2012-08-15 07:116144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{65BE009A-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 12:41 . 2012-08-14 12:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{61331523-E60D-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 14:40 . 2012-08-22 14:415632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{60A152C9-EC67-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-17 05:49 . 2012-08-17 05:506656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6026325B-E82F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 19:12 . 2012-08-10 19:175120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5F63B26D-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-18 00:05 . 2012-08-18 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5ECCFD99-E8C8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 20:17 . 2012-08-16 20:174608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E99B36D-E7DF-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-15 09:34 . 2012-08-15 09:344096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E275AC0-E6BC-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 02:03 . 2012-08-21 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5D3D2EF2-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 02:03 . 2012-08-21 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5D3D2EF1-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-13 15:12 . 2012-08-13 15:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B7D4A65-E559-11E1-84A5-64315024E3AB}.dat
    + 2012-08-21 17:33 . 2012-08-21 17:337168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5ACF15D6-EBB6-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 04:02 . 2012-08-17 04:024608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{58A11C42-E820-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 04:48 . 2012-08-20 04:484096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5652FA5E-EA82-11E1-B291-64315024E3AB}.dat
    + 2012-08-20 07:04 . 2012-08-20 07:077168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{56315659-EA95-11E1-B291-64315024E3AB}.dat
    + 2012-08-13 15:12 . 2012-08-13 15:139216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5370EC58-E559-11E1-84A5-64315024E3AB}.dat
    + 2012-08-21 11:14 . 2012-08-21 11:145632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{524AD9DE-EB81-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 19:11 . 2012-08-17 19:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{523C7976-E89F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 00:48 . 2012-08-11 00:495120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5234A067-E34E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-12 23:06 . 2012-08-12 23:066144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{508A6A35-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-12 23:06 . 2012-08-12 23:066144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{508A6A34-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-11 23:43 . 2012-08-11 23:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{506E015B-E40E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-19 16:52 . 2012-08-19 16:534096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{50699A60-EA1E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 22:31 . 2012-08-11 22:323584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4F82492A-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 21:21 . 2012-08-16 21:215120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4F3F5CCF-E7E8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 21:21 . 2012-08-16 21:215120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4F0253C9-E7E8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 07:03 . 2012-08-21 07:045632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4E732F58-EB5E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-11 22:31 . 2012-08-11 22:314608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4BFC1F9F-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 07:12 . 2012-08-13 07:137168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4B968F7C-E516-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 07:10 . 2012-08-15 07:108192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4B095E5F-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 09:33 . 2012-08-15 09:345120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4974A3A8-E6BC-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 02:05 . 2012-08-19 02:056656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{485E00EF-E9A2-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-18 17:58 . 2012-08-18 17:583584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4849C094-E95E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 19:12 . 2012-08-10 19:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4836BD89-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-15 13:15 . 2012-08-15 13:165120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4832E99A-E6DB-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 08:06 . 2012-08-16 08:068192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{478D4BF0-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 08:06 . 2012-08-16 08:066656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{478D4BEC-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-22 07:09 . 2012-08-22 07:095632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{441AD1D4-EC28-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 07:04 . 2012-08-20 07:089728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41C8BBF9-EA95-11E1-B291-64315024E3AB}.dat
    + 2012-08-13 03:02 . 2012-08-13 03:024608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{419D76E1-E4F3-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 19:12 . 2012-08-10 19:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40626243-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:11 . 2012-08-10 19:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40626242-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:11 . 2012-08-10 19:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40626240-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-13 20:34 . 2012-08-13 20:345120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4009FD7E-E586-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 22:35 . 2012-08-13 22:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F0702CE-E597-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 21:54 . 2012-08-12 21:544608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F013A86-E4C8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-21 11:13 . 2012-08-21 11:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3E7F1E0A-EB81-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-13 17:13 . 2012-08-13 17:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3CE9E2CC-E56A-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 23:05 . 2012-08-12 23:056656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3AF74D8C-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-20 05:45 . 2012-08-20 05:466656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39FDF26E-EA8A-11E1-B291-64315024E3AB}.dat
    + 2012-08-13 12:05 . 2012-08-13 12:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{398BF9F3-E53F-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 03:01 . 2012-08-13 03:014096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{398B4C79-E4F3-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 20:52 . 2012-08-10 20:526144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{398B40F7-E32D-11E1-83B5-64315024E3AB}.dat
    + 2012-08-10 20:51 . 2012-08-10 20:528704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{398B40F6-E32D-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 11:12 . 2012-08-16 11:124608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3781B347-E793-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-22 09:03 . 2012-08-22 09:045632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36D501C0-EC38-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 07:09 . 2012-08-15 07:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36D198B7-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:26 . 2012-08-10 19:264608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36BFC682-E321-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-14 07:54 . 2012-08-14 07:544608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36B79C3D-E5E5-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 08:06 . 2012-08-16 08:066656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36A42168-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 05:58 . 2012-08-15 05:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36217FAC-E69E-11E1-8084-64315024E3AB}.dat
    + 2012-08-22 22:03 . 2012-08-22 22:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34EAE3A1-ECA5-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-17 00:12 . 2012-08-17 00:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{340F60CF-E800-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 20:11 . 2012-08-14 20:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33D73582-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 21:28 . 2012-08-15 21:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{31A5C77C-E720-11E1-8084-64315024E3AB}.dat
    + 2012-08-24 00:11 . 2012-08-24 00:116656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{30A62E5A-ED80-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 08:11 . 2012-08-23 08:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{30588ABC-ECFA-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-13 07:12 . 2012-08-13 07:126656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2D5CB0F0-E516-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 07:12 . 2012-08-13 07:125632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2D5CB0EF-E516-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 00:57 . 2012-08-15 00:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2CB144AC-E674-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 11:11 . 2012-08-16 11:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B797EAB-E793-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 20:52 . 2012-08-21 20:536656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{277938F3-EBD2-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 03:12 . 2012-08-16 03:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{26DC8B49-E750-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 02:52 . 2012-08-14 02:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{26298ACB-E5BB-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 22:09 . 2012-08-23 22:096656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24ACC166-ED6F-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 01:25 . 2012-08-21 01:266144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{243D1A29-EB2F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-11 12:29 . 2012-08-11 12:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{23FBF767-E3B0-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 03:13 . 2012-08-15 03:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2362A269-E687-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 03:46 . 2012-08-23 03:476656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22821DC3-ECD5-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 04:09 . 2012-08-16 04:093584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22438251-E758-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 21:40 . 2012-08-17 21:405120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2241DE71-E8B4-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 02:52 . 2012-08-14 02:534608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21B2F648-E5BB-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 01:10 . 2012-08-16 01:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1F893F70-E73F-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 07:11 . 2012-08-13 07:116656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1EECCD11-E516-11E1-84A5-64315024E3AB}.dat
  5. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    + 2012-08-16 09:02 . 2012-08-16 09:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1CFDCF2E-E781-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 07:03 . 2012-08-20 07:077680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1C021DEF-EA95-11E1-B291-64315024E3AB}.dat
    + 2012-08-19 07:11 . 2012-08-19 07:115632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B7995E5-E9CD-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-19 21:44 . 2012-08-19 21:456656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AF84193-EA47-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 11:12 . 2012-08-21 11:125632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AE0DF98-EB81-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 11:12 . 2012-08-21 11:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AE0DF97-EB81-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-10 19:10 . 2012-08-10 19:156144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AB505BB-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-20 21:57 . 2012-08-20 21:584608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A7DA915-EB12-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 23:04 . 2012-08-12 23:117680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A1A94B4-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-16 15:29 . 2012-08-16 15:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19F3A21D-E7B7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-22 06:17 . 2012-08-22 06:177680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19EE3632-EC21-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 15:29 . 2012-08-16 15:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19E0971A-E7B7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 03:05 . 2012-08-21 03:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19A322DB-EB3D-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-22 10:49 . 2012-08-22 10:506656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1984B161-EC47-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-22 02:43 . 2012-08-22 02:436144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1850F51F-EC03-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 09:08 . 2012-08-17 09:088192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1841E986-E84B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 07:11 . 2012-08-13 07:137168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{181A2E1E-E516-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 10:30 . 2012-08-20 10:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16E79651-EAB2-11E1-B291-64315024E3AB}.dat
    + 2012-08-12 02:40 . 2012-08-12 02:415120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{143F339E-E427-11E1-83B5-64315024E3AB}.dat
    + 2012-08-23 05:04 . 2012-08-23 05:058192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{141ADCDA-ECE0-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 19:25 . 2012-08-10 19:254608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13F207E8-E321-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-18 02:26 . 2012-08-18 02:266656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1280EFC6-E8DC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 08:04 . 2012-08-16 08:055632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1276BC8D-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 13:58 . 2012-08-14 13:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1243F8E5-E618-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 07:08 . 2012-08-15 07:147680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1177A700-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 21:57 . 2012-08-20 21:586656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1159C06E-EB12-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 15:15 . 2012-08-21 15:166656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{10AFAF7F-EBA3-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 13:56 . 2012-08-21 13:575120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0F5CB11A-EB98-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 13:27 . 2012-08-16 13:275120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0F116273-E7A6-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 20:10 . 2012-08-14 20:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E568283-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 09:08 . 2012-08-17 09:087680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E4C05CF-E84B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 04:53 . 2012-08-14 04:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E4502E8-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 20:36 . 2012-08-22 20:364608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D657773-EC99-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-12 23:11 . 2012-08-12 23:115632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BEB79BF-E4D3-11E1-AA63-64315024E3AB}.dat
    + 2012-08-12 23:11 . 2012-08-12 23:115632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BEB79BE-E4D3-11E1-AA63-64315024E3AB}.dat
    + 2012-08-14 05:01 . 2012-08-14 05:015632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B910F75-E5CD-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 00:50 . 2012-08-14 00:515120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{093176B0-E5AA-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 19:17 . 2012-08-10 19:175632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{087CE305-E320-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-18 20:05 . 2012-08-18 20:106144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{062C0740-E970-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:11 . 2012-08-12 23:119216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{051DE3F0-E4D3-11E1-AA63-64315024E3AB}.dat
    + 2012-08-24 03:42 . 2012-08-24 03:422048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-10 00:13 . 2012-08-10 00:132048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-24 03:42 . 2012-08-24 03:422048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-10 00:13 . 2012-08-10 00:132048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-15 18:37 . 2012-06-02 08:23231936 c:\windows\SysWOW64\url.dll
    + 2012-08-16 10:04 . 2012-06-29 00:07231936 c:\windows\SysWOW64\url.dll
    + 2012-08-16 10:04 . 2012-06-29 00:04717824 c:\windows\SysWOW64\jscript.dll
    + 2012-08-16 10:04 . 2012-06-29 00:04142848 c:\windows\SysWOW64\ieUnatt.exe
    - 2012-07-15 18:37 . 2012-06-02 08:20142848 c:\windows\SysWOW64\ieUnatt.exe
    + 2012-08-16 10:04 . 2012-06-28 23:57176640 c:\windows\SysWOW64\ieui.dll
    - 2012-07-15 18:37 . 2012-06-02 08:14176640 c:\windows\SysWOW64\ieui.dll
    - 2012-07-04 18:33 . 2012-08-09 23:09262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-07-04 18:33 . 2012-08-23 13:45262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2012-07-04 18:34 . 2012-07-25 08:10376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
    + 2012-07-04 18:34 . 2012-08-21 04:45376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
    + 2009-07-14 04:54 . 2012-08-24 00:11819200 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-08-22 06:17 . 2012-08-22 06:18193024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FEC522B7-EC20-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 06:26 . 2012-08-20 06:26170496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ECB3EBDA-EA8F-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 07:14 . 2012-08-15 07:14218624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBB63F23-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 20:03 . 2012-08-18 20:10210944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D55BB181-E96F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 00:07 . 2012-08-13 00:14183296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0F18F06-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-13 01:03 . 2012-08-13 01:09123392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B60A283D-E4E2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-10 19:07 . 2012-08-10 19:15237056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B1E2E689-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-11 07:11 . 2012-08-11 07:11131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0F7D422-E383-11E1-83B5-64315024E3AB}.dat
    + 2012-08-20 07:07 . 2012-08-20 07:08182784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF18AA4C-EA95-11E1-B291-64315024E3AB}.dat
    + 2012-08-11 07:25 . 2012-08-11 07:31156672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE887BEA-E385-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:03182272 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5BD5B9F-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 15:44 . 2012-08-18 15:48166400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9B1039CA-E94B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 08:05 . 2012-08-13 08:05321024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9995EC1A-E51D-11E1-84A5-64315024E3AB}.dat
    + 2012-08-17 05:01 . 2012-08-17 05:08601600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97DEDBFA-E828-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 19:42 . 2012-08-10 19:47509952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{96996774-E323-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-14 04:57 . 2012-08-14 05:04940032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87284518-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 07:03 . 2012-08-22 07:10200192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83D4DF54-EC27-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 05:00 . 2012-08-23 05:06760832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7EAACF19-ECDF-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-13 07:57 . 2012-08-13 08:01218112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E674B5F-E51C-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 07:27 . 2012-08-14 07:27306688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73F091AC-E5E1-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 09:19 . 2012-08-22 09:19137728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73BB1116-EC3A-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 04:49 . 2012-08-20 04:49242688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5D197EC9-EA82-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 05:53 . 2012-08-14 05:57113664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5C5E6BE3-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 07:06 . 2012-08-13 07:13148992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B5DD4A7-E515-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 07:32 . 2012-08-15 07:38231424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5A6CEF7D-E6AB-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 05:09 . 2012-08-21 05:09231936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{557F8DC4-EB4E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-18 17:58 . 2012-08-18 17:58147968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5508A309-E95E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 05:35 . 2012-08-17 05:42119808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5367728C-E82D-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 19:11 . 2012-08-17 19:11133120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{523C7975-E89F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-19 04:42 . 2012-08-19 04:47805376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{38A2869D-E9B8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-19 05:17 . 2012-08-19 05:22102912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2BEDA038-E9BD-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 09:08 . 2012-08-17 09:09100864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{250AF50F-E84B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 04:59 . 2012-08-16 05:06201728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{219299B9-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-12 23:04 . 2012-08-12 23:11229888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A1A94B2-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-11 08:10 . 2012-08-11 08:17145920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{131B4C2F-E38C-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 07:22 . 2012-08-15 07:26120320 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{039D2A92-E6AA-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 10:04 . 2012-06-29 03:47237056 c:\windows\system32\url.dll
    - 2012-07-15 18:37 . 2012-06-02 12:04237056 c:\windows\system32\url.dll
    - 2010-10-26 01:13 . 2011-09-05 17:05464272 c:\windows\system32\spool\drivers\x64\3\ADUIGP.DLL
    + 2011-09-05 17:05 . 2011-09-05 17:05464272 c:\windows\system32\spool\drivers\x64\3\ADUIGP.DLL
    + 2012-08-16 10:04 . 2012-06-29 03:44816640 c:\windows\system32\jscript.dll
    - 2012-07-15 18:37 . 2012-06-02 12:01173056 c:\windows\system32\ieUnatt.exe
    + 2012-08-16 10:04 . 2012-06-29 03:43173056 c:\windows\system32\ieUnatt.exe
    - 2012-07-15 18:37 . 2012-06-02 11:54248320 c:\windows\system32\ieui.dll
    + 2012-08-16 10:04 . 2012-06-29 03:35248320 c:\windows\system32\ieui.dll
    + 2009-07-14 05:30 . 2012-08-16 10:22143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2012-07-24 21:42143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2012-08-16 10:22143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30 . 2012-07-24 21:42143360 c:\windows\system32\DriverStore\infstor.dat
    + 2011-06-08 22:38 . 2010-11-20 13:24229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
    + 2012-08-16 10:06 . 2012-07-06 20:07552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
    - 2009-07-14 05:31 . 2011-07-13 13:18399360 c:\windows\system32\DriverStore\drvindex.dat
    + 2009-07-14 05:31 . 2012-08-16 10:22399360 c:\windows\system32\DriverStore\drvindex.dat
    + 2012-07-04 14:59 . 2012-07-04 14:59261120 c:\windows\Installer\88568d2.msp
    + 2012-08-22 05:50 . 2012-08-22 05:50902144 c:\windows\Installer\6e4a125.msi
    + 2011-12-14 00:21 . 2012-08-22 06:03335872 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
    - 2011-12-14 00:21 . 2012-04-15 20:14335872 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
    - 2011-02-20 04:46 . 2012-07-15 10:06415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
    + 2011-02-20 04:46 . 2012-08-16 10:05415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
    - 2011-02-20 04:46 . 2012-07-15 10:06303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
    + 2011-02-20 04:46 . 2012-08-16 10:05303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
    + 2011-02-20 04:46 . 2012-08-16 10:05571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
    - 2011-02-20 04:46 . 2012-07-15 10:06571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
    + 2011-02-20 04:46 . 2012-08-16 10:05326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
    - 2011-02-20 04:46 . 2012-07-15 10:06326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
    + 2011-09-05 20:05 . 2011-09-05 20:05942464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\jp2klib.dll
    + 2010-10-26 01:13 . 2010-10-26 01:13595344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AXSLE.dll
    + 2012-01-03 07:37 . 2012-01-03 07:37320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\adobearmhelper.exe
    + 2010-10-25 22:13 . 2010-10-25 22:13932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\adobearm.exe
    + 2011-01-07 20:38 . 2011-01-07 20:38121208 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\MSCONV97.DLL
    + 2012-08-16 10:04 . 2012-06-29 00:091129472 c:\windows\SysWOW64\wininet.dll
    - 2012-07-15 18:37 . 2012-06-02 08:251129472 c:\windows\SysWOW64\wininet.dll
    - 2012-07-15 18:37 . 2012-06-02 08:261103872 c:\windows\SysWOW64\urlmon.dll
    + 2012-08-16 10:04 . 2012-06-29 00:091103872 c:\windows\SysWOW64\urlmon.dll
    + 2012-08-16 10:04 . 2012-06-29 00:161800704 c:\windows\SysWOW64\jscript9.dll
    - 2012-07-15 18:37 . 2012-06-02 08:191793024 c:\windows\SysWOW64\iertutil.dll
    + 2012-08-16 10:04 . 2012-06-29 00:011793024 c:\windows\SysWOW64\iertutil.dll
    - 2012-07-15 18:37 . 2012-06-02 08:439737728 c:\windows\SysWOW64\ieframe.dll
    + 2012-08-16 10:04 . 2012-06-29 00:279737728 c:\windows\SysWOW64\ieframe.dll
    + 2009-07-14 04:54 . 2012-08-24 00:119437184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-08-16 10:04 . 2012-06-29 03:491392128 c:\windows\system32\wininet.dll
    - 2012-07-15 18:37 . 2012-06-02 12:051392128 c:\windows\system32\wininet.dll
    - 2012-07-15 18:37 . 2012-06-02 12:051346048 c:\windows\system32\urlmon.dll
    + 2012-08-16 10:04 . 2012-06-29 03:491346048 c:\windows\system32\urlmon.dll
    + 2012-08-16 10:04 . 2012-06-29 03:562312704 c:\windows\system32\jscript9.dll
    - 2012-07-15 18:37 . 2012-06-02 11:592144768 c:\windows\system32\iertutil.dll
    + 2012-08-16 10:04 . 2012-06-29 03:422144768 c:\windows\system32\iertutil.dll
    + 2009-07-14 04:45 . 2012-08-16 10:307113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-07-15 18:597113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 05:01 . 2012-08-24 03:412403212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-07-19 09:45 . 2012-07-19 09:453464704 c:\windows\Installer\885695b.msp
    + 2012-07-04 15:04 . 2012-07-04 15:041292288 c:\windows\Installer\8856944.msp
