TechSpot

Win32/patched Google redirect virus removal

By Jason Miller
Aug 7, 2012
  1. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    New log from ComboFix

    We would like to see a ☆new log☆ from ComboFix. Please find the ComboFix icon on your Desktop, and double-click on it. Once it finishes running, post the new log.
     
  2. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    Here is the new ComboFix Log. Thanks again.

    ComboFix 12-08-22.03 - JASON 08/23/2012 17:14:23.4.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1638 [GMT -7:00]
    Running from: c:\users\JASON\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\regebaa.tmp
    c:\users\JASON\g2mdlhlpx.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-24 to 2012-08-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-24 00:30 . 2012-08-24 00:30--------d-----w-c:\users\Public\AppData\Local\temp
    2012-08-24 00:30 . 2012-08-24 00:30--------d-----w-c:\users\Default\AppData\Local\temp
    2012-08-22 05:52 . 2012-08-22 05:51289768----a-w-c:\windows\system32\javaws.exe
    2012-08-22 05:51 . 2012-08-22 05:51108008----a-w-c:\windows\system32\WindowsAccessBridge-64.dll
    2012-08-22 05:51 . 2012-08-22 05:51189416----a-w-c:\windows\system32\javaw.exe
    2012-08-22 05:51 . 2012-08-22 05:51188904----a-w-c:\windows\system32\java.exe
    2012-08-22 05:51 . 2012-08-22 05:51--------d-----w-c:\program files\Java
    2012-08-16 10:05 . 2012-08-16 10:05--------d-----w-c:\users\Default\AppData\Local\Microsoft Help
    2012-08-15 11:24 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
    2012-08-15 11:24 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
    2012-08-15 11:24 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
    2012-08-15 11:24 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
    2012-08-15 11:24 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
    2012-08-15 11:24 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
    2012-08-15 11:24 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2012-08-15 11:24 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2012-08-15 11:24 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2012-08-15 11:24 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2012-08-15 11:24 . 2012-07-18 18:153148800----a-w-c:\windows\system32\win32k.sys
    2012-08-15 11:24 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
    2012-08-14 18:31 . 2012-08-14 18:3335712----a-w-c:\windows\SysWow64\drivers\kxhaBH20.sys
    2012-08-14 18:31 . 2012-08-14 18:33--------d-----w-c:\program files\unhook
    2012-08-14 18:19 . 2012-08-14 18:2635712----a-w-c:\windows\SysWow64\drivers\JmUjk3Ai.sys
    2012-08-14 18:18 . 2012-08-14 18:2635712----a-w-c:\windows\SysWow64\drivers\sS43NcfQ.sys
    2012-08-12 04:31 . 2012-08-08 18:11460888----a-w-c:\windows\system32\drivers\72999610.sys
    2012-08-11 16:53 . 2012-08-11 16:53--------d-----w-c:\programdata\Kaspersky Lab
    2012-08-10 20:05 . 2012-08-10 20:050----a-w-c:\windows\SysWow64\sho2CEA.tmp
    2012-08-10 18:33 . 2012-08-10 18:330----a-w-c:\windows\SysWow64\sho26C6.tmp
    2012-08-10 00:11 . 2012-08-10 00:110----a-w-c:\windows\SysWow64\shoA071.tmp
    2012-08-07 02:29 . 2012-08-07 02:29--------d-----w-c:\users\JASON\AppData\Roaming\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28--------d-----w-c:\programdata\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-07 02:28 . 2012-07-03 20:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-22 05:51 . 2012-01-23 07:47916456----a-w-c:\windows\system32\deployJava1.dll
    2012-08-22 05:51 . 2012-01-23 07:471034216----a-w-c:\windows\system32\npdeployJava1.dll
    2012-08-16 10:00 . 2011-02-08 03:1162134624----a-w-c:\windows\system32\MRT.exe
    2012-08-01 22:46 . 2012-04-05 08:41426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-01 22:46 . 2011-05-18 18:0370344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-24 21:53 . 2012-07-24 21:530----a-w-c:\windows\SysWow64\sho8F12.tmp
    2012-07-16 19:35 . 2012-07-16 19:350----a-w-c:\windows\SysWow64\sho61F2.tmp
    2012-07-15 18:41 . 2012-07-15 18:410----a-w-c:\windows\SysWow64\sho1C27.tmp
    2012-07-08 05:24 . 2012-07-08 05:240----a-w-c:\windows\SysWow64\shoD2A7.tmp
    2012-06-16 16:12 . 2012-06-16 16:120----a-w-c:\windows\SysWow64\sho8934.tmp
    2012-06-09 05:43 . 2012-07-15 06:1214172672----a-w-c:\windows\system32\shell32.dll
    2012-06-06 15:49 . 2012-06-06 15:491070152----a-w-c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06 . 2012-07-15 06:122004480----a-w-c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-15 06:121881600----a-w-c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-15 06:111133568----a-w-c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-15 06:121390080----a-w-c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-15 06:121236992----a-w-c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-15 06:11805376----a-w-c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-22 07:2138424----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 07:222428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 07:2257880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 07:2244056----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 07:20186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-22 07:21701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 07:222622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 07:2036864----a-w-c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-22 07:2199840----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 05:50 . 2012-07-15 06:12458704----a-w-c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-15 06:1295600----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-15 06:12151920----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-15 06:12340992----a-w-c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-15 06:12307200----a-w-c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-15 06:1222016----a-w-c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-15 06:12225280----a-w-c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-15 06:12219136----a-w-c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-15 06:1296768----a-w-c:\windows\SysWow64\sspicli.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-20 . 58877D39A2D4E120CEE1EFF4DAD3D3FD . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-08-10_00.15.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-15 11:24 . 2012-07-04 21:1657344 c:\windows\SysWOW64\netapi32.dll
    + 2012-08-16 10:04 . 2012-06-29 00:0173216 c:\windows\SysWOW64\mshtmled.dll
    - 2012-07-15 18:37 . 2012-06-02 08:1773216 c:\windows\SysWOW64\mshtmled.dll
    - 2012-07-15 18:37 . 2012-06-02 08:2266048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    + 2012-08-16 10:04 . 2012-06-29 00:0666048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    + 2012-08-16 10:04 . 2012-06-29 00:0665024 c:\windows\SysWOW64\jsproxy.dll
    - 2012-07-15 18:37 . 2012-06-02 08:2165024 c:\windows\SysWOW64\jsproxy.dll
    - 2012-08-07 02:59 . 2012-08-07 02:5925094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2012-08-24 03:41 . 2012-08-24 03:4125094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-07-04 18:36 . 2012-08-09 23:0916384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-07-04 18:36 . 2012-08-24 00:1116384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-08-23 05:04 . 2012-08-23 05:0741472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC482F11-ECDF-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-18 15:47 . 2012-08-18 15:4833280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC1F5989-E94B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-22 05:41 . 2012-08-22 05:4830720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F873664B-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 05:05 . 2012-08-16 05:0612288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F218BCA0-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:05 . 2012-08-16 05:0612288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F218BC9F-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 15:37 . 2012-08-20 15:3765536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFEE9D7F-EADC-11E1-B291-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:0615360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7FD1207-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 04:42 . 2012-08-23 04:4829696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E671504C-ECDC-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 06:25 . 2012-08-20 06:2611776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2460DEA-EA8F-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 04:59 . 2012-08-14 05:0410240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0028F39-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-17 09:06 . 2012-08-17 09:0910240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DE5B547D-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 18:54 . 2012-08-10 18:5514848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDF9796F-E31C-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-14 07:58 . 2012-08-14 08:0493184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D94A1750-E5E5-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 07:22 . 2012-08-14 07:2729184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7DF4C10-E5E0-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 07:22 . 2012-08-14 07:2731744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7DF4C0E-E5E0-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:0615360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7B9EE8E-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:44 . 2012-08-10 19:4889600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D38552AE-E323-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-23 04:41 . 2012-08-23 04:4822016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3026BC0-ECDC-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 04:58 . 2012-08-15 05:0437376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D26B5E5E-E695-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:0615360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D103DD9E-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:0615360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D103DD9C-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 17:36 . 2012-08-21 17:3792160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD6F4331-EBB6-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-23 05:02 . 2012-08-23 05:0728672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CCB97A86-ECDF-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-13 07:59 . 2012-08-13 08:0131744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6487FDD-E51C-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 18:39 . 2012-08-10 18:4014848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C4F199A2-E31A-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-17 05:02 . 2012-08-17 05:0856832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C05356D8-E828-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 07:08 . 2012-08-13 07:1324576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB81EF6D-E515-11E1-84A5-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:2812800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B698D8DC-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 05:03 . 2012-08-16 05:0615360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B5799B87-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:2838400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0635CA5-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 05:03 . 2012-08-16 05:0622016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF20ECFA-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 20:09 . 2012-08-18 20:1019456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB00F5FE-E970-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-15 07:34 . 2012-08-15 07:3814848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A6AF537A-E6AB-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 05:55 . 2012-08-14 05:5738400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4A2EA64-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:0622016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A28C188E-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 07:08 . 2012-08-13 07:1311776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A1143905-E515-11E1-84A5-64315024E3AB}.dat
    + 2012-08-21 04:06 . 2012-08-21 04:0718944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A02CA918-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-19 04:44 . 2012-08-19 04:4721504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9AFF21B6-E9B8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 05:01 . 2012-08-17 05:0624064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97279204-E828-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:08 . 2012-08-12 23:1110240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{95E3631F-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-13 09:52 . 2012-08-13 09:5242496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8ED594CF-E52C-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 05:54 . 2012-08-14 05:5739936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B0FF47F-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:0639424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8ADDD821-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:0625600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8ADDD820-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:14 . 2012-08-10 19:1513824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{896CF68B-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-19 07:07 . 2012-08-19 07:1268096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85842197-E9CC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 01:22 . 2012-08-20 01:2251200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85192DD7-EA65-11E1-B291-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:0612800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8450BF98-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:1738400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{827060CA-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:1513824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81D13845-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-12 21:55 . 2012-08-12 21:5618944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78194822-E4C8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-21 02:03 . 2012-08-21 02:0427136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{746D75A4-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-19 04:43 . 2012-08-19 04:4766048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7434B0EF-E9B8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 08:04 . 2012-08-13 08:0531744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{72A264D0-E51D-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:01 . 2012-08-16 05:0612288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A32F214-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:01 . 2012-08-16 05:0615872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A32F212-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 11:07 . 2012-08-21 11:1478336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{68088BCA-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-10 19:12 . 2012-08-10 19:1514336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5D383EC6-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-21 04:04 . 2012-08-21 04:0548640 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5BAD2353-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-19 07:27 . 2012-08-19 07:2717408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{59D59468-E9CF-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 04:48 . 2012-08-20 04:4928672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5652FA5C-EA82-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 05:02 . 2012-08-14 05:0423040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4F00C704-E5CD-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:00 . 2012-08-16 05:0612800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4AFC0E39-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:00 . 2012-08-16 05:0612800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4AFC0E37-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-11 04:52 . 2012-08-11 04:5919968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{49EEB601-E370-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 08:06 . 2012-08-16 08:0796256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{478D4BEE-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 04:56 . 2012-08-13 05:0374240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{465AD5AC-E503-11E1-84A5-64315024E3AB}.dat
    + 2012-08-17 05:06 . 2012-08-17 05:0810752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40FBD23F-E829-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 00:10 . 2012-08-13 00:1428672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F74682D-E4DB-11E1-AA63-64315024E3AB}.dat
    + 2012-08-21 09:04 . 2012-08-21 09:0410240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3740E744-EB6F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-20 04:47 . 2012-08-20 04:4826624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3704DD73-EA82-11E1-B291-64315024E3AB}.dat
    + 2012-08-21 04:03 . 2012-08-21 04:0420992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34CE3510-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-10 19:11 . 2012-08-10 19:1512800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{31FBAC23-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-18 15:48 . 2012-08-18 15:5486528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B3E82E7-E94C-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 05:07 . 2012-08-21 05:0948640 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{27F76F68-EB4E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 09:08 . 2012-08-17 09:0810240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{250AF511-E84B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 04:45 . 2012-08-21 04:5116896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1344E621-EB4B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 05:05 . 2012-08-16 05:0612288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D8A9472-E760-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 15:47 . 2012-08-18 15:4821504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{075B2DAC-E94C-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 05:05 . 2012-08-16 05:0612288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{03420DAD-E760-11E1-8084-64315024E3AB}.dat
    + 2012-07-04 18:33 . 2012-08-23 11:0281920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-07-04 18:33 . 2012-08-09 23:0981920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2009-07-14 05:10 . 2012-08-24 03:4740292 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-07 03:46 . 2012-08-24 03:4714790 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4151112255-51104295-1799264657-1000_UserData.bin
    + 2011-09-05 17:04 . 2011-09-05 17:0437264 c:\windows\system32\spool\drivers\x64\3\ADREGP.DLL
    - 2010-10-26 01:13 . 2011-09-05 17:0437264 c:\windows\system32\spool\drivers\x64\3\ADREGP.DLL
    + 2011-09-05 17:04 . 2011-09-05 17:0424984 c:\windows\system32\spool\drivers\x64\3\AdobePDFUI.dll
    - 2010-10-26 01:13 . 2011-09-05 17:0424984 c:\windows\system32\spool\drivers\x64\3\AdobePDFUI.dll
    - 2010-10-26 01:13 . 2011-09-05 17:0553656 c:\windows\system32\spool\drivers\x64\3\AdobePdf.dll
    + 2011-09-05 17:05 . 2011-09-05 17:0553656 c:\windows\system32\spool\drivers\x64\3\AdobePdf.dll
    - 2012-07-15 18:37 . 2012-06-02 11:5796768 c:\windows\system32\mshtmled.dll
    + 2012-08-16 10:04 . 2012-06-29 03:4096768 c:\windows\system32\mshtmled.dll
    - 2012-07-15 18:37 . 2012-06-02 12:0386528 c:\windows\system32\migration\WininetPlugin.dll
    + 2012-08-16 10:04 . 2012-06-29 03:4686528 c:\windows\system32\migration\WininetPlugin.dll
    + 2012-08-16 10:04 . 2012-06-29 03:4585504 c:\windows\system32\jsproxy.dll
    - 2012-07-15 18:37 . 2012-06-02 12:0385504 c:\windows\system32\jsproxy.dll
    + 2009-07-14 05:30 . 2012-08-16 10:2286016 c:\windows\system32\DriverStore\infpub.dat
    - 2009-07-14 05:30 . 2012-07-24 21:4286016 c:\windows\system32\DriverStore\infpub.dat
    + 2011-07-12 23:32 . 2011-04-28 03:5480384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
    + 2009-07-14 00:06 . 2009-07-14 00:0641984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
    + 2011-02-07 04:31 . 2012-08-24 00:0816384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-07 04:31 . 2012-08-09 22:2116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-07 04:31 . 2012-08-24 00:0832768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-07 04:31 . 2012-08-09 22:2132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-24 00:0816384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-09 22:2116384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:46 . 2012-08-07 02:1794640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-07-14 04:46 . 2012-08-19 23:3094640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-02-20 04:46 . 2012-08-16 10:0534144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
    - 2011-02-20 04:46 . 2012-07-15 10:0634144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
    + 2011-02-20 04:46 . 2012-08-16 10:0543608 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
    - 2011-02-20 04:46 . 2012-07-15 10:0619296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-02-20 04:46 . 2012-08-16 10:0519296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
    + 2012-08-22 08:03 . 2012-08-23 05:093584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{CBD0FFEF-EC2F-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 05:09 . 2012-08-24 00:113584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{BACB6136-ECE0-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 05:09 . 2012-08-23 05:096656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{BACB6135-ECE0-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-24 00:11 . 2012-08-24 00:116144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{49EC3960-ED80-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 07:02 . 2012-08-20 07:075632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FA9FB2D2-EA94-11E1-B291-64315024E3AB}.dat
    + 2012-08-20 07:02 . 2012-08-20 07:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FA0C1D81-EA94-11E1-B291-64315024E3AB}.dat
    + 2012-08-22 05:41 . 2012-08-22 05:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F873664A-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 06:38 . 2012-08-16 06:395120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F6EDE423-E76C-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 03:02 . 2012-08-17 03:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F53A4D2D-E817-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 03:02 . 2012-08-17 03:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5201E09-E817-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-19 11:06 . 2012-08-19 11:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F51A7727-E9ED-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 14:29 . 2012-08-11 14:305120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5060DA4-E3C0-11E1-83B5-64315024E3AB}.dat
    + 2012-08-20 15:37 . 2012-08-20 15:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EFEE9D7E-EADC-11E1-B291-64315024E3AB}.dat
    + 2012-08-19 23:45 . 2012-08-19 23:465120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EF7D697C-EA57-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 16:04 . 2012-08-15 16:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EF36DB6C-E6F2-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 18:05 . 2012-08-16 18:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EE973283-E7CC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-23 00:17 . 2012-08-23 00:185120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EDA1B099-ECB7-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 22:30 . 2012-08-10 22:305120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EBFCAF34-E33A-11E1-83B5-64315024E3AB}.dat
    + 2012-08-19 23:45 . 2012-08-19 23:454608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E99A9562-EA57-11E1-B291-64315024E3AB}.dat
    + 2012-08-23 18:54 . 2012-08-23 18:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E8791CAA-ED53-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 07:07 . 2012-08-15 07:146144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E7B7F21B-E6A7-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 04:42 . 2012-08-23 04:485120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E671504B-ECDC-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-14 12:16 . 2012-08-14 12:175120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E232719D-E609-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 22:08 . 2012-08-16 22:085120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E1612DED-E7EE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 06:36 . 2012-08-17 06:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E086684D-E835-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 05:46 . 2012-08-17 05:495632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E0343BBF-E82E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 18:54 . 2012-08-10 18:544608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DDF9796E-E31C-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-21 07:07 . 2012-08-21 07:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DDE2DA7B-EB5E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 07:58 . 2012-08-14 08:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D94A174F-E5E5-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 04:07 . 2012-08-16 04:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D906B429-E757-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 02:18 . 2012-08-23 02:195120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D6AC76C6-ECC8-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-11 22:35 . 2012-08-11 22:353584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D6444550-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-20 04:45 . 2012-08-20 04:495632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D5777DEB-EA81-11E1-B291-64315024E3AB}.dat
    + 2012-08-18 20:03 . 2012-08-18 20:095120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D55BB180-E96F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 06:02 . 2012-08-21 06:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4B824A9-EB55-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-19 17:53 . 2012-08-19 17:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3DF2DBE-EA26-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-22 05:40 . 2012-08-22 05:403584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3894F52-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-23 04:41 . 2012-08-23 04:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3026BBF-ECDC-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-17 12:05 . 2012-08-17 12:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D2EFFE28-E863-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-15 04:58 . 2012-08-15 04:584608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D26B5E5D-E695-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 00:07 . 2012-08-13 00:104608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D0F18F05-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-21 17:36 . 2012-08-21 17:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CD6F4330-EBB6-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-22 05:39 . 2012-08-22 05:405120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB87CE87-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 23:57 . 2012-08-14 23:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C906DB62-E66B-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 01:05 . 2012-08-18 01:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C743650A-E8D0-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 15:14 . 2012-08-20 15:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C6CBABF0-EAD9-11E1-B291-64315024E3AB}.dat
    + 2012-08-13 18:14 . 2012-08-13 18:155120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5FDCFAD-E572-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 19:02 . 2012-08-15 19:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5EA8F63-E70B-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 09:03 . 2012-08-19 09:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C547E62C-E9DC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 18:39 . 2012-08-10 18:404608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C4F199A1-E31A-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-15 08:32 . 2012-08-15 08:335120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C3738091-E6B3-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 23:35 . 2012-08-20 23:355120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C3648E6C-EB1F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 03:42 . 2012-08-12 03:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BF5F0DDC-E42F-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 02:11 . 2012-08-16 02:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BB2B54E0-E747-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 07:11 . 2012-08-17 07:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B989C83E-E83A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 16:12 . 2012-08-13 16:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B91F4737-E561-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 06:53 . 2012-08-20 06:534608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B91BF00F-EA93-11E1-B291-64315024E3AB}.dat
    + 2012-08-11 07:03 . 2012-08-11 07:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B8FE51D3-E382-11E1-83B5-64315024E3AB}.dat
     