    + 2012-07-04 15:12 . 2012-07-04 15:124772352 c:\windows\Installer\8856939.msp
    + 2012-07-04 15:09 . 2012-07-04 15:091284096 c:\windows\Installer\8856921.msp
    + 2012-07-04 15:01 . 2012-07-04 15:019082368 c:\windows\Installer\885690a.msp
    + 2012-07-04 14:58 . 2012-07-04 14:586163456 c:\windows\Installer\88568ea.msp
  6. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    - 2011-02-20 04:46 . 2012-07-15 10:061479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
    + 2011-02-20 04:46 . 2012-08-16 10:051479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
    + 2011-02-20 04:46 . 2012-08-16 10:051858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
    - 2011-02-20 04:46 . 2012-07-15 10:061858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
    + 2011-02-20 04:46 . 2012-08-16 10:054525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
    - 2011-02-20 04:46 . 2012-07-15 10:064525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
    - 2011-02-20 04:46 . 2012-07-15 10:063792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
    + 2011-02-20 04:46 . 2012-08-16 10:053792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
    + 2011-02-20 04:46 . 2012-08-16 10:051449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
    - 2011-02-20 04:46 . 2012-07-15 10:061449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
    + 2011-06-06 22:55 . 2011-06-06 22:558293256 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\agm.dll
    + 2012-08-16 10:04 . 2012-06-29 00:5212317184 c:\windows\SysWOW64\mshtml.dll
    - 2012-07-04 18:32 . 2012-08-09 23:0916187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    + 2012-07-04 18:32 . 2012-08-24 00:1116187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    - 2009-07-14 04:54 . 2012-08-09 23:0916187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-24 00:1116187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 02:34 . 2012-08-16 10:2211010048 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2009-07-14 02:34 . 2012-07-15 18:5311010048 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2012-08-16 10:04 . 2012-06-29 04:5517809920 c:\windows\system32\mshtml.dll
    + 2012-08-16 10:04 . 2012-06-29 04:0910925568 c:\windows\system32\ieframe.dll
    + 2009-07-14 04:45 . 2012-08-16 10:2916274064 c:\windows\system32\FNTCACHE.DAT
    - 2009-07-14 04:45 . 2012-07-15 18:5916274064 c:\windows\system32\FNTCACHE.DAT
    + 2011-03-08 08:26 . 2012-08-24 03:4150937328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4151112255-51104295-1799264657-1000-12288.dat
    + 2012-07-12 20:51 . 2012-08-24 03:4111102832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2012-07-28 01:22 . 2012-07-28 01:22105082880 c:\windows\Installer\6e4a5a5.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:52762000----a-r-c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:52762000----a-r-c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:52762000----a-r-c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeBridge"="" [BU]
    "Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-07-27 1261512]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
    "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
    "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-10-12 2215768]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-21 119152]
    "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    "ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
    "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-20 3695928]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe" [2012-08-01 686792]
    .
    c:\users\JASON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2011-12-18 77824]
    Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-12-18 15360]
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]
    ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-12-18 1081344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-22 85560]
    R2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R3 JmUjk3Ai;BlackBox SR2; [x]
    R3 kxhaBH20;BlackBox SR2; [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 sS43NcfQ;BlackBox SR2; [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
    R4 SQLAgent$SHIPWORKS;SQL Server Agent (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
    S0 72999610;72999610;c:\windows\system32\DRIVERS\72999610.sys [2012-08-08 460888]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-05 822624]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 MSSQL$SHIPWORKS;SQL Server (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-21 36720]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-11-19 24992]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-07 c:\windows\Tasks\HPCeeScheduleForJASON.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:361174672----a-r-c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:361174672----a-r-c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:361174672----a-r-c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 192.168.1.254
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:50,2f,7e,65,13,5a,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\Brownie\Brnipmon.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-23 21:22:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-24 04:22
    ComboFix2.txt 2012-08-10 19:34
    ComboFix3.txt 2012-08-10 00:50
    ComboFix4.txt 2012-08-08 20:23
    ComboFix5.txt 2012-08-24 00:11
    .
    Pre-Run: 125,596,983,296 bytes free
    Post-Run: 126,509,203,456 bytes free
    .
    - - End Of File - - 3D2BB755A6010C94F6C51E6DC31538D0
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  8. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    Hi DMJ- Still have the virus. Here is the new ComboFix Log:
    ComboFix 12-08-22.03 - JASON 08/25/2012 13:38:22.5.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1838 [GMT -7:00]
    Running from: c:\users\JASON\Desktop\ComboFix.exe
    Command switches used :: c:\users\JASON\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\SysWow64\sho1C27.tmp"
    "c:\windows\SysWow64\sho26C6.tmp"
    "c:\windows\SysWow64\sho2CEA.tmp"
    "c:\windows\SysWow64\sho61F2.tmp"
    "c:\windows\SysWow64\sho8934.tmp"
    "c:\windows\SysWow64\sho8F12.tmp"
    "c:\windows\SysWow64\shoA071.tmp"
    "c:\windows\SysWow64\shoD2A7.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\sho1C27.tmp
    c:\windows\SysWow64\sho26C6.tmp
    c:\windows\SysWow64\sho2CEA.tmp
    c:\windows\SysWow64\sho61F2.tmp
    c:\windows\SysWow64\sho8934.tmp
    c:\windows\SysWow64\sho8F12.tmp
    c:\windows\SysWow64\shoA071.tmp
    c:\windows\SysWow64\shoD2A7.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-25 20:55 . 2012-08-25 20:55 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-08-25 20:55 . 2012-08-25 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{9BE3DA6A-4249-4BEC-9AE7-CA0EA247E62C}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
    2012-08-22 05:52 . 2012-08-22 05:51 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-08-22 05:51 . 2012-08-22 05:51 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-08-22 05:51 . 2012-08-22 05:51 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-08-22 05:51 . 2012-08-22 05:51 188904 ----a-w- c:\windows\system32\java.exe
    2012-08-22 05:51 . 2012-08-22 05:51 -------- d-----w- c:\program files\Java
    2012-08-16 10:05 . 2012-08-16 10:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-08-15 11:24 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 11:24 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 11:24 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 11:24 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 11:24 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2012-08-15 11:24 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 11:24 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 11:24 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 11:24 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 11:24 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 11:24 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 11:24 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-08-14 18:31 . 2012-08-14 18:33 35712 ----a-w- c:\windows\SysWow64\drivers\kxhaBH20.sys
    2012-08-14 18:31 . 2012-08-14 18:33 -------- d-----w- c:\program files\unhook
    2012-08-14 18:19 . 2012-08-14 18:26 35712 ----a-w- c:\windows\SysWow64\drivers\JmUjk3Ai.sys
    2012-08-14 18:18 . 2012-08-14 18:26 35712 ----a-w- c:\windows\SysWow64\drivers\sS43NcfQ.sys
    2012-08-12 04:31 . 2012-08-08 18:11 460888 ----a-w- c:\windows\system32\drivers\72999610.sys
    2012-08-11 16:53 . 2012-08-11 16:53 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-08-07 02:29 . 2012-08-07 02:29 -------- d-----w- c:\users\JASON\AppData\Roaming\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-07 02:28 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-22 05:51 . 2012-01-23 07:47 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-22 05:51 . 2012-01-23 07:47 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-16 10:00 . 2011-02-08 03:11 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-01 22:46 . 2012-04-05 08:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-01 22:46 . 2011-05-18 18:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-09 05:43 . 2012-07-15 06:12 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06 . 2012-07-15 06:12 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-15 06:12 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-15 06:11 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-15 06:12 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-15 06:12 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-15 06:11 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-22 07:21 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 07:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 07:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 07:22 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 07:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-22 07:21 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 07:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-22 07:21 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:50 . 2012-07-15 06:12 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-15 06:12 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-15 06:12 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-15 06:12 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-15 06:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-15 06:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-15 06:12 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-15 06:12 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-15 06:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-20 . 58877D39A2D4E120CEE1EFF4DAD3D3FD . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-08-24_03.45.44 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-24 21:17 . 2012-08-24 21:17 25094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-08-24 03:41 . 2012-08-24 03:41 25094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-07-04 18:36 . 2012-08-24 00:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-07-04 18:36 . 2012-08-25 19:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-08-24 22:04 . 2012-08-24 22:09 62464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B92145E3-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 04:44 . 2012-08-25 04:48 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8BE75A92-EE6F-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 04:29 . 2012-08-25 04:33 28160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{82978470-EE6D-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:32 . 2012-08-24 21:33 30720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{446E5FD2-EE33-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:53 . 2012-08-25 05:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2AF33E43-EE79-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:53 . 2012-08-25 05:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21F1753A-EE79-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:24 . 2012-08-24 21:31 37376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1C7F2389-EE32-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:31 . 2012-08-24 21:38 24064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1927753A-EE33-11E1-9818-64315024E3AB}.dat
    + 2012-07-04 18:33 . 2012-08-25 07:06 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-07-04 18:33 . 2012-08-23 11:02 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2009-07-14 05:10 . 2012-08-25 21:15 40316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-07 03:46 . 2012-08-25 21:15 14798 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4151112255-51104295-1799264657-1000_UserData.bin
    - 2011-02-07 04:31 . 2012-08-24 00:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-07 04:31 . 2012-08-25 20:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-07 04:31 . 2012-08-24 00:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-02-07 04:31 . 2012-08-25 20:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-25 20:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-24 00:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-08-22 08:03 . 2012-08-23 05:09 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{CBD0FFEF-EC2F-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-22 08:03 . 2012-08-24 22:09 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{CBD0FFEF-EC2F-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-24 22:09 . 2012-08-25 19:55 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{568893EA-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 19:55 . 2012-08-25 19:55 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{C72879A0-EEEE-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:09 . 2012-08-24 22:09 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{568893EC-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:23 . 2012-08-24 21:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F969FBA7-EE31-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:23 . 2012-08-24 21:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F66B808E-EE31-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 11:56 . 2012-08-25 11:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ED74150C-EEAB-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:22 . 2012-08-24 21:23 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC2D790B-EE31-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:50 . 2012-08-25 05:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D2004BA7-EE78-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 13:56 . 2012-08-25 13:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B20F746E-EEBC-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 19:54 . 2012-08-25 19:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AEDF583B-EEEE-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:42 . 2012-08-25 05:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB34E0F8-EE77-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 00:13 . 2012-08-25 00:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A72B8D9D-EE49-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 08:55 . 2012-08-25 08:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A2ECFEF8-EE92-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 17:09 . 2012-08-25 17:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93844C5A-EED7-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 10:56 . 2012-08-25 10:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{846C31C7-EEA3-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 02:13 . 2012-08-25 02:13 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{840EE8CD-EE5A-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 04:29 . 2012-08-25 04:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8297846F-EE6D-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:02 . 2012-08-24 22:09 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{703FD018-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:02 . 2012-08-24 22:09 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7025A0F4-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 15:20 . 2012-08-25 15:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6A3049BF-EEC8-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 03:45 . 2012-08-25 03:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61996107-EE67-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 03:45 . 2012-08-25 03:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{615DDE9F-EE67-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:06 . 2012-08-25 07:13 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5FAFEEC9-EE83-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 12:56 . 2012-08-25 12:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4FC2F56D-EEB4-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 04:42 . 2012-08-25 04:44 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{36EB637C-EE6F-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 14:57 . 2012-08-25 14:58 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3136415B-EEC5-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 16:08 . 2012-08-25 16:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{260DF4DB-EECF-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 09:56 . 2012-08-25 09:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{222B99A7-EE9B-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 01:13 . 2012-08-25 01:14 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1FAAD720-EE52-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:24 . 2012-08-24 21:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C7F2388-EE32-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:31 . 2012-08-24 21:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19277539-EE33-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:31 . 2012-08-24 21:32 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{17FDE936-EE33-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:04 . 2012-08-25 07:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16D5B156-EE83-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 23:11 . 2012-08-24 23:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{169DB55D-EE41-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 18:09 . 2012-08-25 18:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{135FC720-EEE0-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:23 . 2012-08-24 21:24 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F66B808F-EE31-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 11:56 . 2012-08-25 11:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED74150D-EEAB-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:23 . 2012-08-24 21:23 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC2D790C-EE31-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:09 . 2012-08-25 07:13 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D97AD893-EE83-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:09 . 2012-08-25 07:09 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D97AD891-EE83-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:05 . 2012-08-24 22:05 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D195A286-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:04 . 2012-08-24 22:04 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B92145E1-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 13:56 . 2012-08-25 13:57 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B20F746F-EEBC-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 19:54 . 2012-08-25 19:55 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AEDF583D-EEEE-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:04 . 2012-08-24 22:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE002FA8-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:42 . 2012-08-25 05:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB34E0F9-EE77-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 00:13 . 2012-08-25 00:13 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A72B8D9E-EE49-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 08:55 . 2012-08-25 08:56 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A2ECFEF9-EE92-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:03 . 2012-08-24 22:09 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{959812E1-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 17:09 . 2012-08-25 17:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93844C5B-EED7-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 10:56 . 2012-08-25 10:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{846C31C8-EEA3-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 02:13 . 2012-08-25 02:13 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{840EE8CE-EE5A-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 15:20 . 2012-08-25 15:20 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A3049C0-EEC8-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:09 . 2012-08-24 22:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{65E17DEC-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 03:45 . 2012-08-25 03:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{61996108-EE67-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 03:45 . 2012-08-25 03:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{615DDEA0-EE67-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:13 . 2012-08-25 07:13 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{534A3378-EE84-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 12:56 . 2012-08-25 12:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4FC2F56E-EEB4-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:08 . 2012-08-24 22:09 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{49D5CFE1-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 14:57 . 2012-08-25 14:58 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3136415C-EEC5-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:07 . 2012-08-24 22:08 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{26247AA6-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 16:08 . 2012-08-25 16:09 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{260DF4DC-EECF-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 09:56 . 2012-08-25 09:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{222B99A8-EE9B-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 01:13 . 2012-08-25 01:14 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1FAAD721-EE52-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:11 . 2012-08-25 07:13 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1BE34085-EE84-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:04 . 2012-08-25 07:05 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16D5B157-EE83-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 23:11 . 2012-08-24 23:12 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{169DB55E-EE41-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 18:09 . 2012-08-25 18:10 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{135FC721-EEE0-11E1-9818-64315024E3AB}.dat
  9. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    + 2012-08-24 22:07 . 2012-08-24 22:07 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12F343E6-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:07 . 2012-08-24 22:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12C3F684-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:07 . 2012-08-24 22:07 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12C3F682-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:24 . 2012-08-24 21:24 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12934743-EE32-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:24 . 2012-08-24 21:24 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0568AAC2-EE32-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 21:11 . 2012-08-25 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-24 03:42 . 2012-08-24 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-25 21:11 . 2012-08-25 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-24 03:42 . 2012-08-24 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-04 18:33 . 2012-08-25 07:06 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2012-07-04 18:33 . 2012-08-23 13:45 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2012-08-25 19:54 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-08-24 22:02 . 2012-08-24 22:09 558080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7025A0F5-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:55 . 2012-08-25 05:56 299008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6ABA7895-EE79-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:09 . 2012-08-24 22:09 184832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{568893ED-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:13 . 2012-08-25 07:13 196096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{534A3376-EE84-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 04:42 . 2012-08-25 04:48 411136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36EB637D-EE6F-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:31 . 2012-08-24 21:38 239104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{17FDE937-EE33-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 23:15 . 2012-08-24 23:15 453632 c:\windows\Installer\6a7404.msi
    + 2012-08-24 23:15 . 2012-08-24 23:15 261632 c:\windows\Installer\6a72b9.msi
    + 2012-08-24 23:15 . 2012-08-24 23:15 261632 c:\windows\Installer\6a72a9.msi
    + 2012-08-24 23:15 . 2012-08-24 23:15 261632 c:\windows\Installer\6a7299.msi
    + 2012-08-24 23:15 . 2012-08-24 23:15 262656 c:\windows\Installer\6a7289.msi
    + 2012-08-24 23:14 . 2012-08-24 23:14 261632 c:\windows\Installer\6a7276.msi
    + 2012-08-24 23:14 . 2012-08-24 23:14 262656 c:\windows\Installer\6a7266.msi
    + 2009-07-14 04:54 . 2012-08-25 19:54 9437184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-24 00:11 9437184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 05:01 . 2012-08-25 21:09 2403212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-08-24 03:41 2403212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-07-04 18:32 . 2012-08-24 00:11 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    + 2012-07-04 18:32 . 2012-08-25 19:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    - 2009-07-14 04:54 . 2012-08-24 00:11 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-25 19:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-08 08:26 . 2012-08-25 21:10 51167152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4151112255-51104295-1799264657-1000-12288.dat
    + 2012-07-12 20:51 . 2012-08-25 21:10 11107044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeBridge"="" [BU]
    "Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-07-27 1261512]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
    "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
    "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-10-12 2215768]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-21 119152]
    "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    "ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
    "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-20 3695928]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe" [2012-08-01 686792]
    .
    c:\users\JASON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2011-12-18 77824]
    Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-12-18 15360]
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]
    ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-12-18 1081344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
    R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-05 822624]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-22 85560]
    R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R3 JmUjk3Ai;BlackBox SR2; [x]
    R3 kxhaBH20;BlackBox SR2; [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    R3 sS43NcfQ;BlackBox SR2; [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
    R4 SQLAgent$SHIPWORKS;SQL Server Agent (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
    S0 72999610;72999610;c:\windows\system32\DRIVERS\72999610.sys [2012-08-08 460888]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 MSSQL$SHIPWORKS;SQL Server (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-21 36720]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-11-19 24992]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-07 c:\windows\Tasks\HPCeeScheduleForJASON.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 192.168.1.254
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:50,2f,7e,65,13,5a,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\Brownie\Brnipmon.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-25 14:54:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-25 21:54
    ComboFix2.txt 2012-08-24 04:22
    ComboFix3.txt 2012-08-10 19:34
    ComboFix4.txt 2012-08-10 00:50
    ComboFix5.txt 2012-08-25 20:36
    .
    Pre-Run: 126,317,490,176 bytes free
    Post-Run: 126,070,800,384 bytes free
    .
    - - End Of File - - 1B6DD2F0D61CED3EFA3AFA906EBB787B
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  11. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    HI DMJ- Still have the virus. Here is the new ComboFix Log. Thanks again for your help.

    ComboFix 12-08-22.03 - JASON 08/26/2012 17:23:47.6.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2114 [GMT -7:00]
    Running from: c:\users\JASON\Desktop\ComboFix.exe
    Command switches used :: c:\users\JASON\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-27 00:40 . 2012-08-27 00:40 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-08-27 00:40 . 2012-08-27 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{9BE3DA6A-4249-4BEC-9AE7-CA0EA247E62C}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
    2012-08-22 05:52 . 2012-08-22 05:51 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-08-22 05:51 . 2012-08-22 05:51 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-08-22 05:51 . 2012-08-22 05:51 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-08-22 05:51 . 2012-08-22 05:51 188904 ----a-w- c:\windows\system32\java.exe
    2012-08-22 05:51 . 2012-08-22 05:51 -------- d-----w- c:\program files\Java
    2012-08-16 10:05 . 2012-08-16 10:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-08-15 11:24 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 11:24 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 11:24 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 11:24 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 11:24 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2012-08-15 11:24 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 11:24 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 11:24 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 11:24 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 11:24 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 11:24 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 11:24 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-08-14 18:31 . 2012-08-14 18:33 35712 ----a-w- c:\windows\SysWow64\drivers\kxhaBH20.sys
    2012-08-14 18:31 . 2012-08-14 18:33 -------- d-----w- c:\program files\unhook
    2012-08-14 18:19 . 2012-08-14 18:26 35712 ----a-w- c:\windows\SysWow64\drivers\JmUjk3Ai.sys
    2012-08-14 18:18 . 2012-08-14 18:26 35712 ----a-w- c:\windows\SysWow64\drivers\sS43NcfQ.sys
    2012-08-12 04:31 . 2012-08-08 18:11 460888 ----a-w- c:\windows\system32\drivers\72999610.sys
    2012-08-11 16:53 . 2012-08-11 16:53 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-08-07 02:29 . 2012-08-07 02:29 -------- d-----w- c:\users\JASON\AppData\Roaming\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-07 02:28 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-22 05:51 . 2012-01-23 07:47 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-22 05:51 . 2012-01-23 07:47 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-16 10:00 . 2011-02-08 03:11 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-01 22:46 . 2012-04-05 08:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-01 22:46 . 2011-05-18 18:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-09 05:43 . 2012-07-15 06:12 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06 . 2012-07-15 06:12 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-15 06:12 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-15 06:11 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-15 06:12 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-15 06:12 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-15 06:11 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-22 07:21 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 07:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 07:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 07:22 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 07:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-22 07:21 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 07:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-22 07:21 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:50 . 2012-07-15 06:12 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-15 06:12 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-15 06:12 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-15 06:12 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-15 06:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-15 06:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-15 06:12 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-15 06:12 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-15 06:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-20 . 58877D39A2D4E120CEE1EFF4DAD3D3FD . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-08-25_21.14.05 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-27 00:41 . 2012-08-27 00:41 25094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-08-24 21:17 . 2012-08-24 21:17 25094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2012-07-04 18:36 . 2012-08-27 01:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    - 2012-07-04 18:36 . 2012-08-25 19:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-08-26 04:32 . 2012-08-26 04:37 31744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9AC47EA-EF36-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:39 . 2012-08-26 04:46 30720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F864B07C-EF37-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:36 . 2012-08-26 04:39 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ABDE2C0A-EF37-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:34 . 2012-08-26 04:39 24576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5C378844-EF37-11E1-9D59-64315024E3AB}.dat
    + 2012-07-04 18:33 . 2012-08-26 09:28 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-07-04 18:33 . 2012-08-25 07:06 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2011-02-07 03:31 . 2012-08-25 22:49 61988 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-08-25 22:49 40480 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2011-02-07 03:46 . 2012-08-25 21:15 14798 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4151112255-51104295-1799264657-1000_UserData.bin
    + 2011-02-07 03:46 . 2012-08-25 22:49 14798 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4151112255-51104295-1799264657-1000_UserData.bin
    - 2011-02-07 04:31 . 2012-08-25 20:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-07 04:31 . 2012-08-27 00:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-07 04:31 . 2012-08-25 20:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-02-07 04:31 . 2012-08-27 00:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-27 00:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-25 20:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-08-26 07:21 . 2012-08-26 07:21 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{9DD91451-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-24 22:09 . 2012-08-26 23:36 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{568893EA-EE38-11E1-9818-64315024E3AB}.dat
    - 2012-08-24 22:09 . 2012-08-25 19:55 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{568893EA-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-26 23:36 . 2012-08-26 23:36 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{ED12CCAC-EFD6-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:21 . 2012-08-26 07:21 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{9DD91452-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:32 . 2012-08-26 04:36 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB40F1D8-EF36-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:32 . 2012-08-26 04:37 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F9AC47E9-EF36-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:39 . 2012-08-26 04:39 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F864B07B-EF37-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 19:33 . 2012-08-26 19:34 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F477DB6A-EFB4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 21:35 . 2012-08-26 21:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EC52C6B4-EFC5-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 15:29 . 2012-08-26 15:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D40D0D70-EF92-11E1-9D59-64315024E3AB}.dat
    + 2012-08-27 00:47 . 2012-08-27 00:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D17DCF4D-EFE0-11E1-8B4C-64315024E3AB}.dat
    + 2012-08-26 10:28 . 2012-08-26 10:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C3963333-EF68-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 01:52 . 2012-08-26 01:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B9741FC4-EF20-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 06:03 . 2012-08-26 06:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B699E706-EF43-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 23:50 . 2012-08-25 23:51 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B05DCDB0-EF0F-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 03:54 . 2012-08-26 03:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB82C558-EF31-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 03:54 . 2012-08-26 03:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AA6C4457-EF31-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:14 . 2012-08-26 07:21 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A6996D98-EF4D-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:32 . 2012-08-26 16:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9DAC473F-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 09:15 . 2012-08-26 09:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8A9C30F6-EF5E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 12:28 . 2012-08-26 12:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{88176372-EF79-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:31 . 2012-08-26 16:32 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{846FF09E-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:31 . 2012-08-26 16:32 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A0F70ED-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 18:32 . 2012-08-26 18:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{717070AC-EFAC-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 14:29 . 2012-08-26 14:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7062A427-EF8A-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 22:36 . 2012-08-26 22:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6F4FB9BC-EFCE-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:30 . 2012-08-26 16:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{60CBF62A-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 20:34 . 2012-08-26 20:34 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E076D1F-EFBD-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 05:02 . 2012-08-26 05:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{461BD3ED-EF3B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:29 . 2012-08-26 16:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{43A7DD96-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 00:51 . 2012-08-26 00:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{38AA7FE9-EF18-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 00:51 . 2012-08-26 00:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{37561B22-EF18-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 22:49 . 2012-08-25 22:50 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2F186471-EF07-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 22:49 . 2012-08-25 22:50 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2CE90113-EF07-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 11:28 . 2012-08-26 11:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{25D6CB52-EF71-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 02:52 . 2012-08-26 02:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{24C5958D-EF29-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 02:52 . 2012-08-26 02:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{22265180-EF29-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:03 . 2012-08-26 07:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{18D81DC5-EF4C-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 17:32 . 2012-08-26 17:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0DD91266-EFA4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 17:32 . 2012-08-26 17:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0BF1184D-EFA4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 08:14 . 2012-08-26 08:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0A57BEE9-EF56-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 13:29 . 2012-08-26 13:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0867BC60-EF82-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 19:33 . 2012-08-26 19:34 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F477DB6B-EFB4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 21:35 . 2012-08-26 21:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC52C6B5-EFC5-11E1-9D59-64315024E3AB}.dat
    + 2012-08-27 00:48 . 2012-08-27 00:48 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD7EDFC9-EFE0-11E1-8B4C-64315024E3AB}.dat
    + 2012-08-26 15:29 . 2012-08-26 15:30 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D40D0D71-EF92-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:15 . 2012-08-26 07:21 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D350D62B-EF4D-11E1-9D59-64315024E3AB}.dat
    + 2012-08-27 00:47 . 2012-08-27 00:48 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D17DCF4E-EFE0-11E1-8B4C-64315024E3AB}.dat
    + 2012-08-26 07:15 . 2012-08-26 07:21 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CACA3ED2-EF4D-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 10:28 . 2012-08-26 10:29 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3963334-EF68-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 01:52 . 2012-08-26 01:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9741FC5-EF20-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 06:03 . 2012-08-26 06:03 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B699E707-EF43-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 23:50 . 2012-08-25 23:51 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B05DCDB1-EF0F-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 03:54 . 2012-08-26 03:54 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB82C559-EF31-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 03:54 . 2012-08-26 03:54 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA6C4458-EF31-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:21 . 2012-08-26 07:21 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9DD91456-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:32 . 2012-08-26 16:33 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9DAC4740-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:20 . 2012-08-26 07:21 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{907FD4A8-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 09:15 . 2012-08-26 09:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A9C30F7-EF5E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 12:28 . 2012-08-26 12:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{88176373-EF79-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:31 . 2012-08-26 16:32 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{846FF09F-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:31 . 2012-08-26 16:32 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A0F70EE-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 18:32 . 2012-08-26 18:33 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{717070AD-EFAC-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 14:29 . 2012-08-26 14:30 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7062A428-EF8A-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 22:36 . 2012-08-26 22:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F4FB9BD-EFCE-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:30 . 2012-08-26 16:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{60CBF62B-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 20:34 . 2012-08-26 20:34 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E076D20-EFBD-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:18 . 2012-08-26 07:21 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43BC7029-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:29 . 2012-08-26 16:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43A7DD97-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 22:50 . 2012-08-25 22:50 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B3067F3-EF07-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 00:51 . 2012-08-26 00:52 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{38AA7FEA-EF18-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 00:51 . 2012-08-26 00:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37561B23-EF18-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 22:50 . 2012-08-25 22:50 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F186472-EF07-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 22:50 . 2012-08-25 22:50 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2CE90114-EF07-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:17 . 2012-08-26 07:18 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{286C4EF8-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 11:28 . 2012-08-26 11:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{25D6CB53-EF71-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 02:52 . 2012-08-26 02:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24C5958E-EF29-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 02:52 . 2012-08-26 02:53 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22265181-EF29-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:03 . 2012-08-26 07:03 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{18D81DC6-EF4C-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 17:32 . 2012-08-26 17:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0DD91267-EFA4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 17:32 . 2012-08-26 17:33 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BF1184E-EFA4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 08:14 . 2012-08-26 08:15 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0A57BEEA-EF56-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 13:29 . 2012-08-26 13:30 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0867BC61-EF82-11E1-9D59-64315024E3AB}.dat
    - 2012-08-25 21:11 . 2012-08-25 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-27 00:43 . 2012-08-27 00:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-25 21:11 . 2012-08-25 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-27 00:43 . 2012-08-27 00:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-04 18:33 . 2012-08-26 05:02 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2012-07-04 18:33 . 2012-08-25 07:06 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 04:54 . 2012-08-25 19:54 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-27 01:48 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-08-26 04:32 . 2012-08-26 04:39 866304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FB40F1D9-EF36-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:21 . 2012-08-26 07:21 177664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9DD91454-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 05:02 . 2012-08-26 05:07 573952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{461BD3EE-EF3B-11E1-9D59-64315024E3AB}.dat
    + 2009-07-14 04:54 . 2012-08-27 00:48 9437184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-25 19:54 9437184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 05:01 . 2012-08-25 21:09 2403212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-27 00:41 2403212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-07-04 18:32 . 2012-08-25 19:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    + 2012-07-04 18:32 . 2012-08-27 01:48 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    - 2009-07-14 04:54 . 2012-08-25 19:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-27 00:48 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-08 08:26 . 2012-08-27 00:42 51213540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4151112255-51104295-1799264657-1000-12288.dat
    - 2012-07-12 20:51 . 2012-08-25 21:10 11107044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2012-07-12 20:51 . 2012-08-27 00:42 11107044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    .
     