  3. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    + 2012-08-16 08:02 . 2012-08-16 08:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B791D8D9-E778-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 13:56 . 2012-08-19 13:575120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B627054F-EA05-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 01:03 . 2012-08-13 01:095120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B60A283C-E4E2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-16 04:06 . 2012-08-16 04:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B59F4691-E757-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 01:52 . 2012-08-14 01:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B524E97B-E5B2-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 09:03 . 2012-08-13 09:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B4FD4724-E525-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 09:30 . 2012-08-20 09:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B4C38EB4-EAA9-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 14:37 . 2012-08-15 14:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B347366D-E6E6-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:07 . 2012-08-10 19:158192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B1E2E688-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:286656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B0635CA4-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 18:14 . 2012-08-13 18:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B05F7053-E572-11E1-84A5-64315024E3AB}.dat
    + 2012-08-11 07:25 . 2012-08-11 07:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE887BE9-E385-11E1-83B5-64315024E3AB}.dat
    + 2012-08-14 01:52 . 2012-08-14 01:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ADF4E1C8-E5B2-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 23:10 . 2012-08-23 23:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ADDEFAD1-ED77-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 02:12 . 2012-08-15 02:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD05DDF8-E67E-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 03:18 . 2012-08-20 03:185120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ACE75F8A-EA75-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 07:21 . 2012-08-14 07:275120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB7300F2-E5E0-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 21:34 . 2012-08-13 21:355120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AABB3CB6-E58E-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 01:40 . 2012-08-12 01:405120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A9976AE9-E41E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-11 16:29 . 2012-08-11 16:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A7B32D08-E3D1-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 23:36 . 2012-08-13 23:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A7496527-E59F-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 22:29 . 2012-08-15 22:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A655CBBA-E728-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 21:34 . 2012-08-13 21:355120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A620F38F-E58E-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 06:58 . 2012-08-15 06:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A5324001-E6A6-11E1-8084-64315024E3AB}.dat
    + 2012-08-12 03:41 . 2012-08-12 03:413584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A49298E9-E42F-11E1-83B5-64315024E3AB}.dat
    + 2012-08-14 07:07 . 2012-08-14 07:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4719944-E5DE-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 19:01 . 2012-08-15 19:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A2A36A9B-E70B-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 04:06 . 2012-08-21 04:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A02CA917-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 21:16 . 2012-08-16 21:163584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9CB7903F-E7E7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-18 15:44 . 2012-08-18 15:474608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9B1039C9-E94B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 10:47 . 2012-08-21 10:485120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9B0C30FB-EB7D-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 22:25 . 2012-08-12 22:254608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9AFD112D-E4CC-11E1-AA63-64315024E3AB}.dat
    + 2012-08-16 02:10 . 2012-08-16 02:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9A4B0793-E747-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 14:28 . 2012-08-16 14:285120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{985D2CA8-E7AE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 05:01 . 2012-08-17 05:064608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{97DEDBF9-E828-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 02:04 . 2012-08-21 02:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{97BCAB89-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-23 16:42 . 2012-08-23 16:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9765CF14-ED41-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-17 05:01 . 2012-08-17 05:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{97279203-E828-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 19:42 . 2012-08-10 19:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{96996773-E323-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-16 14:28 . 2012-08-16 14:285120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{965FC62D-E7AE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-23 06:05 . 2012-08-23 06:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{953B0E88-ECE8-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 02:04 . 2012-08-21 02:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{94E1E514-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 22:37 . 2012-08-14 22:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93B059E8-E660-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 02:02 . 2012-08-17 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9326D93C-E80F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 02:02 . 2012-08-17 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{930CAA18-E80F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 13:29 . 2012-08-11 13:305120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92C57584-E3B8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 01:57 . 2012-08-15 01:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9097305A-E67C-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 00:05 . 2012-08-13 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8EDC3B59-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-13 09:52 . 2012-08-13 09:525120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8ED594CE-E52C-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 15:31 . 2012-08-23 15:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8B303988-ED37-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 04:13 . 2012-08-15 04:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{884811E0-E68F-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 19:09 . 2012-08-14 19:094608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{882F2F65-E643-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 00:05 . 2012-08-13 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{87AE9506-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-14 04:57 . 2012-08-14 05:025632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{87284517-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-19 07:07 . 2012-08-19 07:114608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{85842196-E9CC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 14:58 . 2012-08-14 14:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{85413DED-E620-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 07:03 . 2012-08-22 07:095632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{83D4DF53-EC27-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-12 23:57 . 2012-08-13 00:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{833782C2-E4D9-11E1-AA63-64315024E3AB}.dat
    + 2012-08-15 10:32 . 2012-08-15 10:325120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8300DB52-E6C4-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 09:04 . 2012-08-17 09:087168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8278BE84-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 10:02 . 2012-08-16 10:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7F784023-E789-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 20:13 . 2012-08-14 20:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7F4401CC-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 05:00 . 2012-08-23 05:044608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7EAACF18-ECDF-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-13 07:57 . 2012-08-13 07:594608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7E674B5E-E51C-11E1-84A5-64315024E3AB}.dat
    + 2012-08-19 22:44 . 2012-08-19 22:455120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D2B1804-EA4F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:07 . 2012-08-12 23:073584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C77CA5C-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-14 17:00 . 2012-08-14 17:005120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B57E3A1-E631-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 20:13 . 2012-08-14 20:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B35C5EA-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 01:22 . 2012-08-20 01:225120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A6B238B-EA65-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 15:04 . 2012-08-15 15:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{79E41CFF-E6EA-11E1-8084-64315024E3AB}.dat
    + 2012-08-12 21:55 . 2012-08-12 21:565120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78194821-E4C8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-23 10:36 . 2012-08-23 10:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{75729A06-ED0E-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 02:03 . 2012-08-21 02:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{746D75A3-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-22 09:19 . 2012-08-22 09:194608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73BB1115-EC3A-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 23:53 . 2012-08-21 23:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73471294-EBEB-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 05:02 . 2012-08-21 05:095120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{704769B2-EB4D-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 22:38 . 2012-08-12 22:384608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6EFDEE40-E4CE-11E1-AA63-64315024E3AB}.dat
    + 2012-08-13 18:55 . 2012-08-13 18:555120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6D2E6070-E578-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 19:55 . 2012-08-23 19:555120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6B4B93FC-ED5C-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 01:18 . 2012-08-23 01:185120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{69B0D051-ECC0-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 11:07 . 2012-08-21 11:145632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{68088BC9-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-20 06:22 . 2012-08-20 06:265120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{62D945FC-EA8F-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 12:41 . 2012-08-14 12:415120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61331522-E60D-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 14:40 . 2012-08-22 14:415120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{60A152C8-EC67-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 19:12 . 2012-08-10 19:174608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5F63B26C-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-18 00:05 . 2012-08-18 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5ECCFD98-E8C8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 20:17 . 2012-08-16 20:173584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E99B36C-E7DF-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 02:03 . 2012-08-21 02:034608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5D3D2EF0-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 05:53 . 2012-08-14 05:575632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5C5E6BE2-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-21 04:04 . 2012-08-21 04:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5BAD2352-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-13 07:06 . 2012-08-13 07:124608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5B5DD4A6-E515-11E1-84A5-64315024E3AB}.dat
    + 2012-08-21 17:33 . 2012-08-21 17:335120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5ACF15D5-EBB6-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-15 07:32 . 2012-08-15 07:344608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5A6CEF7C-E6AB-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 07:27 . 2012-08-19 07:274608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{59D59467-E9CF-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 04:02 . 2012-08-17 04:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{58A11C41-E820-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 15:12 . 2012-08-13 15:124608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5370EC57-E559-11E1-84A5-64315024E3AB}.dat
    + 2012-08-17 05:35 . 2012-08-17 05:354608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5367728B-E82D-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 19:11 . 2012-08-17 19:114608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{523C7974-E89F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 00:48 . 2012-08-11 00:495120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5234A066-E34E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-11 23:43 . 2012-08-11 23:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{506E015A-E40E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-19 16:52 . 2012-08-19 16:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{50699A5F-EA1E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 22:31 . 2012-08-11 22:313584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4F824929-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 21:21 . 2012-08-16 21:215120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4F3F5CCE-E7E8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 21:21 . 2012-08-16 21:225120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4F0253C8-E7E8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 07:03 . 2012-08-21 07:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E732F57-EB5E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-11 04:52 . 2012-08-11 04:524608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{49EEB600-E370-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 09:33 . 2012-08-15 09:345120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4974A3A7-E6BC-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 02:05 . 2012-08-19 02:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{485E00EE-E9A2-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-15 13:15 . 2012-08-15 13:165120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4832E999-E6DB-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 04:56 . 2012-08-13 04:575632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{465AD5AB-E503-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 06:11 . 2012-08-22 06:175120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{422E0014-EC20-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 09:33 . 2012-08-15 09:345632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{418D51FF-E6BC-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 20:34 . 2012-08-13 20:345120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4009FD7D-E586-11E1-84A5-64315024E3AB}.dat
    + 2012-08-11 22:31 . 2012-08-11 22:313584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F971558-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 22:35 . 2012-08-13 22:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F0702CD-E597-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 21:54 . 2012-08-12 21:543584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F013A85-E4C8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 17:13 . 2012-08-13 17:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3CE9E2CB-E56A-11E1-84A5-64315024E3AB}.dat
    + 2012-08-11 22:31 . 2012-08-11 22:314608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3C8A51FB-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-20 05:45 . 2012-08-20 05:465120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{39FDF26D-EA8A-11E1-B291-64315024E3AB}.dat
    + 2012-08-18 17:57 . 2012-08-18 17:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{39B01376-E95E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 12:05 . 2012-08-13 12:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{398BF9F2-E53F-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 03:01 . 2012-08-13 03:024608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{398B4C78-E4F3-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 20:51 . 2012-08-10 20:524608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{398B40F5-E32D-11E1-83B5-64315024E3AB}.dat
    + 2012-08-19 04:42 . 2012-08-19 04:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{38A2869C-E9B8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 09:04 . 2012-08-21 09:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3740E743-EB6F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-22 09:03 . 2012-08-22 09:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{36D501BF-EC38-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 19:26 . 2012-08-10 19:265120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{36BFC681-E321-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-14 07:54 . 2012-08-14 07:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{36B79C3C-E5E5-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 05:58 . 2012-08-15 05:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{36217FAB-E69E-11E1-8084-64315024E3AB}.dat
    + 2012-08-22 22:03 . 2012-08-22 22:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34EAE3A0-ECA5-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 04:03 . 2012-08-21 04:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34CE350F-EB45-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 00:12 . 2012-08-17 00:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{340F60CE-E800-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 20:11 . 2012-08-14 20:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{33D73581-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 21:28 . 2012-08-15 21:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{31A5C77B-E720-11E1-8084-64315024E3AB}.dat
    + 2012-08-24 00:11 . 2012-08-24 00:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{30A62E59-ED80-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 08:11 . 2012-08-23 08:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{30588ABB-ECFA-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 00:57 . 2012-08-15 00:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2CB144AB-E674-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 05:17 . 2012-08-19 05:225120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2BEDA037-E9BD-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 11:11 . 2012-08-16 11:124608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2B797EAA-E793-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-18 15:48 . 2012-08-18 15:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2B3E82E6-E94C-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 20:52 . 2012-08-21 20:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{277938F2-EBD2-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 03:12 . 2012-08-16 03:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{26DC8B48-E750-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 02:52 . 2012-08-14 02:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{26298ACA-E5BB-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 22:09 . 2012-08-23 22:095120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{24ACC165-ED6F-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 01:25 . 2012-08-21 01:265120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{243D1A28-EB2F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-11 12:29 . 2012-08-11 12:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{23FBF766-E3B0-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 03:13 . 2012-08-15 03:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2362A268-E687-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 03:46 . 2012-08-23 03:475120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{22821DC2-ECD5-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 04:09 . 2012-08-16 04:095120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{22438250-E758-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 21:40 . 2012-08-17 21:405120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2241DE70-E8B4-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 02:52 . 2012-08-14 02:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{21B2F647-E5BB-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 04:59 . 2012-08-16 05:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{219299B8-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 01:10 . 2012-08-16 01:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1F893F6F-E73F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 04:59 . 2012-08-16 05:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1E284547-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 09:02 . 2012-08-16 09:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1CFDCF2D-E781-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 21:44 . 2012-08-19 21:455120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1AF84192-EA47-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:04 . 2012-08-12 23:116656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1A1A94B1-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-16 15:29 . 2012-08-16 15:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19F3A21C-E7B7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 15:29 . 2012-08-16 15:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19E09719-E7B7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 03:05 . 2012-08-21 03:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19A322DA-EB3D-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-22 10:49 . 2012-08-22 10:505120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1984B160-EC47-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-22 02:43 . 2012-08-22 02:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1850F51E-EC03-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-20 10:30 . 2012-08-20 10:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16E79650-EAB2-11E1-B291-64315024E3AB}.dat
    + 2012-08-12 02:40 . 2012-08-12 02:415120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{143F339D-E427-11E1-83B5-64315024E3AB}.dat
    + 2012-08-10 19:25 . 2012-08-10 19:255120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13F207E7-E321-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-21 04:45 . 2012-08-21 04:515120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1344E620-EB4B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-11 08:10 . 2012-08-11 08:175120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{131B4C2E-E38C-11E1-83B5-64315024E3AB}.dat
    + 2012-08-18 02:26 . 2012-08-18 02:265120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1280EFC5-E8DC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 13:58 . 2012-08-14 13:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1243F8E4-E618-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 21:57 . 2012-08-20 21:574608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1159C06D-EB12-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 15:15 . 2012-08-21 15:165120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{10AFAF7E-EBA3-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 13:56 . 2012-08-21 13:575120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0F5CB119-EB98-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 13:27 . 2012-08-16 13:275120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0F116272-E7A6-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 20:10 . 2012-08-14 20:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E568282-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 08:01 . 2012-08-13 08:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E4D5878-E51D-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 04:53 . 2012-08-14 04:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0E4502E7-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 20:36 . 2012-08-22 20:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0D657772-EC99-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-14 00:50 . 2012-08-14 00:515120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{093176AF-E5AA-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 07:22 . 2012-08-15 07:265120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{039D2A91-E6AA-11E1-8084-64315024E3AB}.dat
    + 2012-08-11 07:05 . 2012-08-11 07:107168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FF68AE8C-E382-11E1-83B5-64315024E3AB}.dat
    + 2012-08-18 20:04 . 2012-08-18 20:056144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC049B81-E96F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 07:02 . 2012-08-20 07:024096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA0C1D82-EA94-11E1-B291-64315024E3AB}.dat
    + 2012-08-19 07:10 . 2012-08-19 07:105632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9668CBB-E9CC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 19:09 . 2012-08-10 19:157168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F8E0E063-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-22 07:07 . 2012-08-22 07:106144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F7BC2A55-EC27-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 06:38 . 2012-08-16 06:396144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F6EDE424-E76C-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 23:45 . 2012-08-19 23:456144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F59816AA-EA57-11E1-B291-64315024E3AB}.dat
    + 2012-08-17 03:02 . 2012-08-17 03:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F53A4D2E-E817-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 03:02 . 2012-08-17 03:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F5201E0A-E817-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-19 11:06 . 2012-08-19 11:076656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F51A7728-E9ED-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 14:29 . 2012-08-11 14:305120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F5060DA5-E3C0-11E1-83B5-64315024E3AB}.dat
    + 2012-08-21 11:11 . 2012-08-21 11:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F3DF0805-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 23:10 . 2012-08-12 23:116656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0D33F20-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-12 23:10 . 2012-08-12 23:105632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0D33F1F-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-10 19:09 . 2012-08-10 19:098192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F06DAAB8-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:09 . 2012-08-10 19:157168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F06DAAB6-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-19 23:45 . 2012-08-19 23:465120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF7D697D-EA57-11E1-B291-64315024E3AB}.dat
     