  12. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeBridge"="" [BU]
    "Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-07-27 1261512]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe" [2012-08-01 686792]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
    "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
    "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-10-12 2215768]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-21 119152]
    "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    "ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
    "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-20 3695928]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe" [2012-08-01 686792]
    .
    c:\users\JASON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2011-12-18 77824]
    Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-12-18 15360]
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]
    ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-12-18 1081344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
    R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-05 822624]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R3 JmUjk3Ai;BlackBox SR2; [x]
    R3 kxhaBH20;BlackBox SR2; [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    R3 sS43NcfQ;BlackBox SR2; [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
    R4 SQLAgent$SHIPWORKS;SQL Server Agent (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
    S0 72999610;72999610;c:\windows\system32\DRIVERS\72999610.sys [2012-08-08 460888]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-22 85560]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 MSSQL$SHIPWORKS;SQL Server (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-21 36720]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-11-19 24992]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-07 c:\windows\Tasks\HPCeeScheduleForJASON.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 192.168.1.254
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:50,2f,7e,65,13,5a,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\Brownie\Brnipmon.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-26 19:33:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-27 02:32
    ComboFix2.txt 2012-08-25 21:54
    ComboFix3.txt 2012-08-24 04:22
    ComboFix4.txt 2012-08-10 19:34
    ComboFix5.txt 2012-08-27 00:22
    .
    Pre-Run: 125,635,674,112 bytes free
    Post-Run: 125,674,766,336 bytes free
    .
    - - End Of File - - 888A664B31D5A7A34A4B91738C677221
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  14. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    Here is the OTL and Extras logs. Still have the virus. Please let me know the next steps. Thanks.

    OTL logfile created on: 8/28/2012 7:04:59 AM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\JASON\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 47.05% Memory free
    7.50 Gb Paging File | 5.02 Gb Available in Paging File | 66.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 685.29 Gb Total Space | 122.67 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
    Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

    Computer Name: HPDESKTOP1 | User Name: JASON | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/27 13:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/20 14:46:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JASON\Desktop\OTL.exe
    PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/02/23 15:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/10/01 11:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 11:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/06/30 16:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2011/04/22 20:28:46 | 001,081,344 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
    PRC - [2011/03/30 12:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2011/03/28 20:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/03/03 23:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2011/01/19 15:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
    PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2009/09/30 13:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
    PRC - [2009/07/13 18:14:35 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sdiagnhost.exe
    PRC - [2009/07/13 18:14:25 | 000,983,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdt.exe
    PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2008/10/20 17:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brownie\BRNIPMON.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/25 01:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/25 01:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/08 16:53:48 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
    MOD - [2011/03/16 18:30:58 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
    MOD - [2010/08/24 19:56:50 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
    MOD - [2008/11/12 18:32:30 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
    MOD - [2003/03/26 21:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/06/30 06:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/03/03 23:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
    SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/05/20 18:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/12/06 09:48:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/10/01 11:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 11:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/07/13 07:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2011/06/30 16:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2011/06/21 18:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/03/28 20:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/07/24 00:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/08 11:11:11 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\72999610.sys -- (72999610)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/02/15 14:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/10/01 11:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 11:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 11:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 11:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/07/13 07:00:14 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2011/06/30 08:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/06/30 06:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/06/17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/18 21:13:36 | 000,024,992 | ---- | M] (Windows (R) DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vad.sys -- (VAD_DEV)
    DRV:64bit: - [2010/09/02 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/08/13 06:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2010/08/13 06:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2010/07/21 20:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2010/05/20 18:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2010/03/10 08:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2012/08/14 11:33:34 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\kxhaBH20.sys -- (kxhaBH20)
    DRV - [2012/08/14 11:26:35 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\sS43NcfQ.sys -- (sS43NcfQ)
    DRV - [2012/08/14 11:26:24 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\JmUjk3Ai.sys -- (JmUjk3Ai)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/myweb...&n=77ed2945&psa=&st=sb&searchfor={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0BDAF422-7CB0-42AC-80C2-3A279B3CACF5}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
    IE - HKCU\..\SearchScopes\{15B78E6B-5A75-48FB-A917-52B4309A4D42}: "URL" =
    IE - HKCU\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/myweb...&n=77ed2945&psa=&st=sb&searchfor={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/14 22:24:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/21 07:54:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/12/13 16:48:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/21 23:03:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/21 07:52:37 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AVG Safe Search = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
    CHR - Extension: AVG Do Not Track = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
    CHR - Extension: Gmail = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/08/26 18:41:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF49D771-4EDE-4A85-B771-E1CDD3CA87C1}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb2 - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: hitmanpro36 - Reg Error: Value error.
    SafeBootMin:64bit: hitmanpro36.sys - Reg Error: Value error.
    SafeBootMin:64bit: HitmanPro36Crusader - Reg Error: Value error.
    SafeBootMin:64bit: HitmanPro36CrusaderBoot - Reg Error: Value error.
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: hitmanpro36 - Reg Error: Value error.
    SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
    SafeBootMin: HitmanPro36Crusader - Reg Error: Value error.
    SafeBootMin: HitmanPro36CrusaderBoot - Reg Error: Value error.
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
  15. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/26 19:33:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/26 18:41:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/24 16:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    [2012/08/24 16:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BE3DA6A-4249-4BEC-9AE7-CA0EA247E62C}
    [2012/08/24 16:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}
    [2012/08/24 16:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    [2012/08/24 16:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    [2012/08/24 16:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D}
    [2012/08/24 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
    [2012/08/24 16:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
    [2012/08/21 22:57:50 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Vendio
    [2012/08/21 22:57:28 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Virus
    [2012/08/21 22:52:00 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/08/21 22:51:41 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2012/08/21 22:51:40 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/08/21 22:51:38 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/08/21 22:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/08/21 08:56:22 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Bourne Creative SEO Course
    [2012/08/16 03:04:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/08/16 03:04:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/08/16 03:04:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/08/16 03:04:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/08/16 03:04:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/08/16 03:04:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/08/16 03:04:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/08/16 03:04:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/08/16 03:04:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/08/16 03:04:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/08/16 03:04:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/08/16 03:04:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/08/16 03:04:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/08/15 04:24:36 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
    [2012/08/15 04:24:32 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2012/08/15 04:24:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2012/08/15 04:24:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
    [2012/08/15 04:24:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
    [2012/08/15 04:24:31 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
    [2012/08/15 04:24:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
    [2012/08/15 04:24:29 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
    [2012/08/14 11:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\unhook
    [2012/08/14 11:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE
    [2012/08/11 21:31:01 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\72999610.sys
    [2012/08/11 09:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/08/07 20:29:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/07 20:29:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/07 20:29:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/06 19:29:28 | 000,000,000 | ---D | C] -- C:\Users\JASON\AppData\Roaming\Malwarebytes
    [2012/08/06 19:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/06 19:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/06 19:28:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/06 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [19 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/28 07:13:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/28 05:13:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/27 17:50:17 | 105,088,910 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/08/27 15:55:23 | 000,000,036 | -H-- | M] () -- C:\Windows\SysWow64\f9t.dat
    [2012/08/27 10:28:05 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJASON.job
    [2012/08/27 10:24:09 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/27 10:24:09 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/27 10:16:06 | 000,000,328 | ---- | M] () -- C:\Windows\Brownie.ini
    [2012/08/27 10:12:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/27 10:12:22 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/26 18:41:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/25 17:10:28 | 000,626,986 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/08/25 12:58:51 | 000,166,967 | ---- | M] () -- C:\Users\JASON\Desktop\freehampton.pdf
    [2012/08/24 16:15:35 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2012/08/23 17:10:13 | 004,736,524 | R--- | M] (Swearware) -- C:\Users\JASON\Desktop\ComboFix.exe
    [2012/08/21 23:03:22 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    [2012/08/21 22:51:30 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
    [2012/08/21 22:51:30 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
    [2012/08/21 22:51:30 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/08/21 22:51:30 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/08/21 22:51:30 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/08/21 22:51:30 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2012/08/21 17:17:18 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/20 22:03:51 | 000,001,033 | ---- | M] () -- C:\Users\JASON\Desktop\Rankerizer.lnk
    [2012/08/19 16:13:26 | 000,000,000 | ---- | M] () -- C:\Users\JASON\Documents\Nuance Image Printer Writer Port
    [2012/08/19 16:09:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
    [2012/08/18 18:46:24 | 000,644,339 | ---- | M] () -- C:\Users\JASON\Desktop\specialoffer$33.pdf
    [2012/08/18 18:46:23 | 000,153,799 | ---- | M] () -- C:\Users\JASON\Desktop\clicksure$33.pdf
    [2012/08/16 03:29:09 | 016,274,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/16 03:03:38 | 000,000,372 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/08/14 11:33:34 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\kxhaBH20.sys
    [2012/08/14 11:26:35 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\sS43NcfQ.sys
    [2012/08/14 11:26:24 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\JmUjk3Ai.sys
    [2012/08/10 19:56:55 | 000,027,520 | ---- | M] () -- C:\Users\JASON\AppData\Local\dt.dat
    [2012/08/09 15:47:48 | 000,777,257 | ---- | M] () -- C:\Users\JASON\Desktop\Storage space S. Orleans.JPG
    [2012/08/08 11:11:11 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\72999610.sys
    [2012/08/01 15:46:58 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/08/01 15:46:57 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [19 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/27 10:27:50 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJASON.job
    [2012/08/25 12:58:51 | 000,166,967 | ---- | C] () -- C:\Users\JASON\Desktop\freehampton.pdf
    [2012/08/24 16:15:35 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2012/08/18 18:46:24 | 000,644,339 | ---- | C] () -- C:\Users\JASON\Desktop\specialoffer$33.pdf
    [2012/08/18 18:46:23 | 000,153,799 | ---- | C] () -- C:\Users\JASON\Desktop\clicksure$33.pdf
    [2012/08/14 11:31:38 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\kxhaBH20.sys
    [2012/08/14 11:19:45 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\JmUjk3Ai.sys
    [2012/08/14 11:18:14 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\sS43NcfQ.sys
    [2012/08/10 19:56:55 | 000,027,520 | ---- | C] () -- C:\Users\JASON\AppData\Local\dt.dat
    [2012/08/09 15:47:39 | 000,777,257 | ---- | C] () -- C:\Users\JASON\Desktop\Storage space S. Orleans.JPG
    [2012/08/07 20:29:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/07 20:29:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/07 20:29:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/07 20:29:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/07 20:29:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/04 19:38:26 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
    [2012/03/16 14:32:55 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2011/12/25 13:40:14 | 000,000,132 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/24 19:00:00 | 000,000,132 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2011/12/20 21:04:39 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2011/12/20 21:04:39 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2011/12/20 21:03:05 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3070CW.INI
    [2011/12/20 21:02:24 | 000,000,328 | ---- | C] () -- C:\Windows\Brownie.ini
    [2011/12/18 22:51:22 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
    [2011/11/16 14:46:22 | 000,001,456 | ---- | C] () -- C:\Users\JASON\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/10/04 09:09:22 | 000,000,600 | ---- | C] () -- C:\Users\JASON\AppData\Local\PUTTY.RND
    [2011/08/19 20:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config
    [2011/06/08 15:38:53 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
    [2011/06/07 00:20:10 | 000,001,854 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\GhostObjGAFix.xml
    [2011/03/17 20:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/02/15 19:06:21 | 000,777,968 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/09 23:35:30 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2011/02/09 23:35:30 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2011/02/09 23:34:40 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
    [2011/02/09 23:31:09 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
    [2011/02/09 23:23:18 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2011/02/06 21:30:37 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/01/11 21:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2010/12/14 22:00:30 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2010/12/14 21:45:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/09/21 11:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >
    [19 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/26 18:52:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/26 18:52:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/26 18:52:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/26 18:52:32 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/26 18:52:32 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/26 18:52:32 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/08/14 11:26:24 | 000,035,712 | ---- | M] () -- C:\Windows\system32\drivers\JmUjk3Ai.sys
    [2012/08/14 11:33:34 | 000,035,712 | ---- | M] () -- C:\Windows\system32\drivers\kxhaBH20.sys
    [2012/08/14 11:26:35 | 000,035,712 | ---- | M] () -- C:\Windows\system32\drivers\sS43NcfQ.sys

    < %systemroot%\System32\config\*.sav >

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [19 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2011/12/31 01:03:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip
    [2011/12/18 22:59:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ABBYY FineReader for ScanSnap
    [2012/02/17 21:45:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acoolsoft
    [2011/12/13 17:04:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
    [2011/11/15 22:54:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Download Assistant
    [2011/12/14 10:54:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Story
    [2012/01/23 00:53:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Android
    [2011/07/02 17:43:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
    [2010/12/14 22:00:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
    [2011/09/29 17:33:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
    [2011/10/11 20:19:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
    [2011/12/20 21:03:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brother
    [2011/12/20 21:03:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brownie
    [2011/07/02 22:08:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Carbonite
    [2012/08/21 09:53:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
    [2012/08/26 17:30:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
    [2012/05/06 15:24:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
    [2010/12/14 22:07:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
    [2011/03/06 22:40:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Feedback Tool
    [2011/12/18 23:58:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Fujitsu
    [2012/03/31 11:48:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GameTap Web Player
    [2012/03/31 23:30:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
    [2011/12/06 11:01:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
    [2011/12/26 01:52:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HMA! Pro VPN
    [2010/12/14 22:01:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
    [2010/12/14 22:20:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
    [2012/02/11 23:44:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iLivid
    [2012/02/05 12:55:22 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/08/16 03:22:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
    [2011/12/19 00:44:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intuit
    [2012/07/24 14:45:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
    [2011/12/19 00:06:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
    [2010/12/14 22:23:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-NFB Reading Technology Inc
    [2011/12/19 00:09:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\KnowledgeLake
    [2012/08/06 19:28:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/04/26 20:10:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
    [2011/02/19 21:42:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2012/02/15 03:19:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
    [2011/07/01 16:26:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft LifeCam
    [2011/02/21 09:03:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
    [2012/06/13 13:15:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012/06/16 09:01:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server
    [2010/12/14 22:26:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2012/05/04 14:52:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
    [2010/12/14 22:14:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
    [2012/06/16 09:03:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
    [2011/02/06 21:30:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
    [2011/12/13 16:43:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\My Company Name
    [2011/02/06 20:30:52 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
    [2011/12/18 22:50:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PFU
    [2010/12/14 22:23:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayReady
    [2012/07/24 14:37:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
    [2012/02/08 18:46:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Rankerizer
    [2010/12/14 21:57:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
    [2012/03/12 22:49:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Retrogamer_4wEI
    [2012/07/24 14:47:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
    [2012/02/10 14:51:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
    [2011/02/09 23:30:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ScanSoft
    [2012/08/24 16:15:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Stamps.com Internet Postage
    [2011/10/26 05:31:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
    [2010/12/14 21:57:58 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
    [2012/07/14 17:58:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\UnHackMe
    [2009/07/13 21:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
    [2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
    [2011/03/31 06:01:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
    [2011/06/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
    [2011/06/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
    [2011/06/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
    [2011/06/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
    [2011/06/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
    [2011/12/22 15:33:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zint