  4. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    + 2012-08-15 16:04 . 2012-08-15 16:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF36DB6D-E6F2-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 18:05 . 2012-08-16 18:054096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EE973284-E7CC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-23 00:17 . 2012-08-23 00:186144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EDA1B09A-ECB7-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-17 09:07 . 2012-08-17 09:087680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ECB713D1-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 09:07 . 2012-08-17 09:089216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ECB713D0-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 22:30 . 2012-08-10 22:304608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EBFCAF35-E33A-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 07:10 . 2012-08-13 07:105632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EA4C2F62-E515-11E1-84A5-64315024E3AB}.dat
    + 2012-08-19 23:45 . 2012-08-19 23:456144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E99A9563-EA57-11E1-B291-64315024E3AB}.dat
    + 2012-08-23 18:54 . 2012-08-23 18:546656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E8791CAB-ED53-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:044096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7FD1206-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:044096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7FD1204-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:16 . 2012-08-10 19:165632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E782EAA7-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-21 11:11 . 2012-08-21 11:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2E8BDF0-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 12:16 . 2012-08-14 12:176144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E232719E-E609-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 22:08 . 2012-08-16 22:085632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1612DEE-E7EE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 06:36 . 2012-08-17 06:364608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E086684E-E835-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:10 . 2012-08-12 23:104096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E07232F6-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-11 07:05 . 2012-08-11 07:056656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DE97C5B0-E382-11E1-83B5-64315024E3AB}.dat
    + 2012-08-21 07:07 . 2012-08-21 07:074608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDE2DA7C-EB5E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-15 07:14 . 2012-08-15 07:146144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBB63F25-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 07:14 . 2012-08-15 07:146656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBB63F1E-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 04:07 . 2012-08-16 04:074608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D906B42A-E757-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 08:03 . 2012-08-16 08:067168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D70109E3-E778-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 02:18 . 2012-08-23 02:195632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6AC76C7-ECC8-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-11 22:35 . 2012-08-11 22:354608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6444551-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-22 05:40 . 2012-08-22 05:404608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D58B7889-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 06:02 . 2012-08-21 06:036656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4B824AA-EB55-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-15 07:14 . 2012-08-15 07:146656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D49CD222-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:08 . 2012-08-10 19:156144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D44CAB54-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-12 23:09 . 2012-08-12 23:116656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D402ACDD-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-19 17:53 . 2012-08-19 17:546656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3DF2DBF-EA26-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-22 05:40 . 2012-08-22 05:404608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3894F53-EC1B-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 12:05 . 2012-08-17 12:054608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D2EFFE29-E863-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 09:06 . 2012-08-17 09:089216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D2BFF7FE-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 09:06 . 2012-08-17 09:087680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D2BFF7FD-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 18:40 . 2012-08-10 18:406144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D220F8DF-E31A-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-16 05:04 . 2012-08-16 05:044096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D103DD9F-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 11:10 . 2012-08-21 11:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D048BA3E-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 23:57 . 2012-08-14 23:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C906DB63-E66B-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 01:05 . 2012-08-18 01:065632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C743650B-E8D0-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 15:14 . 2012-08-20 15:147680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6CBABF1-EAD9-11E1-B291-64315024E3AB}.dat
    + 2012-08-13 18:14 . 2012-08-13 18:155120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C5FDCFAE-E572-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 19:02 . 2012-08-15 19:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C5EA8F64-E70B-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 09:03 . 2012-08-19 09:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C547E62D-E9DC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-15 08:32 . 2012-08-15 08:335120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3738092-E6B3-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 23:35 . 2012-08-20 23:357680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3648E6D-EB1F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 03:42 . 2012-08-12 03:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BF5F0DDD-E42F-11E1-83B5-64315024E3AB}.dat
    + 2012-08-14 05:56 . 2012-08-14 05:567680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BDCCC827-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 05:56 . 2012-08-14 05:567680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BDCCC826-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 02:11 . 2012-08-16 02:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB2B54E1-E747-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 07:13 . 2012-08-15 07:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BA20CCEB-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 07:11 . 2012-08-17 07:114608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B989C83F-E83A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 16:12 . 2012-08-13 16:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B91F4738-E561-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 06:53 . 2012-08-20 06:538704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B91BF010-EA93-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 04:58 . 2012-08-14 04:584608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B79D718E-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:283584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B698D8E0-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:284096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B698D8DB-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-19 13:56 . 2012-08-19 13:575632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B6270550-EA05-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 04:06 . 2012-08-16 04:064608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B59F4692-E757-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 01:52 . 2012-08-14 01:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B524E97C-E5B2-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 09:03 . 2012-08-13 09:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B4FD4725-E525-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 09:30 . 2012-08-20 09:316656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B4C38EB5-EAA9-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 14:37 . 2012-08-15 14:375120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B347366E-E6E6-11E1-8084-64315024E3AB}.dat
    + 2012-08-11 07:11 . 2012-08-11 07:116144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0F7D424-E383-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 07:13 . 2012-08-15 07:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0ED038D-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-11 11:28 . 2012-08-11 11:288192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0635CA7-E3A7-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 18:14 . 2012-08-13 18:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B05F7054-E572-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 05:03 . 2012-08-16 05:034096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF20ECF9-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 09:05 . 2012-08-17 09:058704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE262D44-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 09:05 . 2012-08-17 09:087168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE262D43-E84A-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 01:52 . 2012-08-14 01:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADF4E1C9-E5B2-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 23:10 . 2012-08-23 23:106656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADDEFAD2-ED77-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 02:12 . 2012-08-15 02:124608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AD05DDF9-E67E-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 03:18 . 2012-08-20 03:186656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ACE75F8B-EA75-11E1-B291-64315024E3AB}.dat
    + 2012-08-18 20:09 . 2012-08-18 20:095632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB00F5FC-E970-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 21:34 . 2012-08-13 21:355120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AABB3CB7-E58E-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 01:40 . 2012-08-12 01:405120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A9976AEA-E41E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-11 16:29 . 2012-08-11 16:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7B32D09-E3D1-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 23:36 . 2012-08-13 23:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7496528-E59F-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 22:29 . 2012-08-15 22:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A655CBBB-E728-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 21:34 . 2012-08-13 21:354608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A620F390-E58E-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 19:14 . 2012-08-10 19:145632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5FFEF99-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:14 . 2012-08-10 19:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5FFEF98-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:14 . 2012-08-10 19:145632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5FFEF96-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:024096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5BD5BA1-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 06:58 . 2012-08-15 06:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5324002-E6A6-11E1-8084-64315024E3AB}.dat
    + 2012-08-12 03:41 . 2012-08-12 03:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A49298EA-E42F-11E1-83B5-64315024E3AB}.dat
    + 2012-08-14 07:07 . 2012-08-14 07:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4719945-E5DE-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 19:01 . 2012-08-15 19:025120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A2A36A9C-E70B-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 21:16 . 2012-08-16 21:164608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9CB79040-E7E7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 10:47 . 2012-08-21 10:485120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9B0C30FC-EB7D-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 22:25 . 2012-08-12 22:256144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9AFD112F-E4CC-11E1-AA63-64315024E3AB}.dat
    + 2012-08-12 22:25 . 2012-08-12 22:259728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9AFD112E-E4CC-11E1-AA63-64315024E3AB}.dat
    + 2012-08-16 02:10 . 2012-08-16 02:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9A4B0794-E747-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 14:28 . 2012-08-16 14:286144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{985D2CA9-E7AE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 02:04 . 2012-08-21 02:056144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97BCAB8A-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-23 16:42 . 2012-08-23 16:436144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9765CF15-ED41-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 14:28 . 2012-08-16 14:285120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{965FC62E-E7AE-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 11:08 . 2012-08-21 11:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{96559FF2-EB80-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-23 06:05 . 2012-08-23 06:066656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{953B0E89-ECE8-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 19:14 . 2012-08-10 19:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{95187FE9-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-21 02:04 . 2012-08-21 02:046656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94E1E515-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-14 19:09 . 2012-08-14 19:096144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{942DDE81-E643-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 22:37 . 2012-08-14 22:374608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93B059E9-E660-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 02:02 . 2012-08-17 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9326D93D-E80F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 02:02 . 2012-08-17 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{930CAA19-E80F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-18 20:09 . 2012-08-18 20:095632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{92D32F2A-E970-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 13:29 . 2012-08-11 13:305120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{92C57585-E3B8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 01:57 . 2012-08-15 01:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9097305B-E67C-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 00:05 . 2012-08-13 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8EDC3B5A-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-15 07:12 . 2012-08-15 07:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8DC5C7E7-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 15:31 . 2012-08-23 15:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B303989-ED37-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-14 05:54 . 2012-08-14 05:547680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B0FF482-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 05:54 . 2012-08-14 05:547680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B0FF480-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{896CF68A-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-15 04:13 . 2012-08-15 04:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{884811E1-E68F-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 19:09 . 2012-08-14 19:096144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{882F2F66-E643-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 00:05 . 2012-08-13 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87AE9507-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-14 14:58 . 2012-08-14 14:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85413DEE-E620-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 23:57 . 2012-08-13 00:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{833782C3-E4D9-11E1-AA63-64315024E3AB}.dat
    + 2012-08-15 10:32 . 2012-08-15 10:324608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8300DB53-E6C4-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81D13847-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-16 10:02 . 2012-08-16 10:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7F784024-E789-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 20:13 . 2012-08-14 20:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7F4401CD-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 22:44 . 2012-08-19 22:457168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D2B1805-EA4F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:07 . 2012-08-12 23:074608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C77CA5D-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-14 17:00 . 2012-08-14 17:005120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B57E3A2-E631-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 20:13 . 2012-08-14 20:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B35C5EB-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-22 09:19 . 2012-08-22 09:195120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B1D8AFB-EC3A-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 01:22 . 2012-08-20 01:226656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A6B238D-EA65-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 15:04 . 2012-08-15 15:044608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{79E41D00-E6EA-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 05:01 . 2012-08-16 05:015120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7949B748-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 10:36 . 2012-08-23 10:376656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{75729A07-ED0E-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 23:53 . 2012-08-21 23:546656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73471295-EBEB-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:137168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{731ECC2E-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-13 04:57 . 2012-08-13 04:574608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70A5AD15-E503-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 22:38 . 2012-08-12 22:384096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6EFDEE41-E4CE-11E1-AA63-64315024E3AB}.dat
    + 2012-08-13 18:55 . 2012-08-13 18:554096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D2E6071-E578-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 08:07 . 2012-08-16 08:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B664DFC-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 19:55 . 2012-08-23 19:556656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B4B93FD-ED5C-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 01:18 . 2012-08-23 01:186656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{69B0D052-ECC0-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:137168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{678C496E-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:13 . 2012-08-10 19:136144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{678C496D-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-15 07:11 . 2012-08-15 07:116144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{65BE009A-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 12:41 . 2012-08-14 12:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{61331523-E60D-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 14:40 . 2012-08-22 14:415632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{60A152C9-EC67-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-17 05:49 . 2012-08-17 05:506656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6026325B-E82F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 19:12 . 2012-08-10 19:175120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5F63B26D-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-18 00:05 . 2012-08-18 00:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5ECCFD99-E8C8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 20:17 . 2012-08-16 20:174608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E99B36D-E7DF-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-15 09:34 . 2012-08-15 09:344096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E275AC0-E6BC-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 02:03 . 2012-08-21 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5D3D2EF2-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 02:03 . 2012-08-21 02:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5D3D2EF1-EB34-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-13 15:12 . 2012-08-13 15:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B7D4A65-E559-11E1-84A5-64315024E3AB}.dat
    + 2012-08-21 17:33 . 2012-08-21 17:337168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5ACF15D6-EBB6-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 04:02 . 2012-08-17 04:024608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{58A11C42-E820-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-20 04:48 . 2012-08-20 04:484096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5652FA5E-EA82-11E1-B291-64315024E3AB}.dat
    + 2012-08-20 07:04 . 2012-08-20 07:077168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{56315659-EA95-11E1-B291-64315024E3AB}.dat
    + 2012-08-13 15:12 . 2012-08-13 15:139216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5370EC58-E559-11E1-84A5-64315024E3AB}.dat
    + 2012-08-21 11:14 . 2012-08-21 11:145632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{524AD9DE-EB81-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 19:11 . 2012-08-17 19:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{523C7976-E89F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 00:48 . 2012-08-11 00:495120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5234A067-E34E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-12 23:06 . 2012-08-12 23:066144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{508A6A35-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-12 23:06 . 2012-08-12 23:066144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{508A6A34-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-11 23:43 . 2012-08-11 23:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{506E015B-E40E-11E1-83B5-64315024E3AB}.dat
    + 2012-08-19 16:52 . 2012-08-19 16:534096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{50699A60-EA1E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-11 22:31 . 2012-08-11 22:323584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4F82492A-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 21:21 . 2012-08-16 21:215120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4F3F5CCF-E7E8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 21:21 . 2012-08-16 21:215120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4F0253C9-E7E8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 07:03 . 2012-08-21 07:045632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4E732F58-EB5E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-11 22:31 . 2012-08-11 22:314608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4BFC1F9F-E404-11E1-83B5-64315024E3AB}.dat
    + 2012-08-13 07:12 . 2012-08-13 07:137168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4B968F7C-E516-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 07:10 . 2012-08-15 07:108192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4B095E5F-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 09:33 . 2012-08-15 09:345120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4974A3A8-E6BC-11E1-8084-64315024E3AB}.dat
    + 2012-08-19 02:05 . 2012-08-19 02:056656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{485E00EF-E9A2-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-18 17:58 . 2012-08-18 17:583584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4849C094-E95E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 19:12 . 2012-08-10 19:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4836BD89-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-15 13:15 . 2012-08-15 13:165120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4832E99A-E6DB-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 08:06 . 2012-08-16 08:068192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{478D4BF0-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 08:06 . 2012-08-16 08:066656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{478D4BEC-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-22 07:09 . 2012-08-22 07:095632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{441AD1D4-EC28-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 07:04 . 2012-08-20 07:089728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41C8BBF9-EA95-11E1-B291-64315024E3AB}.dat
    + 2012-08-13 03:02 . 2012-08-13 03:024608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{419D76E1-E4F3-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 19:12 . 2012-08-10 19:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40626243-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:11 . 2012-08-10 19:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40626242-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-10 19:11 . 2012-08-10 19:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40626240-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-13 20:34 . 2012-08-13 20:345120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4009FD7E-E586-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 22:35 . 2012-08-13 22:365120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F0702CE-E597-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 21:54 . 2012-08-12 21:544608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F013A86-E4C8-11E1-83B5-64315024E3AB}.dat
    + 2012-08-21 11:13 . 2012-08-21 11:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3E7F1E0A-EB81-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-13 17:13 . 2012-08-13 17:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3CE9E2CC-E56A-11E1-84A5-64315024E3AB}.dat
    + 2012-08-12 23:05 . 2012-08-12 23:056656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3AF74D8C-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-20 05:45 . 2012-08-20 05:466656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39FDF26E-EA8A-11E1-B291-64315024E3AB}.dat
    + 2012-08-13 12:05 . 2012-08-13 12:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{398BF9F3-E53F-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 03:01 . 2012-08-13 03:014096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{398B4C79-E4F3-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 20:52 . 2012-08-10 20:526144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{398B40F7-E32D-11E1-83B5-64315024E3AB}.dat
    + 2012-08-10 20:51 . 2012-08-10 20:528704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{398B40F6-E32D-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 11:12 . 2012-08-16 11:124608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3781B347-E793-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-22 09:03 . 2012-08-22 09:045632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36D501C0-EC38-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-15 07:09 . 2012-08-15 07:147168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36D198B7-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-10 19:26 . 2012-08-10 19:264608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36BFC682-E321-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-14 07:54 . 2012-08-14 07:544608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36B79C3D-E5E5-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 08:06 . 2012-08-16 08:066656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36A42168-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 05:58 . 2012-08-15 05:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36217FAC-E69E-11E1-8084-64315024E3AB}.dat
    + 2012-08-22 22:03 . 2012-08-22 22:045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34EAE3A1-ECA5-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-17 00:12 . 2012-08-17 00:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{340F60CF-E800-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 20:11 . 2012-08-14 20:115120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33D73582-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-15 21:28 . 2012-08-15 21:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{31A5C77C-E720-11E1-8084-64315024E3AB}.dat
    + 2012-08-24 00:11 . 2012-08-24 00:116656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{30A62E5A-ED80-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 08:11 . 2012-08-23 08:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{30588ABC-ECFA-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-13 07:12 . 2012-08-13 07:126656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2D5CB0F0-E516-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 07:12 . 2012-08-13 07:125632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2D5CB0EF-E516-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 00:57 . 2012-08-15 00:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2CB144AC-E674-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 11:11 . 2012-08-16 11:126144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B797EAB-E793-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 20:52 . 2012-08-21 20:536656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{277938F3-EBD2-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 03:12 . 2012-08-16 03:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{26DC8B49-E750-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 02:52 . 2012-08-14 02:535120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{26298ACB-E5BB-11E1-84A5-64315024E3AB}.dat
    + 2012-08-23 22:09 . 2012-08-23 22:096656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24ACC166-ED6F-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-21 01:25 . 2012-08-21 01:266144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{243D1A29-EB2F-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-11 12:29 . 2012-08-11 12:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{23FBF767-E3B0-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 03:13 . 2012-08-15 03:135120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2362A269-E687-11E1-8084-64315024E3AB}.dat
    + 2012-08-23 03:46 . 2012-08-23 03:476656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22821DC3-ECD5-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 04:09 . 2012-08-16 04:093584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22438251-E758-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 21:40 . 2012-08-17 21:405120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2241DE71-E8B4-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 02:52 . 2012-08-14 02:534608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21B2F648-E5BB-11E1-84A5-64315024E3AB}.dat
    + 2012-08-16 01:10 . 2012-08-16 01:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1F893F70-E73F-11E1-8084-64315024E3AB}.dat
    + 2012-08-13 07:11 . 2012-08-13 07:116656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1EECCD11-E516-11E1-84A5-64315024E3AB}.dat
     
  5. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    + 2012-08-16 09:02 . 2012-08-16 09:035120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1CFDCF2E-E781-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 07:03 . 2012-08-20 07:077680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1C021DEF-EA95-11E1-B291-64315024E3AB}.dat
    + 2012-08-19 07:11 . 2012-08-19 07:115632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B7995E5-E9CD-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-19 21:44 . 2012-08-19 21:456656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AF84193-EA47-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 11:12 . 2012-08-21 11:125632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AE0DF98-EB81-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 11:12 . 2012-08-21 11:125120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AE0DF97-EB81-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-10 19:10 . 2012-08-10 19:156144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AB505BB-E31F-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-20 21:57 . 2012-08-20 21:584608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A7DA915-EB12-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-12 23:04 . 2012-08-12 23:117680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A1A94B4-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-16 15:29 . 2012-08-16 15:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19F3A21D-E7B7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-22 06:17 . 2012-08-22 06:177680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19EE3632-EC21-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-16 15:29 . 2012-08-16 15:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19E0971A-E7B7-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-21 03:05 . 2012-08-21 03:065120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19A322DB-EB3D-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-22 10:49 . 2012-08-22 10:506656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1984B161-EC47-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-22 02:43 . 2012-08-22 02:436144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1850F51F-EC03-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-17 09:08 . 2012-08-17 09:088192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1841E986-E84B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 07:11 . 2012-08-13 07:137168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{181A2E1E-E516-11E1-84A5-64315024E3AB}.dat
    + 2012-08-20 10:30 . 2012-08-20 10:315120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16E79651-EAB2-11E1-B291-64315024E3AB}.dat
    + 2012-08-12 02:40 . 2012-08-12 02:415120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{143F339E-E427-11E1-83B5-64315024E3AB}.dat
    + 2012-08-23 05:04 . 2012-08-23 05:058192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{141ADCDA-ECE0-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-10 19:25 . 2012-08-10 19:254608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13F207E8-E321-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-18 02:26 . 2012-08-18 02:266656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1280EFC6-E8DC-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 08:04 . 2012-08-16 08:055632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1276BC8D-E779-11E1-8084-64315024E3AB}.dat
    + 2012-08-14 13:58 . 2012-08-14 13:585120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1243F8E5-E618-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 07:08 . 2012-08-15 07:147680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1177A700-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-20 21:57 . 2012-08-20 21:586656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1159C06E-EB12-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 15:15 . 2012-08-21 15:166656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{10AFAF7F-EBA3-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-21 13:56 . 2012-08-21 13:575120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0F5CB11A-EB98-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-16 13:27 . 2012-08-16 13:275120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0F116273-E7A6-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 20:10 . 2012-08-14 20:105120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E568283-E64C-11E1-8084-64315024E3AB}.dat
    + 2012-08-17 09:08 . 2012-08-17 09:087680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E4C05CF-E84B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-14 04:53 . 2012-08-14 04:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E4502E8-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 20:36 . 2012-08-22 20:364608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D657773-EC99-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-12 23:11 . 2012-08-12 23:115632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BEB79BF-E4D3-11E1-AA63-64315024E3AB}.dat
    + 2012-08-12 23:11 . 2012-08-12 23:115632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BEB79BE-E4D3-11E1-AA63-64315024E3AB}.dat
    + 2012-08-14 05:01 . 2012-08-14 05:015632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B910F75-E5CD-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 00:50 . 2012-08-14 00:515120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{093176B0-E5AA-11E1-84A5-64315024E3AB}.dat
    + 2012-08-10 19:17 . 2012-08-10 19:175632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{087CE305-E320-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-18 20:05 . 2012-08-18 20:106144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{062C0740-E970-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-12 23:11 . 2012-08-12 23:119216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{051DE3F0-E4D3-11E1-AA63-64315024E3AB}.dat
    + 2012-08-24 03:42 . 2012-08-24 03:422048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-10 00:13 . 2012-08-10 00:132048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-24 03:42 . 2012-08-24 03:422048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-10 00:13 . 2012-08-10 00:132048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-15 18:37 . 2012-06-02 08:23231936 c:\windows\SysWOW64\url.dll
    + 2012-08-16 10:04 . 2012-06-29 00:07231936 c:\windows\SysWOW64\url.dll
    + 2012-08-16 10:04 . 2012-06-29 00:04717824 c:\windows\SysWOW64\jscript.dll
    + 2012-08-16 10:04 . 2012-06-29 00:04142848 c:\windows\SysWOW64\ieUnatt.exe
    - 2012-07-15 18:37 . 2012-06-02 08:20142848 c:\windows\SysWOW64\ieUnatt.exe
    + 2012-08-16 10:04 . 2012-06-28 23:57176640 c:\windows\SysWOW64\ieui.dll
    - 2012-07-15 18:37 . 2012-06-02 08:14176640 c:\windows\SysWOW64\ieui.dll
    - 2012-07-04 18:33 . 2012-08-09 23:09262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-07-04 18:33 . 2012-08-23 13:45262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2012-07-04 18:34 . 2012-07-25 08:10376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
    + 2012-07-04 18:34 . 2012-08-21 04:45376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
    + 2009-07-14 04:54 . 2012-08-24 00:11819200 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-08-22 06:17 . 2012-08-22 06:18193024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FEC522B7-EC20-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 06:26 . 2012-08-20 06:26170496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ECB3EBDA-EA8F-11E1-B291-64315024E3AB}.dat
    + 2012-08-15 07:14 . 2012-08-15 07:14218624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBB63F23-E6A8-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 20:03 . 2012-08-18 20:10210944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D55BB181-E96F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 00:07 . 2012-08-13 00:14183296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0F18F06-E4DA-11E1-AA63-64315024E3AB}.dat
    + 2012-08-13 01:03 . 2012-08-13 01:09123392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B60A283D-E4E2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-10 19:07 . 2012-08-10 19:15237056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B1E2E689-E31E-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-11 07:11 . 2012-08-11 07:11131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0F7D422-E383-11E1-83B5-64315024E3AB}.dat
    + 2012-08-20 07:07 . 2012-08-20 07:08182784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF18AA4C-EA95-11E1-B291-64315024E3AB}.dat
    + 2012-08-11 07:25 . 2012-08-11 07:31156672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE887BEA-E385-11E1-83B5-64315024E3AB}.dat
    + 2012-08-16 05:02 . 2012-08-16 05:03182272 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5BD5B9F-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-18 15:44 . 2012-08-18 15:48166400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9B1039CA-E94B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-13 08:05 . 2012-08-13 08:05321024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9995EC1A-E51D-11E1-84A5-64315024E3AB}.dat
    + 2012-08-17 05:01 . 2012-08-17 05:08601600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97DEDBFA-E828-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-10 19:42 . 2012-08-10 19:47509952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{96996774-E323-11E1-9A2E-64315024E3AB}.dat
    + 2012-08-14 04:57 . 2012-08-14 05:04940032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87284518-E5CC-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 07:03 . 2012-08-22 07:10200192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83D4DF54-EC27-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-23 05:00 . 2012-08-23 05:06760832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7EAACF19-ECDF-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-13 07:57 . 2012-08-13 08:01218112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E674B5F-E51C-11E1-84A5-64315024E3AB}.dat
    + 2012-08-14 07:27 . 2012-08-14 07:27306688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73F091AC-E5E1-11E1-84A5-64315024E3AB}.dat
    + 2012-08-22 09:19 . 2012-08-22 09:19137728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73BB1116-EC3A-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-20 04:49 . 2012-08-20 04:49242688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5D197EC9-EA82-11E1-B291-64315024E3AB}.dat
    + 2012-08-14 05:53 . 2012-08-14 05:57113664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5C5E6BE3-E5D4-11E1-84A5-64315024E3AB}.dat
    + 2012-08-13 07:06 . 2012-08-13 07:13148992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B5DD4A7-E515-11E1-84A5-64315024E3AB}.dat
    + 2012-08-15 07:32 . 2012-08-15 07:38231424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5A6CEF7D-E6AB-11E1-8084-64315024E3AB}.dat
    + 2012-08-21 05:09 . 2012-08-21 05:09231936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{557F8DC4-EB4E-11E1-9EF8-64315024E3AB}.dat
    + 2012-08-18 17:58 . 2012-08-18 17:58147968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5508A309-E95E-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 05:35 . 2012-08-17 05:42119808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5367728C-E82D-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 19:11 . 2012-08-17 19:11133120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{523C7975-E89F-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-19 04:42 . 2012-08-19 04:47805376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{38A2869D-E9B8-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-19 05:17 . 2012-08-19 05:22102912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2BEDA038-E9BD-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-17 09:08 . 2012-08-17 09:09100864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{250AF50F-E84B-11E1-A1DD-64315024E3AB}.dat
    + 2012-08-16 04:59 . 2012-08-16 05:06201728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{219299B9-E75F-11E1-8084-64315024E3AB}.dat
    + 2012-08-12 23:04 . 2012-08-12 23:11229888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A1A94B2-E4D2-11E1-AA63-64315024E3AB}.dat
    + 2012-08-11 08:10 . 2012-08-11 08:17145920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{131B4C2F-E38C-11E1-83B5-64315024E3AB}.dat
    + 2012-08-15 07:22 . 2012-08-15 07:26120320 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{039D2A92-E6AA-11E1-8084-64315024E3AB}.dat
    + 2012-08-16 10:04 . 2012-06-29 03:47237056 c:\windows\system32\url.dll
    - 2012-07-15 18:37 . 2012-06-02 12:04237056 c:\windows\system32\url.dll
    - 2010-10-26 01:13 . 2011-09-05 17:05464272 c:\windows\system32\spool\drivers\x64\3\ADUIGP.DLL
    + 2011-09-05 17:05 . 2011-09-05 17:05464272 c:\windows\system32\spool\drivers\x64\3\ADUIGP.DLL
    + 2012-08-16 10:04 . 2012-06-29 03:44816640 c:\windows\system32\jscript.dll
    - 2012-07-15 18:37 . 2012-06-02 12:01173056 c:\windows\system32\ieUnatt.exe
    + 2012-08-16 10:04 . 2012-06-29 03:43173056 c:\windows\system32\ieUnatt.exe
    - 2012-07-15 18:37 . 2012-06-02 11:54248320 c:\windows\system32\ieui.dll
    + 2012-08-16 10:04 . 2012-06-29 03:35248320 c:\windows\system32\ieui.dll
    + 2009-07-14 05:30 . 2012-08-16 10:22143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2012-07-24 21:42143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2012-08-16 10:22143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30 . 2012-07-24 21:42143360 c:\windows\system32\DriverStore\infstor.dat
    + 2011-06-08 22:38 . 2010-11-20 13:24229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
    + 2012-08-16 10:06 . 2012-07-06 20:07552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
    - 2009-07-14 05:31 . 2011-07-13 13:18399360 c:\windows\system32\DriverStore\drvindex.dat
    + 2009-07-14 05:31 . 2012-08-16 10:22399360 c:\windows\system32\DriverStore\drvindex.dat
    + 2012-07-04 14:59 . 2012-07-04 14:59261120 c:\windows\Installer\88568d2.msp
    + 2012-08-22 05:50 . 2012-08-22 05:50902144 c:\windows\Installer\6e4a125.msi
    + 2011-12-14 00:21 . 2012-08-22 06:03335872 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
    - 2011-12-14 00:21 . 2012-04-15 20:14335872 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
    - 2011-02-20 04:46 . 2012-07-15 10:06415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
    + 2011-02-20 04:46 . 2012-08-16 10:05415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
    - 2011-02-20 04:46 . 2012-07-15 10:06303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
    + 2011-02-20 04:46 . 2012-08-16 10:05303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
    + 2011-02-20 04:46 . 2012-08-16 10:05571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
    - 2011-02-20 04:46 . 2012-07-15 10:06571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
    + 2011-02-20 04:46 . 2012-08-16 10:05326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
    - 2011-02-20 04:46 . 2012-07-15 10:06326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
    + 2011-09-05 20:05 . 2011-09-05 20:05942464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\jp2klib.dll
    + 2010-10-26 01:13 . 2010-10-26 01:13595344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AXSLE.dll
    + 2012-01-03 07:37 . 2012-01-03 07:37320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\adobearmhelper.exe
    + 2010-10-25 22:13 . 2010-10-25 22:13932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\adobearm.exe
    + 2011-01-07 20:38 . 2011-01-07 20:38121208 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\MSCONV97.DLL
    + 2012-08-16 10:04 . 2012-06-29 00:091129472 c:\windows\SysWOW64\wininet.dll
    - 2012-07-15 18:37 . 2012-06-02 08:251129472 c:\windows\SysWOW64\wininet.dll
    - 2012-07-15 18:37 . 2012-06-02 08:261103872 c:\windows\SysWOW64\urlmon.dll
    + 2012-08-16 10:04 . 2012-06-29 00:091103872 c:\windows\SysWOW64\urlmon.dll
    + 2012-08-16 10:04 . 2012-06-29 00:161800704 c:\windows\SysWOW64\jscript9.dll
    - 2012-07-15 18:37 . 2012-06-02 08:191793024 c:\windows\SysWOW64\iertutil.dll
    + 2012-08-16 10:04 . 2012-06-29 00:011793024 c:\windows\SysWOW64\iertutil.dll
    - 2012-07-15 18:37 . 2012-06-02 08:439737728 c:\windows\SysWOW64\ieframe.dll
    + 2012-08-16 10:04 . 2012-06-29 00:279737728 c:\windows\SysWOW64\ieframe.dll
    + 2009-07-14 04:54 . 2012-08-24 00:119437184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-08-16 10:04 . 2012-06-29 03:491392128 c:\windows\system32\wininet.dll
    - 2012-07-15 18:37 . 2012-06-02 12:051392128 c:\windows\system32\wininet.dll
    - 2012-07-15 18:37 . 2012-06-02 12:051346048 c:\windows\system32\urlmon.dll
    + 2012-08-16 10:04 . 2012-06-29 03:491346048 c:\windows\system32\urlmon.dll
    + 2012-08-16 10:04 . 2012-06-29 03:562312704 c:\windows\system32\jscript9.dll
    - 2012-07-15 18:37 . 2012-06-02 11:592144768 c:\windows\system32\iertutil.dll
    + 2012-08-16 10:04 . 2012-06-29 03:422144768 c:\windows\system32\iertutil.dll
    + 2009-07-14 04:45 . 2012-08-16 10:307113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-07-15 18:597113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 05:01 . 2012-08-24 03:412403212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-07-19 09:45 . 2012-07-19 09:453464704 c:\windows\Installer\885695b.msp
    + 2012-07-04 15:04 . 2012-07-04 15:041292288 c:\windows\Installer\8856944.msp
    + 2012-07-04 15:12 . 2012-07-04 15:124772352 c:\windows\Installer\8856939.msp
    + 2012-07-04 15:09 . 2012-07-04 15:091284096 c:\windows\Installer\8856921.msp
    + 2012-07-04 15:01 . 2012-07-04 15:019082368 c:\windows\Installer\885690a.msp
    + 2012-07-04 14:58 . 2012-07-04 14:586163456 c:\windows\Installer\88568ea.msp
     