    < %appdata%\*.* >
    [2012/01/24 18:51:40 | 000,000,132 | ---- | M] () -- C:\Users\JASON\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2012/01/11 02:44:53 | 000,000,132 | ---- | M] () -- C:\Users\JASON\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/06/07 00:20:10 | 000,001,854 | ---- | M] () -- C:\Users\JASON\AppData\Roaming\GhostObjGAFix.xml

    < MD5 for: AFD.SYS >
    [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
    [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [2011/04/24 19:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
    [2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
    [2011/12/27 21:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
    [2010/11/20 02:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
    [2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
    [2011/04/24 19:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\erdnt\cache86\cryptsvc.dll
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
    [2010/11/20 06:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
    [2012/04/23 21:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
    [2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\erdnt\cache64\cryptsvc.dll
    [2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
    [2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
    [2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
    [2009/07/13 18:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
    [2009/07/13 18:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
    [2010/11/20 05:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
    [2012/04/23 22:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
    [2012/04/23 22:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
    [2012/04/23 22:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
    [2012/04/23 21:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll
  16. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    < MD5 for: DNSRSLVR.DLL >
    [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
    [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
    [2009/07/13 18:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
    [2011/03/02 23:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
    [2011/03/02 23:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
    [2010/11/20 06:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
    [2011/03/02 23:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2012/08/17 15:27:53 | 000,008,728 | ---- | M] () MD5=328868A14EB90E6A8EA9F3FC59FC49BB -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\Locales\es.dll
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\erdnt\cache64\es.dll
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
    [2012/08/13 21:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache86\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

    < MD5 for: EXPLORER.EXE >
    [2010/12/14 22:31:49 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2010/12/14 22:33:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2010/12/14 22:31:49 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
    [2010/12/14 22:30:24 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/12/14 22:33:34 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2010/12/14 22:30:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2010/12/14 22:33:34 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2010/12/14 22:30:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2010/12/14 22:33:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2010/12/14 22:31:49 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
    [2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2010/12/14 22:30:24 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
    [2010/12/14 22:31:49 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
    [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
    [2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
    [2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\erdnt\cache64\netman.dll
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

    < MD5 for: QMGR.DLL >
    [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
    [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
    [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
    [2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
    [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
    [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
    [2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2011/04/24 22:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
    [2011/09/29 10:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
    [2010/11/20 06:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
    [2011/06/20 23:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
    [2010/12/14 22:35:25 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
    [2012/03/30 03:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
    [2011/04/24 22:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
    [2012/03/30 04:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
    [2012/03/30 03:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
    [2010/12/14 22:35:25 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
    [2009/07/13 18:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
    [2011/04/24 22:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
    [2011/06/20 23:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
    [2011/09/29 09:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
    [2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\erdnt\cache64\tcpip.sys
    [2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
    [2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
    [2011/04/24 23:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
    [2011/06/20 23:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
    [2011/06/20 23:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
    [2011/09/29 09:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
    [2011/09/29 09:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

    < MD5 for: TDX.SYS >
    [2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
    [2010/11/20 02:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\erdnt\cache64\tdx.sys
    [2010/11/20 02:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
    [2010/11/20 02:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
    [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
    [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
    [2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
    [2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
    [2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2010/12/14 22:33:34 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2010/12/14 22:33:34 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
    [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll
    [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2010/12/20 23:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
    [2010/12/20 23:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
    [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
    [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
    [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 956 bytes -> C:\ProgramData\Microsoft:9HnKuYp3w468hj00UUv3m3nkr
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 1106 bytes -> C:\Users\JASON\AppData\Local\NXI98iAF:KGfkAh4MzXmeNxnbs6On9C0NSYPU
    @Alternate Data Stream - 1105 bytes -> C:\ProgramData\Microsoft:1PM9NNTpP24GbmWz3BIvCVkKV
    < End of report >
  17. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    Here is the Extras log:

    OTL Extras logfile created on: 8/28/2012 7:04:59 AM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\JASON\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 47.05% Memory free
    7.50 Gb Paging File | 5.02 Gb Available in Paging File | 66.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 685.29 Gb Total Space | 122.67 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
    Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

    Computer Name: HPDESKTOP1 | User Name: JASON | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01D49ADF-FC5A-47AB-A5D3-833770E2A339}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1076BF36-3DF1-4863-B54C-A1A462C0BEE5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{18F84D9D-3EF6-4AA7-B8AA-F75BF64A99C9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{25E46292-173E-4038-A45F-85C3E4939047}" = rport=137 | protocol=17 | dir=out | app=system |
    "{27B1410A-B072-4886-8D1A-8E2019C53B9A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{306D5DAE-A919-43E6-BBBA-011D160D4F0D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{44500B49-B6E8-45F8-BB4A-C6DE0FA43EE0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{62BE62E1-B847-4FFE-9EF5-E41415BF56B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
    "{63F86D94-0653-4CDB-8974-70B431D647DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6DFE9AF4-2FA8-4217-8DDE-11BABB336616}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{77F068AF-9D30-400C-8883-778A2076BF9A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{82C41F07-0299-4847-9D00-6E082CA6E2C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{83110E19-0AA6-4A8C-9A54-44D98B281BBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8E98CBF7-404D-4F3F-A5EE-930D33B076F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
    "{9EA86A80-B660-46DE-B968-C2FC6822170D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{A2E84BB8-7CD8-46DD-977F-404C2FFB4D72}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{A8B390D7-A402-4FE1-973E-83C6B3EE483A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A9337DBC-12C7-4081-B2C9-6F69AF44EE56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B7744E6E-5EA3-40DC-876B-CC110842542D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BB3CD1A3-3E18-4916-B01C-BA08B79DF181}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C440395D-CAFC-4B67-ACD7-DD259F1BC98D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{C56A7532-A07B-46D5-84F2-D6600137E22D}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{C88FD477-E3F7-4202-B7BE-5145891ED557}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{D2E273D5-707A-4098-8C99-1EE34DB3E0DA}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D5733C2C-6287-401F-A8AA-51B62441D52E}" = rport=138 | protocol=17 | dir=out | app=system |
    "{D60C25DD-BAE9-43C3-9534-7E1B1F0FD964}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{D8E78F29-359E-4408-A99A-25CF65D77FB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DCA46FB3-B1CF-4028-9D3A-1F94D344C8F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{DFFE459C-7F4E-4CE8-96F9-282AA264FFCB}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
    "{E2BBB142-E310-4360-85FD-EF6211ADFDD3}" = lport=138 | protocol=17 | dir=in | app=system |
    "{E5C0BEB4-5A13-4F96-A5C0-735A5EF1BA99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{EF190BF4-1F1E-4564-8682-1FC4177E51EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{F76F5E00-5D31-4FD6-9F4F-E7C81D00D337}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FD0A2C99-AEC1-46A5-B670-11D7F6A80329}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FE0E2C38-79A6-4E14-8515-B658E52BCD9E}" = rport=10243 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01C84143-67A4-4344-98BA-3573623327DF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{01F72810-D83D-4A28-8900-C6B7D7FEA9A7}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{052A3F65-B9D4-4441-BACE-4C56EBB6ACE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{05DF2148-84A4-4EAB-BD8B-8F949F3DC73E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{0615D0A7-550F-435C-88D0-88E0F6543E9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0652DB3A-6483-45DD-8D70-C96BC3F327E6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{06A78366-3141-443F-B81C-43F58949A099}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{07E735F4-DB12-4F52-834E-310CD7B69C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{07E86F7F-FD5B-4E72-ADF4-2AD0C06CC3BD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{08F8337E-9C41-4E9B-9888-5D75D1107130}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
    "{0ED7BFD3-C722-4E28-B655-25DFC66622F0}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
    "{0FCBB655-8569-4B79-AF2B-2E4355E17BD7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{111F8383-96C9-4730-8377-470716789963}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{16ABD3F8-B5DD-402C-93E8-12F86C8B598A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{16F3B5DF-7B9D-44BC-A304-44E9920B41BC}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
    "{1997D491-EBBA-48B7-B597-A97D15DD9CF8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{1ADB016D-DA72-4263-9672-CD06F37B7D29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1AE47323-6766-4571-B9E6-1D7428ADB79C}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
    "{1B67343F-9F42-4428-AE67-950A0A94B39A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{23F6C7C4-C090-4238-97FB-7727B24865B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{277BCD41-1599-4CED-A662-F726B64E2CC1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
    "{28703671-4E1F-4600-BDD6-01DE64031387}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{2AF870F0-567D-4B91-8016-D802D47DDCD0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{2FB41ED1-7FC6-4470-A8D6-17CE57061C2C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{310D26A1-FA0A-4C93-8674-A5EF64FE0682}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{3351EC73-E644-41A0-882A-B352D62437F5}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{34B7112E-3805-4101-96EB-4F3EBA89382F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{3A58FB19-352F-4586-9937-D130EFB886DC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3ED614DE-D1E2-4935-A20A-409B4A3C7F36}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
    "{40C23292-000C-4B16-9926-5315DACA0304}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{443998D1-ADA3-48F9-AD45-561E07FF7EB7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
    "{4813772D-6658-4AFA-80E7-A37580DCB7A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
    "{4A7C04BB-5616-4136-8F9E-27CB0F75A3F3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{4A9562A2-FF18-480E-A1D3-EFDEEE86F15C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{4E150914-94D0-4E61-BA68-A63B19AA32FA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{5257B234-E9D5-4915-B80E-41464BA46615}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\g2_626\g2viewer.exe |
    "{525CAF1E-0506-4DF0-B857-B5DCB76831BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{535B6F95-3DC7-472E-8310-0CC7CA147DC3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{588367B3-C7AD-4E5B-BDB9-FFD917DA4187}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
    "{5EAD5EE0-7207-4A44-9CF5-02349042AA7D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{655DBBFC-0CA1-4B9D-AAAB-7D237F65A008}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{665ACC7E-EE85-4D07-96AF-6FD22A09E814}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{68AB4A64-2298-4644-AFD0-DB701488180E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
    "{6A2F0BD9-00F5-4F4E-A3CC-5A538236A754}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6EF71F6C-6C49-4138-B510-8D726A833F92}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{6F25EBC1-4BB8-4EE2-A7DE-CC41140FC4E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{70486F4D-840A-4CAC-8A2D-C60D1CA22C81}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
    "{70F9B166-9B75-484A-AD70-928C41D694E9}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe |
    "{7714F13C-CDAB-4A2F-B3DD-B21DDF504AF9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{7B2C1851-26B1-4912-91ED-F1020244F42C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{7B739655-086D-4AFA-993E-AA0E44FF48EE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
    "{7C9FD207-2D31-4943-93B6-4C6BEAB8CC30}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe |
    "{7F0BD12B-4581-4849-8D03-7575B3B0312F}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
    "{7F29C807-C502-4108-B56A-5EFE2F0E4D83}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
    "{801F152C-EC2C-4AD3-85F0-151261D5950D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{81B970AD-B4A6-4E7D-8525-2F8E6F128E98}" = protocol=58 | dir=in | app=system |
    "{81CDEEFF-71DB-4825-8F64-BA7FE51990BA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{847E942F-F811-4643-BDD0-7987A021897D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{859B6665-17FB-423C-845E-DB1F4459B911}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe |
    "{86A6F991-5474-44AD-A917-D00E8CA98CC4}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{86AEC113-2669-4C33-BC81-EDA0EDB08870}" = protocol=6 | dir=out | app=system |
    "{8720E5F4-F143-4EB6-907C-D8CEB86AF13E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{8BA6D546-E750-4756-8E8F-838081D9D891}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{8BFA304E-509C-45B9-829F-9E9F86BB7F5A}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\sqlservr.exe |
    "{8FF6F71F-EA48-4E9C-B5F6-ED72D5B4EFC1}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{90196968-2E60-4BFE-8025-B0E0842B8A2F}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "{94A87F0B-9D26-4CFF-AA16-BF13B314A77C}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
    "{9898BF78-48FF-4BCA-A467-DAE65C04DAFB}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "{9C3F1FD6-52D1-409A-9004-E5CE971F929C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9DEC4DFF-3575-412B-945D-B5B4021C04A7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A0EF66EA-7DA9-42C1-8D54-588A56BAF450}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{A3313A18-71B4-4A11-837E-427C2270D731}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AB9A4ACD-1269-4150-B5B2-DECAA75D9B30}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\g2_626\g2viewer.exe |
    "{B0C61480-FED6-4995-BF01-ED3C95AA403A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{B298765A-612F-431C-BD04-A95134C0F888}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe |
    "{B4862E5C-284C-40D4-9F52-FDE7B13EBEEF}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
    "{B5935D07-DC6A-4B46-AB7B-1ECA4120FDC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BBDAAD49-FC60-4DD8-A9D3-20F79188B200}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
    "{BF685152-318D-4A80-8ECB-E26D1BD2B932}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{C73FDDD5-C4A3-431E-8A1C-CC4FF2748590}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{CACBB77F-3126-4470-8FEF-EEC9D476DD16}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CB311226-7764-4507-BEAB-19377C920F19}" = protocol=17 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\sqlservr.exe |
    "{CBAC0E0C-0737-424C-9EA1-AC03C27776FC}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
    "{CD4AF809-92AA-4BD7-82CE-723E75AA21D0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
    "{CD58BB3C-361B-4A23-9B94-4CFB94A7EBB9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{CF43BF07-9193-4638-BE9C-92450AA0E77F}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\sqlservr.exe |
    "{D61AB43A-DC77-4FFC-BE85-943FD0DEB563}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{D8BE1FD1-3C56-426F-AD04-617377670B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{DAD2116F-2D15-42F5-AB3E-82E254C47878}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{DAF4CA11-6BFD-4A0F-B867-7B37C6D2B74C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{DF2BC37A-6488-4D40-9D28-1A45FAE782B7}" = protocol=17 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\sqlservr.exe |
    "{E052DE9E-7338-477A-AD79-7DFB820CA0B7}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
    "{EDA9C4CA-35CE-4E3C-AEB2-0A2C21D99EBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EDE1A5A0-FD2A-4470-8731-2A9B3AF24C8D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{F631C29D-F27F-4B83-BDDC-5CF07DFE2FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{FC35CE5B-8897-45B0-B6E7-174781872BEA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{FC978277-4903-4333-A2B7-B47FD8AD57DC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
    "{FDAC2D62-ED7D-42BE-8C77-253DA3F24D98}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
    "{FF75A32F-F31D-4776-93E4-A52B4A758A18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "TCP Query User{0C793902-8CBC-4379-BC0E-97917B4CE2D3}C:\program files (x86)\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\intelli-studio\istudio.exe |
    "TCP Query User{10E01893-ACF7-4F42-944E-D405C1882CD3}C:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe |
    "TCP Query User{167535E7-B69C-4052-823B-0098D4FF4904}C:\users\jason\appdata\local\temp\g2_626\g2viewer.exe" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\g2_626\g2viewer.exe |
    "TCP Query User{57595274-E59C-47D6-8DCC-303E1A41C493}C:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
    "TCP Query User{6A85C0D4-E9C7-482C-B043-2D1D684B3C22}C:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe |
    "TCP Query User{87FA1076-8889-4771-B626-B3E43925C36B}C:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
    "TCP Query User{B3910F16-4BA4-4B94-A61A-BAFC55BAAAD7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{77F7592F-B206-4DF0-B5C2-5463D35BE06E}C:\program files (x86)\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\intelli-studio\istudio.exe |
    "UDP Query User{79D8184F-82C9-43AB-8BE2-105A42820612}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{9E0BF960-D586-436F-BABB-BCE9C34CC2B1}C:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe |
    "UDP Query User{B8DD9739-FDBF-4300-AC78-E49A14352E57}C:\users\jason\appdata\local\temp\g2_626\g2viewer.exe" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\g2_626\g2viewer.exe |
    "UDP Query User{CFF957D2-D0E6-4493-B927-2C9AAB80009A}C:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe |
    "UDP Query User{D221F6FC-5006-4A6F-9D57-AFF2FAE1E115}C:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
    "UDP Query User{DC89DDA0-9C08-4493-BE2A-E2CEE8984E51}C:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
  18. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{23307B09-6A15-4790-9E64-461CE6D7F8CB}_is1" = ShipWorks® 3.1.21.3248
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
    "{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
    "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{746006B4-6350-4820-B9BA-4C09AFA908F4}" = MyFax® Print-to-Fax Assistant 64bit
    "{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
    "AVG" = AVG 2012
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
    "{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F1DD733-AFC4-46B8-803A-05B027F94C25}" = Brother HL-3070CW
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0FFD15DD-B6B7-4F1E-8764-9DD1FED7DC0A}" = ProSeries User's Guide 2010
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2181214D-1954-4C60-91FD-EEA7EBB32022}" = QuickBooks Premier: Accountant Edition 2012
    "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
    "{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
    "{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
    "{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3689AE99-D747-4505-8C50-B6DECCD751E0}" = ScanSnap Organizer
    "{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
    "{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
    "{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
    "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
    "{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
    "{72887F99-63B9-4e73-8C1B-D5057597BF49}" = Stamps.com Address Book Support for Windows Contacts for Vista
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
    "{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
    "{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83F6FD59-DA89-4A2B-B5F6-8D87B2288687}" = Scan to Microsoft SharePoint
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E404AA6-7C63-4D95-B8D2-72256ABB6A9E}" = Stamps.com Address Book Support for Outlook Express, Works, IE
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
    "{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B8BC84AF-F167-9107-03CF-5DB87DE6D0DA}" = Adobe Story
    "{BB586E51-4876-4BB2-91EC-5CB3D0C38145}" = CardMinder V4.1
    "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
    "{BF90863B-BF23-4293-89F0-19EF85E2B170}" = ScanSnap Organizer
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CC08084A-3CB3-44C5-8D9B-04E2E299612A}" = ScanSnap
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000-2010
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D00324C0-5343-4917-BF1E-D5E45D22B7E8}" = Stamps.com Address Book Support for Common Harmony
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder
    "{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
    "{D61C1058-EDC7-48D0-85B2-B322BE385059}" = Stamps.com Address Book Support for Microsoft Outlook 97-2010
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
    "{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
    "{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
    "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
    "{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
    "{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
    "{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
    "{FA0092C2-C0FE-40DA-A79E-E4C0FCA129F9}" = Intuit Entitlement Client
    "{FB410000-0002-0000-0000-074957833700}" = ABBYY FineReader for ScanSnap (TM) 4.1
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "7-Zip" = 7-Zip 9.20
    "Acoolsoft PPT to Video Pro_is1" = Acoolsoft PPT to Video Pro 3.2.7
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Android SDK Tools" = Android SDK Tools
    "Carbonite Backup" = Carbonite
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
    "com.adobe.dmp.contentviewer" = Adobe Content Viewer
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
    "Data Transfer Utility 11" = Data Transfer Utility 11
    "Google Chrome" = Google Chrome
    "HMA! Pro VPN" = HMA! Pro VPN 2.6.9
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Intelli-studio" = SAMSUNG Intelli-studio
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "My HP Game Console" = HP Game Console
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Office14.SingleImage" = Microsoft Office Home and Business 2010
    "ProSeries 2010" = ProSeries 2010
    "Stamps.com" = Stamps.com
    "Stamps.com support for Harmony" = Stamps.com support for Harmony
    "Stamps.com support for Microsoft Outlook 2000-2010" = Stamps.com support for Microsoft Outlook 2000-2010
    "Stamps.com support for Microsoft Outlook 97-2010" = Stamps.com support for Microsoft Outlook 97-2010
    "Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
    "Stamps.com support for Outlook Express, Works, IE" = Stamps.com support for Outlook Express, Works, IE
    "Stamps.com support for Windows Contacts for Vista" = Stamps.com support for Windows Contacts for Vista
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089299" = Mystery P.I. - The London Caper
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "Zint" = Zint

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 5.1.0.880

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/27/2012 5:47:30 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000031a40
    Faulting
    process id: 0xecc Faulting application start time: 0x01cd84915440e04f Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: ccb22f85-f090-11e1-ae3c-64315024e3ab

    Error - 8/27/2012 6:44:22 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x00000000000533b7
    Faulting
    process id: 0x1aa0 Faulting application start time: 0x01cd849d8f54320e Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: be6b20da-f098-11e1-ae3c-64315024e3ab

    Error - 8/27/2012 7:52:07 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x00000000000533b7
    Faulting
    process id: 0xedc Faulting application start time: 0x01cd84a58111e624 Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 3559817e-f0a2-11e1-ae3c-64315024e3ab

    Error - 8/27/2012 9:35:25 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000031a40
    Faulting
    process id: 0x1b28 Faulting application start time: 0x01cd84aef8327679 Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: a3a66fda-f0b0-11e1-ae3c-64315024e3ab

    Error - 8/27/2012 11:23:12 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: dbghelp.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7c5ac Exception code: 0xc0000005 Fault offset: 0x0000000000018791
    Faulting
    process id: 0x1efc Faulting application start time: 0x01cd84bd7807f6c2 Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\system32\dbghelp.dll Report Id: b2490fd5-f0bf-11e1-ae3c-64315024e3ab

    Error - 8/27/2012 11:53:02 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: WS2_32.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7ba68 Exception code: 0xc0000005 Fault offset: 0x00006fb2 Faulting
    process id: 0x1f44 Faulting application start time: 0x01cd84d09e65bf45 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\syswow64\WS2_32.dll Report Id: dd4c16e6-f0c3-11e1-ae3c-64315024e3ab

    Error - 8/28/2012 1:00:26 AM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000031a40
    Faulting
    process id: 0x18e4 Faulting application start time: 0x01cd84cc7556a046 Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 47a00aec-f0cd-11e1-ae3c-64315024e3ab

    Error - 8/28/2012 2:44:20 AM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: dbghelp.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7c5ac Exception code: 0xc0000005 Fault offset: 0x0000000000018791
    Faulting
    process id: 0x1948 Faulting application start time: 0x01cd84da1d26f99d Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\system32\dbghelp.dll Report Id: cb5d90b5-f0db-11e1-ae3c-64315024e3ab

    Error - 8/28/2012 5:04:40 AM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000031a40
    Faulting
    process id: 0x19dc Faulting application start time: 0x01cd84e89fbfb625 Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 6613bf3b-f0ef-11e1-ae3c-64315024e3ab

    Error - 8/28/2012 10:19:05 AM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000031a40
    Faulting
    process id: 0x1a68 Faulting application start time: 0x01cd84fc288fabbf Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 527e2a24-f11b-11e1-ae3c-64315024e3ab

    [ Hewlett-Packard Events ]
    Error - 7/13/2012 7:52:34 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:44:37 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:54:00 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:54:00 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:54:57 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:55:12 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:55:45 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:56:34 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:58:30 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/6/2012 1:52:13 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    [ System Events ]
    Error - 8/27/2012 11:24:13 PM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the CarboniteService service,
    but this action failed with the following error: %%1056

    Error - 8/28/2012 1:00:29 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7031
    Description = The CarboniteService service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 8/28/2012 1:01:29 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the CarboniteService service,
    but this action failed with the following error: %%1056

    Error - 8/28/2012 2:44:21 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7031
    Description = The CarboniteService service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 8/28/2012 2:45:21 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the CarboniteService service,
    but this action failed with the following error: %%1056

    Error - 8/28/2012 5:04:41 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7031
    Description = The CarboniteService service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 8/28/2012 5:05:41 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the CarboniteService service,
    but this action failed with the following error: %%1056

    Error - 8/28/2012 9:55:58 AM | Computer Name = HPDESKTOP1 | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 80.

    Error - 8/28/2012 10:19:07 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7031
    Description = The CarboniteService service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 8/28/2012 10:20:07 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the CarboniteService service,
    but this action failed with the following error: %%1056


    < End of report >
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :OTL
      DRV - [2012/08/14 11:33:34 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\kxhaBH20.sys -- (kxhaBH20)
      DRV - [2012/08/14 11:26:35 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\sS43NcfQ.sys -- (sS43NcfQ)
      DRV - [2012/08/14 11:26:24 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\JmUjk3Ai.sys -- (JmUjk3Ai)
      IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
      IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
      IE - HKLM\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/myweb...&n=77ed2945&psa=&st=sb&searchfor={searchTerms}
      IE - HKCU\..\SearchScopes\{0BDAF422-7CB0-42AC-80C2-3A279B3CACF5}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
      IE - HKCU\..\SearchScopes\{15B78E6B-5A75-48FB-A917-52B4309A4D42}: "URL" =
      IE - HKCU\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/myweb...&n=77ed2945&psa=&st=sb&searchfor={searchTerms}
      O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O4 - HKCU..\Run: [AdobeBridge] File not found
      [2012/08/24 16:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
      [2012/08/24 16:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BE3DA6A-4249-4BEC-9AE7-CA0EA247E62C}
      [2012/08/24 16:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}
      [2012/08/24 16:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
      [2012/08/24 16:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
      [2012/08/24 16:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D}
      [2012/08/24 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
      @Alternate Data Stream - 956 bytes -> C:\ProgramData\Microsoft:9HnKuYp3w468hj00UUv3m3nkr
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
      @Alternate Data Stream - 1106 bytes -> C:\Users\JASON\AppData\Local\NXI98iAF:KGfkAh4MzXmeNxnbs6On9C0NSYPU
      @Alternate Data Stream - 1105 bytes -> C:\ProgramData\Microsoft:1PM9NNTpP24GbmWz3BIvCVkKV

      :commands
      [emptytemp]
      [reboot]

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
  20. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    Hi DMJ - Ran the OTL but still have the virus. Here is the Log: Thanks again.