  6. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    - 2011-02-20 04:46 . 2012-07-15 10:061479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
    + 2011-02-20 04:46 . 2012-08-16 10:051479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
    + 2011-02-20 04:46 . 2012-08-16 10:051858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
    - 2011-02-20 04:46 . 2012-07-15 10:061858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
    + 2011-02-20 04:46 . 2012-08-16 10:054525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
    - 2011-02-20 04:46 . 2012-07-15 10:064525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
    - 2011-02-20 04:46 . 2012-07-15 10:063792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
    + 2011-02-20 04:46 . 2012-08-16 10:053792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
    + 2011-02-20 04:46 . 2012-08-16 10:051449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
    - 2011-02-20 04:46 . 2012-07-15 10:061449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
    + 2011-06-06 22:55 . 2011-06-06 22:558293256 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\agm.dll
    + 2012-08-16 10:04 . 2012-06-29 00:5212317184 c:\windows\SysWOW64\mshtml.dll
    - 2012-07-04 18:32 . 2012-08-09 23:0916187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    + 2012-07-04 18:32 . 2012-08-24 00:1116187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    - 2009-07-14 04:54 . 2012-08-09 23:0916187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-24 00:1116187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 02:34 . 2012-08-16 10:2211010048 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2009-07-14 02:34 . 2012-07-15 18:5311010048 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2012-08-16 10:04 . 2012-06-29 04:5517809920 c:\windows\system32\mshtml.dll
    + 2012-08-16 10:04 . 2012-06-29 04:0910925568 c:\windows\system32\ieframe.dll
    + 2009-07-14 04:45 . 2012-08-16 10:2916274064 c:\windows\system32\FNTCACHE.DAT
    - 2009-07-14 04:45 . 2012-07-15 18:5916274064 c:\windows\system32\FNTCACHE.DAT
    + 2011-03-08 08:26 . 2012-08-24 03:4150937328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4151112255-51104295-1799264657-1000-12288.dat
    + 2012-07-12 20:51 . 2012-08-24 03:4111102832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2012-07-28 01:22 . 2012-07-28 01:22105082880 c:\windows\Installer\6e4a5a5.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:52762000----a-r-c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:52762000----a-r-c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:52762000----a-r-c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeBridge"="" [BU]
    "Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-07-27 1261512]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
    "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
    "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-10-12 2215768]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-21 119152]
    "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    "ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
    "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-20 3695928]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe" [2012-08-01 686792]
    .
    c:\users\JASON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2011-12-18 77824]
    Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-12-18 15360]
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]
    ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-12-18 1081344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-22 85560]
    R2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R3 JmUjk3Ai;BlackBox SR2; [x]
    R3 kxhaBH20;BlackBox SR2; [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 sS43NcfQ;BlackBox SR2; [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
    R4 SQLAgent$SHIPWORKS;SQL Server Agent (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
    S0 72999610;72999610;c:\windows\system32\DRIVERS\72999610.sys [2012-08-08 460888]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-05 822624]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 MSSQL$SHIPWORKS;SQL Server (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-21 36720]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-11-19 24992]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-07 c:\windows\Tasks\HPCeeScheduleForJASON.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:361174672----a-r-c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:361174672----a-r-c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:361174672----a-r-c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 192.168.1.254
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:50,2f,7e,65,13,5a,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\Brownie\Brnipmon.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-23 21:22:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-24 04:22
    ComboFix2.txt 2012-08-10 19:34
    ComboFix3.txt 2012-08-10 00:50
    ComboFix4.txt 2012-08-08 20:23
    ComboFix5.txt 2012-08-24 00:11
    .
    Pre-Run: 125,596,983,296 bytes free
    Post-Run: 126,509,203,456 bytes free
    .
    - - End Of File - - 3D2BB755A6010C94F6C51E6DC31538D0
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  8. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    Hi DMJ- Still have the virus. Here is the new ComboFix Log:
    ComboFix 12-08-22.03 - JASON 08/25/2012 13:38:22.5.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1838 [GMT -7:00]
    Running from: c:\users\JASON\Desktop\ComboFix.exe
    Command switches used :: c:\users\JASON\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\SysWow64\sho1C27.tmp"
    "c:\windows\SysWow64\sho26C6.tmp"
    "c:\windows\SysWow64\sho2CEA.tmp"
    "c:\windows\SysWow64\sho61F2.tmp"
    "c:\windows\SysWow64\sho8934.tmp"
    "c:\windows\SysWow64\sho8F12.tmp"
    "c:\windows\SysWow64\shoA071.tmp"
    "c:\windows\SysWow64\shoD2A7.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\sho1C27.tmp
    c:\windows\SysWow64\sho26C6.tmp
    c:\windows\SysWow64\sho2CEA.tmp
    c:\windows\SysWow64\sho61F2.tmp
    c:\windows\SysWow64\sho8934.tmp
    c:\windows\SysWow64\sho8F12.tmp
    c:\windows\SysWow64\shoA071.tmp
    c:\windows\SysWow64\shoD2A7.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-25 20:55 . 2012-08-25 20:55 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-08-25 20:55 . 2012-08-25 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{9BE3DA6A-4249-4BEC-9AE7-CA0EA247E62C}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
    2012-08-22 05:52 . 2012-08-22 05:51 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-08-22 05:51 . 2012-08-22 05:51 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-08-22 05:51 . 2012-08-22 05:51 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-08-22 05:51 . 2012-08-22 05:51 188904 ----a-w- c:\windows\system32\java.exe
    2012-08-22 05:51 . 2012-08-22 05:51 -------- d-----w- c:\program files\Java
    2012-08-16 10:05 . 2012-08-16 10:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-08-15 11:24 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 11:24 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 11:24 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 11:24 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 11:24 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2012-08-15 11:24 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 11:24 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 11:24 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 11:24 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 11:24 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 11:24 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 11:24 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-08-14 18:31 . 2012-08-14 18:33 35712 ----a-w- c:\windows\SysWow64\drivers\kxhaBH20.sys
    2012-08-14 18:31 . 2012-08-14 18:33 -------- d-----w- c:\program files\unhook
    2012-08-14 18:19 . 2012-08-14 18:26 35712 ----a-w- c:\windows\SysWow64\drivers\JmUjk3Ai.sys
    2012-08-14 18:18 . 2012-08-14 18:26 35712 ----a-w- c:\windows\SysWow64\drivers\sS43NcfQ.sys
    2012-08-12 04:31 . 2012-08-08 18:11 460888 ----a-w- c:\windows\system32\drivers\72999610.sys
    2012-08-11 16:53 . 2012-08-11 16:53 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-08-07 02:29 . 2012-08-07 02:29 -------- d-----w- c:\users\JASON\AppData\Roaming\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-07 02:28 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-22 05:51 . 2012-01-23 07:47 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-22 05:51 . 2012-01-23 07:47 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-16 10:00 . 2011-02-08 03:11 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-01 22:46 . 2012-04-05 08:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-01 22:46 . 2011-05-18 18:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-09 05:43 . 2012-07-15 06:12 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06 . 2012-07-15 06:12 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-15 06:12 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-15 06:11 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-15 06:12 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-15 06:12 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-15 06:11 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-22 07:21 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 07:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 07:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 07:22 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 07:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-22 07:21 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 07:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-22 07:21 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:50 . 2012-07-15 06:12 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-15 06:12 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-15 06:12 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-15 06:12 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-15 06:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-15 06:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-15 06:12 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-15 06:12 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-15 06:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-20 . 58877D39A2D4E120CEE1EFF4DAD3D3FD . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-08-24_03.45.44 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-24 21:17 . 2012-08-24 21:17 25094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-08-24 03:41 . 2012-08-24 03:41 25094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-07-04 18:36 . 2012-08-24 00:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-07-04 18:36 . 2012-08-25 19:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-08-24 22:04 . 2012-08-24 22:09 62464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B92145E3-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 04:44 . 2012-08-25 04:48 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8BE75A92-EE6F-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 04:29 . 2012-08-25 04:33 28160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{82978470-EE6D-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:32 . 2012-08-24 21:33 30720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{446E5FD2-EE33-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:53 . 2012-08-25 05:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2AF33E43-EE79-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:53 . 2012-08-25 05:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21F1753A-EE79-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:24 . 2012-08-24 21:31 37376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1C7F2389-EE32-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:31 . 2012-08-24 21:38 24064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1927753A-EE33-11E1-9818-64315024E3AB}.dat
    + 2012-07-04 18:33 . 2012-08-25 07:06 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-07-04 18:33 . 2012-08-23 11:02 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2009-07-14 05:10 . 2012-08-25 21:15 40316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-07 03:46 . 2012-08-25 21:15 14798 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4151112255-51104295-1799264657-1000_UserData.bin
    - 2011-02-07 04:31 . 2012-08-24 00:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-07 04:31 . 2012-08-25 20:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-07 04:31 . 2012-08-24 00:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-02-07 04:31 . 2012-08-25 20:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-25 20:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-24 00:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-08-22 08:03 . 2012-08-23 05:09 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{CBD0FFEF-EC2F-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-22 08:03 . 2012-08-24 22:09 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{CBD0FFEF-EC2F-11E1-BDDB-64315024E3AB}.dat
    + 2012-08-24 22:09 . 2012-08-25 19:55 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{568893EA-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 19:55 . 2012-08-25 19:55 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{C72879A0-EEEE-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:09 . 2012-08-24 22:09 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{568893EC-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:23 . 2012-08-24 21:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F969FBA7-EE31-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:23 . 2012-08-24 21:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F66B808E-EE31-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 11:56 . 2012-08-25 11:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ED74150C-EEAB-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:22 . 2012-08-24 21:23 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC2D790B-EE31-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:50 . 2012-08-25 05:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D2004BA7-EE78-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 13:56 . 2012-08-25 13:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B20F746E-EEBC-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 19:54 . 2012-08-25 19:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AEDF583B-EEEE-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:42 . 2012-08-25 05:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB34E0F8-EE77-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 00:13 . 2012-08-25 00:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A72B8D9D-EE49-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 08:55 . 2012-08-25 08:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A2ECFEF8-EE92-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 17:09 . 2012-08-25 17:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93844C5A-EED7-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 10:56 . 2012-08-25 10:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{846C31C7-EEA3-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 02:13 . 2012-08-25 02:13 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{840EE8CD-EE5A-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 04:29 . 2012-08-25 04:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8297846F-EE6D-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:02 . 2012-08-24 22:09 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{703FD018-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:02 . 2012-08-24 22:09 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7025A0F4-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 15:20 . 2012-08-25 15:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6A3049BF-EEC8-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 03:45 . 2012-08-25 03:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61996107-EE67-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 03:45 . 2012-08-25 03:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{615DDE9F-EE67-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:06 . 2012-08-25 07:13 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5FAFEEC9-EE83-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 12:56 . 2012-08-25 12:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4FC2F56D-EEB4-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 04:42 . 2012-08-25 04:44 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{36EB637C-EE6F-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 14:57 . 2012-08-25 14:58 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3136415B-EEC5-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 16:08 . 2012-08-25 16:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{260DF4DB-EECF-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 09:56 . 2012-08-25 09:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{222B99A7-EE9B-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 01:13 . 2012-08-25 01:14 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1FAAD720-EE52-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:24 . 2012-08-24 21:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C7F2388-EE32-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:31 . 2012-08-24 21:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19277539-EE33-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:31 . 2012-08-24 21:32 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{17FDE936-EE33-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:04 . 2012-08-25 07:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16D5B156-EE83-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 23:11 . 2012-08-24 23:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{169DB55D-EE41-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 18:09 . 2012-08-25 18:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{135FC720-EEE0-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:23 . 2012-08-24 21:24 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F66B808F-EE31-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 11:56 . 2012-08-25 11:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED74150D-EEAB-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:23 . 2012-08-24 21:23 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC2D790C-EE31-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:09 . 2012-08-25 07:13 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D97AD893-EE83-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:09 . 2012-08-25 07:09 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D97AD891-EE83-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:05 . 2012-08-24 22:05 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D195A286-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:04 . 2012-08-24 22:04 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B92145E1-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 13:56 . 2012-08-25 13:57 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B20F746F-EEBC-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 19:54 . 2012-08-25 19:55 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AEDF583D-EEEE-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:04 . 2012-08-24 22:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE002FA8-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:42 . 2012-08-25 05:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB34E0F9-EE77-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 00:13 . 2012-08-25 00:13 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A72B8D9E-EE49-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 08:55 . 2012-08-25 08:56 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A2ECFEF9-EE92-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:03 . 2012-08-24 22:09 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{959812E1-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 17:09 . 2012-08-25 17:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93844C5B-EED7-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 10:56 . 2012-08-25 10:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{846C31C8-EEA3-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 02:13 . 2012-08-25 02:13 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{840EE8CE-EE5A-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 15:20 . 2012-08-25 15:20 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A3049C0-EEC8-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:09 . 2012-08-24 22:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{65E17DEC-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 03:45 . 2012-08-25 03:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{61996108-EE67-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 03:45 . 2012-08-25 03:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{615DDEA0-EE67-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:13 . 2012-08-25 07:13 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{534A3378-EE84-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 12:56 . 2012-08-25 12:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4FC2F56E-EEB4-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:08 . 2012-08-24 22:09 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{49D5CFE1-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 14:57 . 2012-08-25 14:58 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3136415C-EEC5-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:07 . 2012-08-24 22:08 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{26247AA6-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 16:08 . 2012-08-25 16:09 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{260DF4DC-EECF-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 09:56 . 2012-08-25 09:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{222B99A8-EE9B-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 01:13 . 2012-08-25 01:14 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1FAAD721-EE52-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:11 . 2012-08-25 07:13 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1BE34085-EE84-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:04 . 2012-08-25 07:05 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16D5B157-EE83-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 23:11 . 2012-08-24 23:12 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{169DB55E-EE41-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 18:09 . 2012-08-25 18:10 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{135FC721-EEE0-11E1-9818-64315024E3AB}.dat
     
  9. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    + 2012-08-24 22:07 . 2012-08-24 22:07 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12F343E6-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:07 . 2012-08-24 22:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12C3F684-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:07 . 2012-08-24 22:07 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12C3F682-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:24 . 2012-08-24 21:24 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12934743-EE32-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:24 . 2012-08-24 21:24 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0568AAC2-EE32-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 21:11 . 2012-08-25 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-24 03:42 . 2012-08-24 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-25 21:11 . 2012-08-25 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-24 03:42 . 2012-08-24 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-04 18:33 . 2012-08-25 07:06 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2012-07-04 18:33 . 2012-08-23 13:45 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2012-08-25 19:54 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-08-24 22:02 . 2012-08-24 22:09 558080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7025A0F5-EE37-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 05:55 . 2012-08-25 05:56 299008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6ABA7895-EE79-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 22:09 . 2012-08-24 22:09 184832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{568893ED-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 07:13 . 2012-08-25 07:13 196096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{534A3376-EE84-11E1-9818-64315024E3AB}.dat
    + 2012-08-25 04:42 . 2012-08-25 04:48 411136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{36EB637D-EE6F-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 21:31 . 2012-08-24 21:38 239104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{17FDE937-EE33-11E1-9818-64315024E3AB}.dat
    + 2012-08-24 23:15 . 2012-08-24 23:15 453632 c:\windows\Installer\6a7404.msi
    + 2012-08-24 23:15 . 2012-08-24 23:15 261632 c:\windows\Installer\6a72b9.msi
    + 2012-08-24 23:15 . 2012-08-24 23:15 261632 c:\windows\Installer\6a72a9.msi
    + 2012-08-24 23:15 . 2012-08-24 23:15 261632 c:\windows\Installer\6a7299.msi
    + 2012-08-24 23:15 . 2012-08-24 23:15 262656 c:\windows\Installer\6a7289.msi
    + 2012-08-24 23:14 . 2012-08-24 23:14 261632 c:\windows\Installer\6a7276.msi
    + 2012-08-24 23:14 . 2012-08-24 23:14 262656 c:\windows\Installer\6a7266.msi
    + 2009-07-14 04:54 . 2012-08-25 19:54 9437184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-24 00:11 9437184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 05:01 . 2012-08-25 21:09 2403212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-08-24 03:41 2403212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-07-04 18:32 . 2012-08-24 00:11 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    + 2012-07-04 18:32 . 2012-08-25 19:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    - 2009-07-14 04:54 . 2012-08-24 00:11 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-25 19:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-08 08:26 . 2012-08-25 21:10 51167152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4151112255-51104295-1799264657-1000-12288.dat
    + 2012-07-12 20:51 . 2012-08-25 21:10 11107044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeBridge"="" [BU]
    "Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-07-27 1261512]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
    "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
    "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-10-12 2215768]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-21 119152]
    "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    "ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
    "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-20 3695928]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe" [2012-08-01 686792]
    .
    c:\users\JASON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2011-12-18 77824]
    Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-12-18 15360]
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]
    ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-12-18 1081344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
    R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-05 822624]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-22 85560]
    R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R3 JmUjk3Ai;BlackBox SR2; [x]
    R3 kxhaBH20;BlackBox SR2; [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    R3 sS43NcfQ;BlackBox SR2; [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
    R4 SQLAgent$SHIPWORKS;SQL Server Agent (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
    S0 72999610;72999610;c:\windows\system32\DRIVERS\72999610.sys [2012-08-08 460888]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 MSSQL$SHIPWORKS;SQL Server (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-21 36720]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-11-19 24992]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-07 c:\windows\Tasks\HPCeeScheduleForJASON.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 192.168.1.254
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:50,2f,7e,65,13,5a,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\Brownie\Brnipmon.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-25 14:54:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-25 21:54
    ComboFix2.txt 2012-08-24 04:22
    ComboFix3.txt 2012-08-10 19:34
    ComboFix4.txt 2012-08-10 00:50
    ComboFix5.txt 2012-08-25 20:36
    .
    Pre-Run: 126,317,490,176 bytes free
    Post-Run: 126,070,800,384 bytes free
    .
    - - End Of File - - 1B6DD2F0D61CED3EFA3AFA906EBB787B
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  11. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    HI DMJ- Still have the virus. Here is the new ComboFix Log. Thanks again for your help.