    All processes killed
    ========== OTL ==========
    Service kxhaBH20 stopped successfully!
    Service kxhaBH20 deleted successfully!
    C:\Windows\SysWOW64\drivers\kxhaBH20.sys moved successfully.
    Service sS43NcfQ stopped successfully!
    Service sS43NcfQ deleted successfully!
    C:\Windows\SysWOW64\drivers\sS43NcfQ.sys moved successfully.
    Service JmUjk3Ai stopped successfully!
    Service JmUjk3Ai deleted successfully!
    C:\Windows\SysWOW64\drivers\JmUjk3Ai.sys moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BDAF422-7CB0-42AC-80C2-3A279B3CACF5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDAF422-7CB0-42AC-80C2-3A279B3CACF5}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15B78E6B-5A75-48FB-A917-52B4309A4D42}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B78E6B-5A75-48FB-A917-52B4309A4D42}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
    C:\ProgramData\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7} folder moved successfully.
    C:\ProgramData\{9BE3DA6A-4249-4BEC-9AE7-CA0EA247E62C} folder moved successfully.
    C:\ProgramData\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666} folder moved successfully.
    C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E} folder moved successfully.
    C:\ProgramData\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C} folder moved successfully.
    C:\ProgramData\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D} folder moved successfully.
    C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22} folder moved successfully.
    ADS C:\ProgramData\Microsoft:9HnKuYp3w468hj00UUv3m3nkr deleted successfully.
    ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
    ADS C:\Users\JASON\AppData\Local\NXI98iAF:KGfkAh4MzXmeNxnbs6On9C0NSYPU deleted successfully.
    ADS C:\ProgramData\Microsoft:1PM9NNTpP24GbmWz3BIvCVkKV deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: JASON
    ->Temp folder emptied: 10087942 bytes
    ->Temporary Internet Files folder emptied: 632463574 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 380184751 bytes
    ->Apple Safari cache emptied: 37400576 bytes
    ->Flash cache emptied: 57606 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 107552 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1906216 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
    RecycleBin emptied: 140755 bytes

    Total Files Cleaned = 1,013.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 08302012_134717
    Files\Folders moved on Reboot...
    C:\Users\JASON\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Windows\temp\msdtadmin\_D81F42AE-09B0-480C-8D0B-AA4A9FD1B8EF_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_5C677F6D-1494-42E4-A6E5-0B580FD1332C_\inuse moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\JASON\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Windows\temp\msdtadmin\_D81F42AE-09B0-480C-8D0B-AA4A9FD1B8EF_\inuse not found!
    File C:\Windows\temp\msdtadmin\_5C677F6D-1494-42E4-A6E5-0B580FD1332C_\inuse not found!
    Registry entries deleted on Reboot...
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  22. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    Hi DMJ-

    I still have the original Google Re-Direct Virus with the Random Audio Advertisments that I have always had. When you search on Google or Bing and click on a search result - you get redirected to various scam ads websites. Also radomly audio advertisments start playing on the computer (sound like radio ads). My AVG anti-virus program pops up about every 10 seconds with a treat detection from file C:\Windows\SysWOW64\user32.dll and says Virus found: Win32\Patched

    Besides this annoying virus my computer seems to be running normally.

    Thanks again.
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. Open OTL, copy and paste this to the Custom Scans/Fixes box:

    user32.dll
    %TEMP%\smtmp\*.* /s

    Then, hit the Run Scan button.

    Post any logs in your next reply.
  24. Jason Miller

    Jason Miller Newcomer, in training Topic Starter Posts: 37

    Here is the scan:

    OTL logfile created on: 9/2/2012 7:20:04 PM - Run 2
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\JASON\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 57.35% Memory free
    7.50 Gb Paging File | 5.62 Gb Available in Paging File | 75.02% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 685.29 Gb Total Space | 123.60 Gb Free Space | 18.04% Space Free | Partition Type: NTFS
    Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

    Computer Name: HPDESKTOP1 | User Name: JASON | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/27 13:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/20 14:46:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JASON\Desktop\OTL.exe
    PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/02/23 15:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/01/31 14:43:34 | 000,048,128 | ---- | M] (FS) -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
    PRC - [2011/12/06 09:48:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/10/01 11:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/06/30 16:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2011/04/22 20:28:46 | 001,081,344 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
    PRC - [2011/03/28 20:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/03/03 23:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2011/01/19 15:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
    PRC - [2009/09/30 13:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
    PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2008/10/20 17:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brownie\BRNIPMON.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/25 01:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/25 01:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/08 16:53:48 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
    MOD - [2011/03/16 18:30:58 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
    MOD - [2010/08/24 19:56:50 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
    MOD - [2008/11/12 18:32:30 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
    MOD - [2003/03/26 21:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/06/30 06:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/03/03 23:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
    SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/05/20 18:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2012/01/31 14:43:34 | 000,048,128 | ---- | M] (FS) [Auto | Running] -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe -- (SpyroService)
    SRV - [2011/12/06 09:48:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/10/01 11:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 11:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/07/13 07:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2011/06/30 16:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2011/06/21 18:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/03/28 20:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/07/24 00:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/08 11:11:11 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\72999610.sys -- (72999610)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/02/15 14:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/10/01 11:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 11:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 11:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 11:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/07/13 07:00:14 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2011/06/30 08:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/06/30 06:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/06/17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/18 21:13:36 | 000,024,992 | ---- | M] (Windows (R) DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vad.sys -- (VAD_DEV)
    DRV:64bit: - [2010/09/02 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/08/13 06:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2010/08/13 06:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2010/07/21 20:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2010/05/20 18:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2010/03/10 08:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/14 22:24:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/21 07:54:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/12/13 16:48:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/21 23:03:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/21 07:52:37 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AVG Safe Search = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
    CHR - Extension: AVG Do Not Track = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
    CHR - Extension: Gmail = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/08/26 18:41:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF49D771-4EDE-4A85-B771-E1CDD3CA87C1}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb2 - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/31 18:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FS
    [2012/08/31 18:48:31 | 000,000,000 | ---D | C] -- C:\Users\JASON\AppData\Local\Downloaded Installations
    [2012/08/31 18:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\FS
    [2012/08/30 13:47:17 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/08/26 19:33:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/26 18:41:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/24 16:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
    [2012/08/21 22:57:50 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Vendio
    [2012/08/21 22:57:28 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Virus
    [2012/08/21 22:52:00 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/08/21 22:51:41 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2012/08/21 22:51:40 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/08/21 22:51:38 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/08/21 22:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/08/21 08:56:22 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Bourne Creative SEO Course
    [2012/08/16 03:04:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/08/16 03:04:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/08/16 03:04:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/08/16 03:04:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/08/16 03:04:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/08/16 03:04:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/08/16 03:04:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/08/16 03:04:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/08/16 03:04:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/08/16 03:04:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/08/16 03:04:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/08/16 03:04:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/08/16 03:04:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/08/15 04:24:36 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
    [2012/08/15 04:24:32 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2012/08/15 04:24:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2012/08/15 04:24:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
    [2012/08/15 04:24:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
    [2012/08/15 04:24:31 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
    [2012/08/15 04:24:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
    [2012/08/15 04:24:29 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
    [2012/08/14 11:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\unhook
    [2012/08/14 11:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE
    [2012/08/11 21:31:01 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\72999610.sys
    [2012/08/11 09:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/08/07 20:29:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/07 20:29:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/07 20:29:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/06 19:29:28 | 000,000,000 | ---D | C] -- C:\Users\JASON\AppData\Roaming\Malwarebytes
    [2012/08/06 19:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/06 19:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/06 19:28:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/06 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/02 19:17:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/02 19:17:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/02 19:13:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/02 19:10:19 | 093,556,287 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/09/02 19:07:01 | 000,000,328 | ---- | M] () -- C:\Windows\Brownie.ini
    [2012/09/02 19:06:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/02 19:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/02 19:04:55 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/02 17:08:46 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
    [2012/09/01 12:52:57 | 000,000,036 | -H-- | M] () -- C:\Windows\SysWow64\f9t.dat
    [2012/09/01 08:42:57 | 000,043,520 | ---- | M] () -- C:\Users\JASON\Desktop\Backup of Jason Miller - Resume.wbk
    [2012/08/31 18:49:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
    [2012/08/31 04:15:23 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/30 18:57:44 | 000,628,825 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/08/30 14:04:40 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJASON.job
    [2012/08/26 18:41:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/25 12:58:51 | 000,166,967 | ---- | M] () -- C:\Users\JASON\Desktop\freehampton.pdf
    [2012/08/24 16:15:35 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2012/08/23 17:10:13 | 004,736,524 | R--- | M] (Swearware) -- C:\Users\JASON\Desktop\ComboFix.exe
    [2012/08/21 23:03:22 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    [2012/08/21 22:51:30 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
    [2012/08/21 22:51:30 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
    [2012/08/21 22:51:30 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/08/21 22:51:30 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/08/21 22:51:30 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/08/21 22:51:30 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2012/08/20 22:03:51 | 000,001,033 | ---- | M] () -- C:\Users\JASON\Desktop\Rankerizer.lnk
    [2012/08/19 16:13:26 | 000,000,000 | ---- | M] () -- C:\Users\JASON\Documents\Nuance Image Printer Writer Port
    [2012/08/18 18:46:24 | 000,644,339 | ---- | M] () -- C:\Users\JASON\Desktop\specialoffer$33.pdf
    [2012/08/18 18:46:23 | 000,153,799 | ---- | M] () -- C:\Users\JASON\Desktop\clicksure$33.pdf
    [2012/08/16 03:29:09 | 016,274,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/16 03:03:38 | 000,000,372 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/08/10 19:56:55 | 000,027,520 | ---- | M] () -- C:\Users\JASON\AppData\Local\dt.dat
    [2012/08/09 15:47:48 | 000,777,257 | ---- | M] () -- C:\Users\JASON\Desktop\Storage space S. Orleans.JPG
    [2012/08/08 11:11:11 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\72999610.sys
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/01 08:20:25 | 000,043,520 | ---- | C] () -- C:\Users\JASON\Desktop\Backup of Jason Miller - Resume.wbk
    [2012/08/31 18:49:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
    [2012/08/27 10:27:50 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJASON.job
    [2012/08/25 12:58:51 | 000,166,967 | ---- | C] () -- C:\Users\JASON\Desktop\freehampton.pdf
    [2012/08/24 16:15:35 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2012/08/18 18:46:24 | 000,644,339 | ---- | C] () -- C:\Users\JASON\Desktop\specialoffer$33.pdf
    [2012/08/18 18:46:23 | 000,153,799 | ---- | C] () -- C:\Users\JASON\Desktop\clicksure$33.pdf
    [2012/08/10 19:56:55 | 000,027,520 | ---- | C] () -- C:\Users\JASON\AppData\Local\dt.dat
    [2012/08/09 15:47:39 | 000,777,257 | ---- | C] () -- C:\Users\JASON\Desktop\Storage space S. Orleans.JPG
    [2012/08/07 20:29:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/07 20:29:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/07 20:29:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/07 20:29:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/07 20:29:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/04 19:38:26 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
    [2012/03/16 14:32:55 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2011/12/25 13:40:14 | 000,000,132 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/24 19:00:00 | 000,000,132 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2011/12/20 21:04:39 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2011/12/20 21:04:39 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2011/12/20 21:03:05 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3070CW.INI
    [2011/12/20 21:02:24 | 000,000,328 | ---- | C] () -- C:\Windows\Brownie.ini
    [2011/12/18 22:51:22 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
    [2011/11/16 14:46:22 | 000,001,456 | ---- | C] () -- C:\Users\JASON\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/10/04 09:09:22 | 000,000,600 | ---- | C] () -- C:\Users\JASON\AppData\Local\PUTTY.RND
    [2011/08/19 20:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config
    [2011/06/08 15:38:53 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
    [2011/06/07 00:20:10 | 000,001,854 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\GhostObjGAFix.xml
    [2011/03/17 20:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/02/15 19:06:21 | 000,777,968 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/09 23:35:30 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2011/02/09 23:35:30 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2011/02/09 23:34:40 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
    [2011/02/09 23:31:09 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
    [2011/02/09 23:23:18 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2011/02/06 21:30:37 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/01/11 21:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2010/12/14 22:00:30 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2010/12/14 21:45:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/09/21 11:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

    ========== Custom Scans ==========

    < user32.dll >

    < %TEMP%\smtmp\*.* /s >
    < End of report >
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Open OTL, click the None button...copy and paste this to the Custom Scans/Fixes box and hit Run Scan:

    user32.* /md5


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.