    ComboFix 12-08-22.03 - JASON 08/26/2012 17:23:47.6.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2114 [GMT -7:00]
    Running from: c:\users\JASON\Desktop\ComboFix.exe
    Command switches used :: c:\users\JASON\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-27 00:40 . 2012-08-27 00:40 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-08-27 00:40 . 2012-08-27 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{9BE3DA6A-4249-4BEC-9AE7-CA0EA247E62C}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}
    2012-08-24 23:15 . 2012-08-24 23:15 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D}
    2012-08-24 23:14 . 2012-08-24 23:14 -------- d-----w- c:\programdata\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
    2012-08-22 05:52 . 2012-08-22 05:51 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-08-22 05:51 . 2012-08-22 05:51 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-08-22 05:51 . 2012-08-22 05:51 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-08-22 05:51 . 2012-08-22 05:51 188904 ----a-w- c:\windows\system32\java.exe
    2012-08-22 05:51 . 2012-08-22 05:51 -------- d-----w- c:\program files\Java
    2012-08-16 10:05 . 2012-08-16 10:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-08-15 11:24 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 11:24 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 11:24 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 11:24 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 11:24 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2012-08-15 11:24 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 11:24 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 11:24 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 11:24 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 11:24 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 11:24 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 11:24 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-08-14 18:31 . 2012-08-14 18:33 35712 ----a-w- c:\windows\SysWow64\drivers\kxhaBH20.sys
    2012-08-14 18:31 . 2012-08-14 18:33 -------- d-----w- c:\program files\unhook
    2012-08-14 18:19 . 2012-08-14 18:26 35712 ----a-w- c:\windows\SysWow64\drivers\JmUjk3Ai.sys
    2012-08-14 18:18 . 2012-08-14 18:26 35712 ----a-w- c:\windows\SysWow64\drivers\sS43NcfQ.sys
    2012-08-12 04:31 . 2012-08-08 18:11 460888 ----a-w- c:\windows\system32\drivers\72999610.sys
    2012-08-11 16:53 . 2012-08-11 16:53 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-08-07 02:29 . 2012-08-07 02:29 -------- d-----w- c:\users\JASON\AppData\Roaming\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-07 02:28 . 2012-08-07 02:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-07 02:28 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-22 05:51 . 2012-01-23 07:47 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-22 05:51 . 2012-01-23 07:47 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-16 10:00 . 2011-02-08 03:11 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-01 22:46 . 2012-04-05 08:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-01 22:46 . 2011-05-18 18:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-09 05:43 . 2012-07-15 06:12 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06 . 2012-07-15 06:12 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-15 06:12 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-15 06:11 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-15 06:12 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-15 06:12 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-15 06:11 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-22 07:21 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 07:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 07:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 07:22 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 07:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-22 07:21 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 07:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-22 07:21 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:50 . 2012-07-15 06:12 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-15 06:12 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-15 06:12 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-15 06:12 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-15 06:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-15 06:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-15 06:12 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-15 06:12 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-15 06:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-20 . 58877D39A2D4E120CEE1EFF4DAD3D3FD . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-08-25_21.14.05 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-27 00:41 . 2012-08-27 00:41 25094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-08-24 21:17 . 2012-08-24 21:17 25094 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2012-07-04 18:36 . 2012-08-27 01:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    - 2012-07-04 18:36 . 2012-08-25 19:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-08-26 04:32 . 2012-08-26 04:37 31744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9AC47EA-EF36-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:39 . 2012-08-26 04:46 30720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F864B07C-EF37-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:36 . 2012-08-26 04:39 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ABDE2C0A-EF37-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:34 . 2012-08-26 04:39 24576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5C378844-EF37-11E1-9D59-64315024E3AB}.dat
    + 2012-07-04 18:33 . 2012-08-26 09:28 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-07-04 18:33 . 2012-08-25 07:06 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2011-02-07 03:31 . 2012-08-25 22:49 61988 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-08-25 22:49 40480 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2011-02-07 03:46 . 2012-08-25 21:15 14798 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4151112255-51104295-1799264657-1000_UserData.bin
    + 2011-02-07 03:46 . 2012-08-25 22:49 14798 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4151112255-51104295-1799264657-1000_UserData.bin
    - 2011-02-07 04:31 . 2012-08-25 20:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-07 04:31 . 2012-08-27 00:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-07 04:31 . 2012-08-25 20:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-02-07 04:31 . 2012-08-27 00:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-27 00:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-25 20:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-08-26 07:21 . 2012-08-26 07:21 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{9DD91451-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-24 22:09 . 2012-08-26 23:36 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{568893EA-EE38-11E1-9818-64315024E3AB}.dat
    - 2012-08-24 22:09 . 2012-08-25 19:55 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{568893EA-EE38-11E1-9818-64315024E3AB}.dat
    + 2012-08-26 23:36 . 2012-08-26 23:36 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{ED12CCAC-EFD6-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:21 . 2012-08-26 07:21 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{9DD91452-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:32 . 2012-08-26 04:36 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB40F1D8-EF36-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:32 . 2012-08-26 04:37 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F9AC47E9-EF36-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 04:39 . 2012-08-26 04:39 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F864B07B-EF37-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 19:33 . 2012-08-26 19:34 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F477DB6A-EFB4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 21:35 . 2012-08-26 21:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EC52C6B4-EFC5-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 15:29 . 2012-08-26 15:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D40D0D70-EF92-11E1-9D59-64315024E3AB}.dat
    + 2012-08-27 00:47 . 2012-08-27 00:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D17DCF4D-EFE0-11E1-8B4C-64315024E3AB}.dat
    + 2012-08-26 10:28 . 2012-08-26 10:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C3963333-EF68-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 01:52 . 2012-08-26 01:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B9741FC4-EF20-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 06:03 . 2012-08-26 06:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B699E706-EF43-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 23:50 . 2012-08-25 23:51 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B05DCDB0-EF0F-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 03:54 . 2012-08-26 03:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB82C558-EF31-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 03:54 . 2012-08-26 03:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AA6C4457-EF31-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:14 . 2012-08-26 07:21 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A6996D98-EF4D-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:32 . 2012-08-26 16:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9DAC473F-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 09:15 . 2012-08-26 09:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8A9C30F6-EF5E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 12:28 . 2012-08-26 12:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{88176372-EF79-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:31 . 2012-08-26 16:32 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{846FF09E-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:31 . 2012-08-26 16:32 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A0F70ED-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 18:32 . 2012-08-26 18:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{717070AC-EFAC-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 14:29 . 2012-08-26 14:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7062A427-EF8A-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 22:36 . 2012-08-26 22:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6F4FB9BC-EFCE-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:30 . 2012-08-26 16:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{60CBF62A-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 20:34 . 2012-08-26 20:34 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E076D1F-EFBD-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 05:02 . 2012-08-26 05:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{461BD3ED-EF3B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:29 . 2012-08-26 16:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{43A7DD96-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 00:51 . 2012-08-26 00:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{38AA7FE9-EF18-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 00:51 . 2012-08-26 00:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{37561B22-EF18-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 22:49 . 2012-08-25 22:50 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2F186471-EF07-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 22:49 . 2012-08-25 22:50 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2CE90113-EF07-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 11:28 . 2012-08-26 11:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{25D6CB52-EF71-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 02:52 . 2012-08-26 02:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{24C5958D-EF29-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 02:52 . 2012-08-26 02:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{22265180-EF29-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:03 . 2012-08-26 07:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{18D81DC5-EF4C-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 17:32 . 2012-08-26 17:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0DD91266-EFA4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 17:32 . 2012-08-26 17:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0BF1184D-EFA4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 08:14 . 2012-08-26 08:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0A57BEE9-EF56-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 13:29 . 2012-08-26 13:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0867BC60-EF82-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 19:33 . 2012-08-26 19:34 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F477DB6B-EFB4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 21:35 . 2012-08-26 21:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC52C6B5-EFC5-11E1-9D59-64315024E3AB}.dat
    + 2012-08-27 00:48 . 2012-08-27 00:48 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD7EDFC9-EFE0-11E1-8B4C-64315024E3AB}.dat
    + 2012-08-26 15:29 . 2012-08-26 15:30 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D40D0D71-EF92-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:15 . 2012-08-26 07:21 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D350D62B-EF4D-11E1-9D59-64315024E3AB}.dat
    + 2012-08-27 00:47 . 2012-08-27 00:48 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D17DCF4E-EFE0-11E1-8B4C-64315024E3AB}.dat
    + 2012-08-26 07:15 . 2012-08-26 07:21 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CACA3ED2-EF4D-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 10:28 . 2012-08-26 10:29 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3963334-EF68-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 01:52 . 2012-08-26 01:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9741FC5-EF20-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 06:03 . 2012-08-26 06:03 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B699E707-EF43-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 23:50 . 2012-08-25 23:51 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B05DCDB1-EF0F-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 03:54 . 2012-08-26 03:54 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB82C559-EF31-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 03:54 . 2012-08-26 03:54 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA6C4458-EF31-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:21 . 2012-08-26 07:21 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9DD91456-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:32 . 2012-08-26 16:33 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9DAC4740-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:20 . 2012-08-26 07:21 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{907FD4A8-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 09:15 . 2012-08-26 09:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A9C30F7-EF5E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 12:28 . 2012-08-26 12:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{88176373-EF79-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:31 . 2012-08-26 16:32 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{846FF09F-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:31 . 2012-08-26 16:32 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A0F70EE-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 18:32 . 2012-08-26 18:33 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{717070AD-EFAC-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 14:29 . 2012-08-26 14:30 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7062A428-EF8A-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 22:36 . 2012-08-26 22:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F4FB9BD-EFCE-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:30 . 2012-08-26 16:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{60CBF62B-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 20:34 . 2012-08-26 20:34 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E076D20-EFBD-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:18 . 2012-08-26 07:21 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43BC7029-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 16:29 . 2012-08-26 16:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43A7DD97-EF9B-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 22:50 . 2012-08-25 22:50 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B3067F3-EF07-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 00:51 . 2012-08-26 00:52 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{38AA7FEA-EF18-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 00:51 . 2012-08-26 00:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37561B23-EF18-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 22:50 . 2012-08-25 22:50 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F186472-EF07-11E1-9D59-64315024E3AB}.dat
    + 2012-08-25 22:50 . 2012-08-25 22:50 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2CE90114-EF07-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:17 . 2012-08-26 07:18 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{286C4EF8-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 11:28 . 2012-08-26 11:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{25D6CB53-EF71-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 02:52 . 2012-08-26 02:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24C5958E-EF29-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 02:52 . 2012-08-26 02:53 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22265181-EF29-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:03 . 2012-08-26 07:03 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{18D81DC6-EF4C-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 17:32 . 2012-08-26 17:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0DD91267-EFA4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 17:32 . 2012-08-26 17:33 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BF1184E-EFA4-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 08:14 . 2012-08-26 08:15 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0A57BEEA-EF56-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 13:29 . 2012-08-26 13:30 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0867BC61-EF82-11E1-9D59-64315024E3AB}.dat
    - 2012-08-25 21:11 . 2012-08-25 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-27 00:43 . 2012-08-27 00:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-25 21:11 . 2012-08-25 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-27 00:43 . 2012-08-27 00:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-04 18:33 . 2012-08-26 05:02 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2012-07-04 18:33 . 2012-08-25 07:06 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 04:54 . 2012-08-25 19:54 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-27 01:48 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-08-26 04:32 . 2012-08-26 04:39 866304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FB40F1D9-EF36-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 07:21 . 2012-08-26 07:21 177664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9DD91454-EF4E-11E1-9D59-64315024E3AB}.dat
    + 2012-08-26 05:02 . 2012-08-26 05:07 573952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{461BD3EE-EF3B-11E1-9D59-64315024E3AB}.dat
    + 2009-07-14 04:54 . 2012-08-27 00:48 9437184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-25 19:54 9437184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 05:01 . 2012-08-25 21:09 2403212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-27 00:41 2403212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-07-04 18:32 . 2012-08-25 19:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    + 2012-07-04 18:32 . 2012-08-27 01:48 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    - 2009-07-14 04:54 . 2012-08-25 19:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-27 00:48 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-08 08:26 . 2012-08-27 00:42 51213540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4151112255-51104295-1799264657-1000-12288.dat
    - 2012-07-12 20:51 . 2012-08-25 21:10 11107044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2012-07-12 20:51 . 2012-08-27 00:42 11107044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    .
     
  12. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeBridge"="" [BU]
    "Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-07-27 1261512]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe" [2012-08-01 686792]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
    "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
    "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-10-12 2215768]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-21 119152]
    "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    "ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
    "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-20 3695928]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe" [2012-08-01 686792]
    .
    c:\users\JASON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2011-12-18 77824]
    Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-12-18 15360]
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]
    ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-12-18 1081344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
    R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-05 822624]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 136176]
    R3 JmUjk3Ai;BlackBox SR2; [x]
    R3 kxhaBH20;BlackBox SR2; [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    R3 sS43NcfQ;BlackBox SR2; [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
    R4 SQLAgent$SHIPWORKS;SQL Server Agent (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
    S0 72999610;72999610;c:\windows\system32\DRIVERS\72999610.sys [2012-08-08 460888]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-22 85560]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 MSSQL$SHIPWORKS;SQL Server (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-21 36720]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-11-19 24992]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-07 06:05]
    .
    2012-08-07 c:\windows\Tasks\HPCeeScheduleForJASON.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 06:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 192.168.1.254
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:50,2f,7e,65,13,5a,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,a0,5b,18,16,25,6c,43,a7,db,61,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:42,6c,54,4f,6f,3a,72,84,69,23,97,59,00,aa,63,4c,c2,80,6b,4c,00,
    27,36,2a,47,40,a3,50,34,7d,d6,fa,69,cf,0d,d6,28,87,4b,7e,87,3c,c4,c5,fb,95,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\Brownie\Brnipmon.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-26 19:33:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-27 02:32
    ComboFix2.txt 2012-08-25 21:54
    ComboFix3.txt 2012-08-24 04:22
    ComboFix4.txt 2012-08-10 19:34
    ComboFix5.txt 2012-08-27 00:22
    .
    Pre-Run: 125,635,674,112 bytes free
    Post-Run: 125,674,766,336 bytes free
    .
    - - End Of File - - 888A664B31D5A7A34A4B91738C677221
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
     
  14. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    Here is the OTL and Extras logs. Still have the virus. Please let me know the next steps. Thanks.

    OTL logfile created on: 8/28/2012 7:04:59 AM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\JASON\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 47.05% Memory free
    7.50 Gb Paging File | 5.02 Gb Available in Paging File | 66.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 685.29 Gb Total Space | 122.67 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
    Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

    Computer Name: HPDESKTOP1 | User Name: JASON | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/27 13:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/20 14:46:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JASON\Desktop\OTL.exe
    PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/02/23 15:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/10/01 11:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 11:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/06/30 16:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2011/04/22 20:28:46 | 001,081,344 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
    PRC - [2011/03/30 12:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2011/03/28 20:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/03/03 23:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2011/01/19 15:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
    PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2009/09/30 13:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
    PRC - [2009/07/13 18:14:35 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sdiagnhost.exe
    PRC - [2009/07/13 18:14:25 | 000,983,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdt.exe
    PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2008/10/20 17:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brownie\BRNIPMON.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/25 01:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/25 01:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/08 16:53:48 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
    MOD - [2011/03/16 18:30:58 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
    MOD - [2010/08/24 19:56:50 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
    MOD - [2008/11/12 18:32:30 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
    MOD - [2003/03/26 21:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/06/30 06:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/03/03 23:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
    SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/05/20 18:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/12/06 09:48:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/10/01 11:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 11:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/07/13 07:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2011/06/30 16:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2011/06/21 18:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/03/28 20:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/07/24 00:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/08 11:11:11 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\72999610.sys -- (72999610)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/02/15 14:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/10/01 11:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 11:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 11:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 11:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/07/13 07:00:14 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2011/06/30 08:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/06/30 06:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/06/17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/18 21:13:36 | 000,024,992 | ---- | M] (Windows (R) DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vad.sys -- (VAD_DEV)
    DRV:64bit: - [2010/09/02 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/08/13 06:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2010/08/13 06:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2010/07/21 20:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2010/05/20 18:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2010/03/10 08:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2012/08/14 11:33:34 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\kxhaBH20.sys -- (kxhaBH20)
    DRV - [2012/08/14 11:26:35 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\sS43NcfQ.sys -- (sS43NcfQ)
    DRV - [2012/08/14 11:26:24 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\JmUjk3Ai.sys -- (JmUjk3Ai)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/myweb...&n=77ed2945&psa=&st=sb&searchfor={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0BDAF422-7CB0-42AC-80C2-3A279B3CACF5}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
    IE - HKCU\..\SearchScopes\{15B78E6B-5A75-48FB-A917-52B4309A4D42}: "URL" =
    IE - HKCU\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/myweb...&n=77ed2945&psa=&st=sb&searchfor={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/14 22:24:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/21 07:54:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/12/13 16:48:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/21 23:03:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/21 07:52:37 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AVG Safe Search = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
    CHR - Extension: AVG Do Not Track = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
    CHR - Extension: Gmail = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/08/26 18:41:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF49D771-4EDE-4A85-B771-E1CDD3CA87C1}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb2 - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: hitmanpro36 - Reg Error: Value error.
    SafeBootMin:64bit: hitmanpro36.sys - Reg Error: Value error.
    SafeBootMin:64bit: HitmanPro36Crusader - Reg Error: Value error.
    SafeBootMin:64bit: HitmanPro36CrusaderBoot - Reg Error: Value error.
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: hitmanpro36 - Reg Error: Value error.
    SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
    SafeBootMin: HitmanPro36Crusader - Reg Error: Value error.
    SafeBootMin: HitmanPro36CrusaderBoot - Reg Error: Value error.
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
     
  15. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/26 19:33:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/26 18:41:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/24 16:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    [2012/08/24 16:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BE3DA6A-4249-4BEC-9AE7-CA0EA247E62C}
    [2012/08/24 16:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}
    [2012/08/24 16:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    [2012/08/24 16:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    [2012/08/24 16:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D}
    [2012/08/24 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
    [2012/08/24 16:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
    [2012/08/21 22:57:50 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Vendio
    [2012/08/21 22:57:28 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Virus
    [2012/08/21 22:52:00 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/08/21 22:51:41 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2012/08/21 22:51:40 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/08/21 22:51:38 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/08/21 22:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/08/21 08:56:22 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Bourne Creative SEO Course
    [2012/08/16 03:04:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/08/16 03:04:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/08/16 03:04:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/08/16 03:04:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/08/16 03:04:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/08/16 03:04:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/08/16 03:04:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/08/16 03:04:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/08/16 03:04:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/08/16 03:04:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/08/16 03:04:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/08/16 03:04:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/08/16 03:04:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/08/15 04:24:36 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
    [2012/08/15 04:24:32 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2012/08/15 04:24:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2012/08/15 04:24:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
    [2012/08/15 04:24:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
    [2012/08/15 04:24:31 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
    [2012/08/15 04:24:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
    [2012/08/15 04:24:29 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
    [2012/08/14 11:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\unhook
    [2012/08/14 11:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE
    [2012/08/11 21:31:01 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\72999610.sys
    [2012/08/11 09:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/08/07 20:29:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/07 20:29:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/07 20:29:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/06 19:29:28 | 000,000,000 | ---D | C] -- C:\Users\JASON\AppData\Roaming\Malwarebytes
    [2012/08/06 19:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/06 19:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/06 19:28:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/06 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [19 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/28 07:13:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/28 05:13:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/27 17:50:17 | 105,088,910 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/08/27 15:55:23 | 000,000,036 | -H-- | M] () -- C:\Windows\SysWow64\f9t.dat
    [2012/08/27 10:28:05 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJASON.job
    [2012/08/27 10:24:09 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/27 10:24:09 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/27 10:16:06 | 000,000,328 | ---- | M] () -- C:\Windows\Brownie.ini
    [2012/08/27 10:12:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/27 10:12:22 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/26 18:41:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/25 17:10:28 | 000,626,986 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/08/25 12:58:51 | 000,166,967 | ---- | M] () -- C:\Users\JASON\Desktop\freehampton.pdf
    [2012/08/24 16:15:35 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2012/08/23 17:10:13 | 004,736,524 | R--- | M] (Swearware) -- C:\Users\JASON\Desktop\ComboFix.exe
    [2012/08/21 23:03:22 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    [2012/08/21 22:51:30 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
    [2012/08/21 22:51:30 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
    [2012/08/21 22:51:30 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/08/21 22:51:30 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/08/21 22:51:30 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/08/21 22:51:30 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2012/08/21 17:17:18 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/20 22:03:51 | 000,001,033 | ---- | M] () -- C:\Users\JASON\Desktop\Rankerizer.lnk
    [2012/08/19 16:13:26 | 000,000,000 | ---- | M] () -- C:\Users\JASON\Documents\Nuance Image Printer Writer Port
    [2012/08/19 16:09:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
    [2012/08/18 18:46:24 | 000,644,339 | ---- | M] () -- C:\Users\JASON\Desktop\specialoffer$33.pdf
    [2012/08/18 18:46:23 | 000,153,799 | ---- | M] () -- C:\Users\JASON\Desktop\clicksure$33.pdf
    [2012/08/16 03:29:09 | 016,274,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/16 03:03:38 | 000,000,372 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/08/14 11:33:34 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\kxhaBH20.sys
    [2012/08/14 11:26:35 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\sS43NcfQ.sys
    [2012/08/14 11:26:24 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\JmUjk3Ai.sys
    [2012/08/10 19:56:55 | 000,027,520 | ---- | M] () -- C:\Users\JASON\AppData\Local\dt.dat
    [2012/08/09 15:47:48 | 000,777,257 | ---- | M] () -- C:\Users\JASON\Desktop\Storage space S. Orleans.JPG
    [2012/08/08 11:11:11 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\72999610.sys
    [2012/08/01 15:46:58 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/08/01 15:46:57 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [19 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/27 10:27:50 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJASON.job
    [2012/08/25 12:58:51 | 000,166,967 | ---- | C] () -- C:\Users\JASON\Desktop\freehampton.pdf
    [2012/08/24 16:15:35 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2012/08/18 18:46:24 | 000,644,339 | ---- | C] () -- C:\Users\JASON\Desktop\specialoffer$33.pdf
    [2012/08/18 18:46:23 | 000,153,799 | ---- | C] () -- C:\Users\JASON\Desktop\clicksure$33.pdf
    [2012/08/14 11:31:38 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\kxhaBH20.sys
    [2012/08/14 11:19:45 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\JmUjk3Ai.sys
    [2012/08/14 11:18:14 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\sS43NcfQ.sys
    [2012/08/10 19:56:55 | 000,027,520 | ---- | C] () -- C:\Users\JASON\AppData\Local\dt.dat
    [2012/08/09 15:47:39 | 000,777,257 | ---- | C] () -- C:\Users\JASON\Desktop\Storage space S. Orleans.JPG
    [2012/08/07 20:29:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/07 20:29:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/07 20:29:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/07 20:29:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/07 20:29:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/04 19:38:26 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
    [2012/03/16 14:32:55 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2011/12/25 13:40:14 | 000,000,132 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/24 19:00:00 | 000,000,132 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2011/12/20 21:04:39 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2011/12/20 21:04:39 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2011/12/20 21:03:05 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3070CW.INI
    [2011/12/20 21:02:24 | 000,000,328 | ---- | C] () -- C:\Windows\Brownie.ini
    [2011/12/18 22:51:22 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
    [2011/11/16 14:46:22 | 000,001,456 | ---- | C] () -- C:\Users\JASON\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/10/04 09:09:22 | 000,000,600 | ---- | C] () -- C:\Users\JASON\AppData\Local\PUTTY.RND
    [2011/08/19 20:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config
    [2011/06/08 15:38:53 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
    [2011/06/07 00:20:10 | 000,001,854 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\GhostObjGAFix.xml
    [2011/03/17 20:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/02/15 19:06:21 | 000,777,968 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/09 23:35:30 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2011/02/09 23:35:30 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2011/02/09 23:34:40 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
    [2011/02/09 23:31:09 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
    [2011/02/09 23:23:18 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2011/02/06 21:30:37 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/01/11 21:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2010/12/14 22:00:30 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2010/12/14 21:45:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/09/21 11:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >
    [19 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/26 18:52:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/26 18:52:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/26 18:52:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/17 15:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/26 18:52:32 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/26 18:52:32 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/26 18:52:32 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/08/14 11:26:24 | 000,035,712 | ---- | M] () -- C:\Windows\system32\drivers\JmUjk3Ai.sys
    [2012/08/14 11:33:34 | 000,035,712 | ---- | M] () -- C:\Windows\system32\drivers\kxhaBH20.sys
    [2012/08/14 11:26:35 | 000,035,712 | ---- | M] () -- C:\Windows\system32\drivers\sS43NcfQ.sys

    < %systemroot%\System32\config\*.sav >

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [19 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2011/12/31 01:03:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip
    [2011/12/18 22:59:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ABBYY FineReader for ScanSnap
    [2012/02/17 21:45:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acoolsoft
    [2011/12/13 17:04:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
    [2011/11/15 22:54:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Download Assistant
    [2011/12/14 10:54:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Story
    [2012/01/23 00:53:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Android
    [2011/07/02 17:43:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
    [2010/12/14 22:00:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
    [2011/09/29 17:33:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
    [2011/10/11 20:19:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
    [2011/12/20 21:03:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brother
    [2011/12/20 21:03:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brownie
    [2011/07/02 22:08:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Carbonite
    [2012/08/21 09:53:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
    [2012/08/26 17:30:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
    [2012/05/06 15:24:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
    [2010/12/14 22:07:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
    [2011/03/06 22:40:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Feedback Tool
    [2011/12/18 23:58:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Fujitsu
    [2012/03/31 11:48:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GameTap Web Player
    [2012/03/31 23:30:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
    [2011/12/06 11:01:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
    [2011/12/26 01:52:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HMA! Pro VPN
    [2010/12/14 22:01:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
    [2010/12/14 22:20:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
    [2012/02/11 23:44:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iLivid
    [2012/02/05 12:55:22 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/08/16 03:22:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
    [2011/12/19 00:44:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intuit
    [2012/07/24 14:45:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
    [2011/12/19 00:06:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
    [2010/12/14 22:23:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-NFB Reading Technology Inc
    [2011/12/19 00:09:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\KnowledgeLake
    [2012/08/06 19:28:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/04/26 20:10:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
    [2011/02/19 21:42:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2012/02/15 03:19:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
    [2011/07/01 16:26:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft LifeCam
    [2011/02/21 09:03:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
    [2012/06/13 13:15:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012/06/16 09:01:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server
    [2010/12/14 22:26:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2012/05/04 14:52:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
    [2010/12/14 22:14:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
    [2012/06/16 09:03:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
    [2011/02/06 21:30:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
    [2011/12/13 16:43:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\My Company Name
    [2011/02/06 20:30:52 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
    [2011/12/18 22:50:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PFU
    [2010/12/14 22:23:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayReady
    [2012/07/24 14:37:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
    [2012/02/08 18:46:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Rankerizer
    [2010/12/14 21:57:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
    [2012/03/12 22:49:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Retrogamer_4wEI
    [2012/07/24 14:47:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
    [2012/02/10 14:51:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
    [2011/02/09 23:30:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ScanSoft
    [2012/08/24 16:15:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Stamps.com Internet Postage
    [2011/10/26 05:31:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
    [2010/12/14 21:57:58 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
    [2012/07/14 17:58:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\UnHackMe
    [2009/07/13 21:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
    [2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
    [2011/03/31 06:01:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
    [2011/06/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
    [2011/06/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
    [2011/06/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
    [2011/06/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
    [2011/06/30 09:37:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
    [2011/12/22 15:33:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zint

    < %appdata%\*.* >
    [2012/01/24 18:51:40 | 000,000,132 | ---- | M] () -- C:\Users\JASON\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2012/01/11 02:44:53 | 000,000,132 | ---- | M] () -- C:\Users\JASON\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/06/07 00:20:10 | 000,001,854 | ---- | M] () -- C:\Users\JASON\AppData\Roaming\GhostObjGAFix.xml

    < MD5 for: AFD.SYS >
    [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
    [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [2011/04/24 19:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
    [2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
    [2011/12/27 21:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
    [2010/11/20 02:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
    [2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
    [2011/04/24 19:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\erdnt\cache86\cryptsvc.dll
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
    [2010/11/20 06:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
    [2012/04/23 21:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
    [2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\erdnt\cache64\cryptsvc.dll
    [2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
    [2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
    [2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
    [2009/07/13 18:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
    [2009/07/13 18:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
    [2010/11/20 05:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
    [2012/04/23 22:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
    [2012/04/23 22:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
    [2012/04/23 22:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
    [2012/04/23 21:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll
     
  16. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    < MD5 for: DNSRSLVR.DLL >
    [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
    [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
    [2009/07/13 18:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
    [2011/03/02 23:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
    [2011/03/02 23:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
    [2010/11/20 06:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
    [2011/03/02 23:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2012/08/17 15:27:53 | 000,008,728 | ---- | M] () MD5=328868A14EB90E6A8EA9F3FC59FC49BB -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\Locales\es.dll
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\erdnt\cache64\es.dll
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
    [2012/08/13 21:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache86\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

    < MD5 for: EXPLORER.EXE >
    [2010/12/14 22:31:49 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2010/12/14 22:33:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2010/12/14 22:31:49 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
    [2010/12/14 22:30:24 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/12/14 22:33:34 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2010/12/14 22:30:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2010/12/14 22:33:34 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2010/12/14 22:30:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2010/12/14 22:33:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2010/12/14 22:31:49 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
    [2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2010/12/14 22:30:24 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
    [2010/12/14 22:31:49 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
    [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
    [2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
    [2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\erdnt\cache64\netman.dll
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

    < MD5 for: QMGR.DLL >
    [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
    [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
    [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
    [2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
    [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
    [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
    [2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2011/04/24 22:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
    [2011/09/29 10:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
    [2010/11/20 06:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
    [2011/06/20 23:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
    [2010/12/14 22:35:25 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
    [2012/03/30 03:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
    [2011/04/24 22:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
    [2012/03/30 04:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
    [2012/03/30 03:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
    [2010/12/14 22:35:25 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
    [2009/07/13 18:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
    [2011/04/24 22:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
    [2011/06/20 23:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
    [2011/09/29 09:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
    [2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\erdnt\cache64\tcpip.sys
    [2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
    [2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
    [2011/04/24 23:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
    [2011/06/20 23:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
    [2011/06/20 23:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
    [2011/09/29 09:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
    [2011/09/29 09:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

    < MD5 for: TDX.SYS >
    [2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
    [2010/11/20 02:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\erdnt\cache64\tdx.sys
    [2010/11/20 02:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
    [2010/11/20 02:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
    [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
    [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
    [2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
    [2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
    [2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
    [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2010/12/14 22:33:34 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2010/12/14 22:33:34 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
    [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll
    [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2010/12/20 23:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
    [2010/12/20 23:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
    [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
    [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
    [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 956 bytes -> C:\ProgramData\Microsoft:9HnKuYp3w468hj00UUv3m3nkr
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 1106 bytes -> C:\Users\JASON\AppData\Local\NXI98iAF:KGfkAh4MzXmeNxnbs6On9C0NSYPU
    @Alternate Data Stream - 1105 bytes -> C:\ProgramData\Microsoft:1PM9NNTpP24GbmWz3BIvCVkKV
    < End of report >
     
  17. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    Here is the Extras log:

    OTL Extras logfile created on: 8/28/2012 7:04:59 AM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\JASON\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 47.05% Memory free
    7.50 Gb Paging File | 5.02 Gb Available in Paging File | 66.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 685.29 Gb Total Space | 122.67 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
    Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

    Computer Name: HPDESKTOP1 | User Name: JASON | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01D49ADF-FC5A-47AB-A5D3-833770E2A339}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1076BF36-3DF1-4863-B54C-A1A462C0BEE5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{18F84D9D-3EF6-4AA7-B8AA-F75BF64A99C9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{25E46292-173E-4038-A45F-85C3E4939047}" = rport=137 | protocol=17 | dir=out | app=system |
    "{27B1410A-B072-4886-8D1A-8E2019C53B9A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{306D5DAE-A919-43E6-BBBA-011D160D4F0D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{44500B49-B6E8-45F8-BB4A-C6DE0FA43EE0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{62BE62E1-B847-4FFE-9EF5-E41415BF56B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
    "{63F86D94-0653-4CDB-8974-70B431D647DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6DFE9AF4-2FA8-4217-8DDE-11BABB336616}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{77F068AF-9D30-400C-8883-778A2076BF9A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{82C41F07-0299-4847-9D00-6E082CA6E2C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{83110E19-0AA6-4A8C-9A54-44D98B281BBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8E98CBF7-404D-4F3F-A5EE-930D33B076F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
    "{9EA86A80-B660-46DE-B968-C2FC6822170D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{A2E84BB8-7CD8-46DD-977F-404C2FFB4D72}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{A8B390D7-A402-4FE1-973E-83C6B3EE483A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A9337DBC-12C7-4081-B2C9-6F69AF44EE56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B7744E6E-5EA3-40DC-876B-CC110842542D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BB3CD1A3-3E18-4916-B01C-BA08B79DF181}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C440395D-CAFC-4B67-ACD7-DD259F1BC98D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{C56A7532-A07B-46D5-84F2-D6600137E22D}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{C88FD477-E3F7-4202-B7BE-5145891ED557}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{D2E273D5-707A-4098-8C99-1EE34DB3E0DA}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D5733C2C-6287-401F-A8AA-51B62441D52E}" = rport=138 | protocol=17 | dir=out | app=system |
    "{D60C25DD-BAE9-43C3-9534-7E1B1F0FD964}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{D8E78F29-359E-4408-A99A-25CF65D77FB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DCA46FB3-B1CF-4028-9D3A-1F94D344C8F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{DFFE459C-7F4E-4CE8-96F9-282AA264FFCB}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
    "{E2BBB142-E310-4360-85FD-EF6211ADFDD3}" = lport=138 | protocol=17 | dir=in | app=system |
    "{E5C0BEB4-5A13-4F96-A5C0-735A5EF1BA99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{EF190BF4-1F1E-4564-8682-1FC4177E51EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{F76F5E00-5D31-4FD6-9F4F-E7C81D00D337}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FD0A2C99-AEC1-46A5-B670-11D7F6A80329}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FE0E2C38-79A6-4E14-8515-B658E52BCD9E}" = rport=10243 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01C84143-67A4-4344-98BA-3573623327DF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{01F72810-D83D-4A28-8900-C6B7D7FEA9A7}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{052A3F65-B9D4-4441-BACE-4C56EBB6ACE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{05DF2148-84A4-4EAB-BD8B-8F949F3DC73E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{0615D0A7-550F-435C-88D0-88E0F6543E9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0652DB3A-6483-45DD-8D70-C96BC3F327E6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{06A78366-3141-443F-B81C-43F58949A099}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{07E735F4-DB12-4F52-834E-310CD7B69C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{07E86F7F-FD5B-4E72-ADF4-2AD0C06CC3BD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{08F8337E-9C41-4E9B-9888-5D75D1107130}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
    "{0ED7BFD3-C722-4E28-B655-25DFC66622F0}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
    "{0FCBB655-8569-4B79-AF2B-2E4355E17BD7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{111F8383-96C9-4730-8377-470716789963}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{16ABD3F8-B5DD-402C-93E8-12F86C8B598A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{16F3B5DF-7B9D-44BC-A304-44E9920B41BC}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
    "{1997D491-EBBA-48B7-B597-A97D15DD9CF8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{1ADB016D-DA72-4263-9672-CD06F37B7D29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1AE47323-6766-4571-B9E6-1D7428ADB79C}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
    "{1B67343F-9F42-4428-AE67-950A0A94B39A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{23F6C7C4-C090-4238-97FB-7727B24865B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{277BCD41-1599-4CED-A662-F726B64E2CC1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
    "{28703671-4E1F-4600-BDD6-01DE64031387}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{2AF870F0-567D-4B91-8016-D802D47DDCD0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{2FB41ED1-7FC6-4470-A8D6-17CE57061C2C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{310D26A1-FA0A-4C93-8674-A5EF64FE0682}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{3351EC73-E644-41A0-882A-B352D62437F5}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{34B7112E-3805-4101-96EB-4F3EBA89382F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{3A58FB19-352F-4586-9937-D130EFB886DC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3ED614DE-D1E2-4935-A20A-409B4A3C7F36}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
    "{40C23292-000C-4B16-9926-5315DACA0304}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{443998D1-ADA3-48F9-AD45-561E07FF7EB7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
    "{4813772D-6658-4AFA-80E7-A37580DCB7A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
    "{4A7C04BB-5616-4136-8F9E-27CB0F75A3F3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{4A9562A2-FF18-480E-A1D3-EFDEEE86F15C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{4E150914-94D0-4E61-BA68-A63B19AA32FA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{5257B234-E9D5-4915-B80E-41464BA46615}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\g2_626\g2viewer.exe |
    "{525CAF1E-0506-4DF0-B857-B5DCB76831BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{535B6F95-3DC7-472E-8310-0CC7CA147DC3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{588367B3-C7AD-4E5B-BDB9-FFD917DA4187}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
    "{5EAD5EE0-7207-4A44-9CF5-02349042AA7D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{655DBBFC-0CA1-4B9D-AAAB-7D237F65A008}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{665ACC7E-EE85-4D07-96AF-6FD22A09E814}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{68AB4A64-2298-4644-AFD0-DB701488180E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
    "{6A2F0BD9-00F5-4F4E-A3CC-5A538236A754}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6EF71F6C-6C49-4138-B510-8D726A833F92}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{6F25EBC1-4BB8-4EE2-A7DE-CC41140FC4E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{70486F4D-840A-4CAC-8A2D-C60D1CA22C81}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
    "{70F9B166-9B75-484A-AD70-928C41D694E9}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe |
    "{7714F13C-CDAB-4A2F-B3DD-B21DDF504AF9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{7B2C1851-26B1-4912-91ED-F1020244F42C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{7B739655-086D-4AFA-993E-AA0E44FF48EE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
    "{7C9FD207-2D31-4943-93B6-4C6BEAB8CC30}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe |
    "{7F0BD12B-4581-4849-8D03-7575B3B0312F}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
    "{7F29C807-C502-4108-B56A-5EFE2F0E4D83}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
    "{801F152C-EC2C-4AD3-85F0-151261D5950D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{81B970AD-B4A6-4E7D-8525-2F8E6F128E98}" = protocol=58 | dir=in | app=system |
    "{81CDEEFF-71DB-4825-8F64-BA7FE51990BA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{847E942F-F811-4643-BDD0-7987A021897D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{859B6665-17FB-423C-845E-DB1F4459B911}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe |
    "{86A6F991-5474-44AD-A917-D00E8CA98CC4}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{86AEC113-2669-4C33-BC81-EDA0EDB08870}" = protocol=6 | dir=out | app=system |
    "{8720E5F4-F143-4EB6-907C-D8CEB86AF13E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{8BA6D546-E750-4756-8E8F-838081D9D891}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{8BFA304E-509C-45B9-829F-9E9F86BB7F5A}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\sqlservr.exe |
    "{8FF6F71F-EA48-4E9C-B5F6-ED72D5B4EFC1}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{90196968-2E60-4BFE-8025-B0E0842B8A2F}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "{94A87F0B-9D26-4CFF-AA16-BF13B314A77C}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
    "{9898BF78-48FF-4BCA-A467-DAE65C04DAFB}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "{9C3F1FD6-52D1-409A-9004-E5CE971F929C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9DEC4DFF-3575-412B-945D-B5B4021C04A7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A0EF66EA-7DA9-42C1-8D54-588A56BAF450}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{A3313A18-71B4-4A11-837E-427C2270D731}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AB9A4ACD-1269-4150-B5B2-DECAA75D9B30}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\g2_626\g2viewer.exe |
    "{B0C61480-FED6-4995-BF01-ED3C95AA403A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{B298765A-612F-431C-BD04-A95134C0F888}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe |
    "{B4862E5C-284C-40D4-9F52-FDE7B13EBEEF}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
    "{B5935D07-DC6A-4B46-AB7B-1ECA4120FDC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BBDAAD49-FC60-4DD8-A9D3-20F79188B200}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
    "{BF685152-318D-4A80-8ECB-E26D1BD2B932}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{C73FDDD5-C4A3-431E-8A1C-CC4FF2748590}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{CACBB77F-3126-4470-8FEF-EEC9D476DD16}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CB311226-7764-4507-BEAB-19377C920F19}" = protocol=17 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\sqlservr.exe |
    "{CBAC0E0C-0737-424C-9EA1-AC03C27776FC}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
    "{CD4AF809-92AA-4BD7-82CE-723E75AA21D0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
    "{CD58BB3C-361B-4A23-9B94-4CFB94A7EBB9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{CF43BF07-9193-4638-BE9C-92450AA0E77F}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\sqlservr.exe |
    "{D61AB43A-DC77-4FFC-BE85-943FD0DEB563}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{D8BE1FD1-3C56-426F-AD04-617377670B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{DAD2116F-2D15-42F5-AB3E-82E254C47878}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{DAF4CA11-6BFD-4A0F-B867-7B37C6D2B74C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{DF2BC37A-6488-4D40-9D28-1A45FAE782B7}" = protocol=17 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\sqlservr.exe |
    "{E052DE9E-7338-477A-AD79-7DFB820CA0B7}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
    "{EDA9C4CA-35CE-4E3C-AEB2-0A2C21D99EBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EDE1A5A0-FD2A-4470-8731-2A9B3AF24C8D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{F631C29D-F27F-4B83-BDDC-5CF07DFE2FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{FC35CE5B-8897-45B0-B6E7-174781872BEA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{FC978277-4903-4333-A2B7-B47FD8AD57DC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
    "{FDAC2D62-ED7D-42BE-8C77-253DA3F24D98}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
    "{FF75A32F-F31D-4776-93E4-A52B4A758A18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "TCP Query User{0C793902-8CBC-4379-BC0E-97917B4CE2D3}C:\program files (x86)\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\intelli-studio\istudio.exe |
    "TCP Query User{10E01893-ACF7-4F42-944E-D405C1882CD3}C:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe |
    "TCP Query User{167535E7-B69C-4052-823B-0098D4FF4904}C:\users\jason\appdata\local\temp\g2_626\g2viewer.exe" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\g2_626\g2viewer.exe |
    "TCP Query User{57595274-E59C-47D6-8DCC-303E1A41C493}C:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
    "TCP Query User{6A85C0D4-E9C7-482C-B043-2D1D684B3C22}C:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe |
    "TCP Query User{87FA1076-8889-4771-B626-B3E43925C36B}C:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
    "TCP Query User{B3910F16-4BA4-4B94-A61A-BAFC55BAAAD7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{77F7592F-B206-4DF0-B5C2-5463D35BE06E}C:\program files (x86)\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\intelli-studio\istudio.exe |
    "UDP Query User{79D8184F-82C9-43AB-8BE2-105A42820612}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{9E0BF960-D586-436F-BABB-BCE9C34CC2B1}C:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smpcsetup.exe |
    "UDP Query User{B8DD9739-FDBF-4300-AC78-E49A14352E57}C:\users\jason\appdata\local\temp\g2_626\g2viewer.exe" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\g2_626\g2viewer.exe |
    "UDP Query User{CFF957D2-D0E6-4493-B927-2C9AAB80009A}C:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp001.tmp\smwinvnc.exe |
    "UDP Query User{D221F6FC-5006-4A6F-9D57-AFF2FAE1E115}C:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
    "UDP Query User{DC89DDA0-9C08-4493-BE2A-E2CEE8984E51}C:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
     
  18. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{23307B09-6A15-4790-9E64-461CE6D7F8CB}_is1" = ShipWorks® 3.1.21.3248
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
    "{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
    "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{746006B4-6350-4820-B9BA-4C09AFA908F4}" = MyFax® Print-to-Fax Assistant 64bit
    "{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
    "AVG" = AVG 2012
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
    "{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F1DD733-AFC4-46B8-803A-05B027F94C25}" = Brother HL-3070CW
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0FFD15DD-B6B7-4F1E-8764-9DD1FED7DC0A}" = ProSeries User's Guide 2010
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2181214D-1954-4C60-91FD-EEA7EBB32022}" = QuickBooks Premier: Accountant Edition 2012
    "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
    "{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
    "{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
    "{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3689AE99-D747-4505-8C50-B6DECCD751E0}" = ScanSnap Organizer
    "{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
    "{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
    "{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
    "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
    "{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
    "{72887F99-63B9-4e73-8C1B-D5057597BF49}" = Stamps.com Address Book Support for Windows Contacts for Vista
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
    "{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
    "{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83F6FD59-DA89-4A2B-B5F6-8D87B2288687}" = Scan to Microsoft SharePoint
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E404AA6-7C63-4D95-B8D2-72256ABB6A9E}" = Stamps.com Address Book Support for Outlook Express, Works, IE
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
    "{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B8BC84AF-F167-9107-03CF-5DB87DE6D0DA}" = Adobe Story
    "{BB586E51-4876-4BB2-91EC-5CB3D0C38145}" = CardMinder V4.1
    "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
    "{BF90863B-BF23-4293-89F0-19EF85E2B170}" = ScanSnap Organizer
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CC08084A-3CB3-44C5-8D9B-04E2E299612A}" = ScanSnap
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000-2010
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D00324C0-5343-4917-BF1E-D5E45D22B7E8}" = Stamps.com Address Book Support for Common Harmony
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder
    "{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
    "{D61C1058-EDC7-48D0-85B2-B322BE385059}" = Stamps.com Address Book Support for Microsoft Outlook 97-2010
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
    "{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
    "{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
    "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
    "{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
    "{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
    "{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
    "{FA0092C2-C0FE-40DA-A79E-E4C0FCA129F9}" = Intuit Entitlement Client
    "{FB410000-0002-0000-0000-074957833700}" = ABBYY FineReader for ScanSnap (TM) 4.1
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "7-Zip" = 7-Zip 9.20
    "Acoolsoft PPT to Video Pro_is1" = Acoolsoft PPT to Video Pro 3.2.7
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Android SDK Tools" = Android SDK Tools
    "Carbonite Backup" = Carbonite
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
    "com.adobe.dmp.contentviewer" = Adobe Content Viewer
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
    "Data Transfer Utility 11" = Data Transfer Utility 11
    "Google Chrome" = Google Chrome
    "HMA! Pro VPN" = HMA! Pro VPN 2.6.9
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Intelli-studio" = SAMSUNG Intelli-studio
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "My HP Game Console" = HP Game Console
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Office14.SingleImage" = Microsoft Office Home and Business 2010
    "ProSeries 2010" = ProSeries 2010
    "Stamps.com" = Stamps.com
    "Stamps.com support for Harmony" = Stamps.com support for Harmony
    "Stamps.com support for Microsoft Outlook 2000-2010" = Stamps.com support for Microsoft Outlook 2000-2010
    "Stamps.com support for Microsoft Outlook 97-2010" = Stamps.com support for Microsoft Outlook 97-2010
    "Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
    "Stamps.com support for Outlook Express, Works, IE" = Stamps.com support for Outlook Express, Works, IE
    "Stamps.com support for Windows Contacts for Vista" = Stamps.com support for Windows Contacts for Vista
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089299" = Mystery P.I. - The London Caper
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "Zint" = Zint

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 5.1.0.880

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/27/2012 5:47:30 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000031a40
    Faulting
    process id: 0xecc Faulting application start time: 0x01cd84915440e04f Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: ccb22f85-f090-11e1-ae3c-64315024e3ab

    Error - 8/27/2012 6:44:22 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x00000000000533b7
    Faulting
    process id: 0x1aa0 Faulting application start time: 0x01cd849d8f54320e Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: be6b20da-f098-11e1-ae3c-64315024e3ab

    Error - 8/27/2012 7:52:07 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x00000000000533b7
    Faulting
    process id: 0xedc Faulting application start time: 0x01cd84a58111e624 Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 3559817e-f0a2-11e1-ae3c-64315024e3ab

    Error - 8/27/2012 9:35:25 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000031a40
    Faulting
    process id: 0x1b28 Faulting application start time: 0x01cd84aef8327679 Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: a3a66fda-f0b0-11e1-ae3c-64315024e3ab

    Error - 8/27/2012 11:23:12 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: dbghelp.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7c5ac Exception code: 0xc0000005 Fault offset: 0x0000000000018791
    Faulting
    process id: 0x1efc Faulting application start time: 0x01cd84bd7807f6c2 Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\system32\dbghelp.dll Report Id: b2490fd5-f0bf-11e1-ae3c-64315024e3ab

    Error - 8/27/2012 11:53:02 PM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: WS2_32.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7ba68 Exception code: 0xc0000005 Fault offset: 0x00006fb2 Faulting
    process id: 0x1f44 Faulting application start time: 0x01cd84d09e65bf45 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\syswow64\WS2_32.dll Report Id: dd4c16e6-f0c3-11e1-ae3c-64315024e3ab

    Error - 8/28/2012 1:00:26 AM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000031a40
    Faulting
    process id: 0x18e4 Faulting application start time: 0x01cd84cc7556a046 Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 47a00aec-f0cd-11e1-ae3c-64315024e3ab

    Error - 8/28/2012 2:44:20 AM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: dbghelp.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7c5ac Exception code: 0xc0000005 Fault offset: 0x0000000000018791
    Faulting
    process id: 0x1948 Faulting application start time: 0x01cd84da1d26f99d Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\system32\dbghelp.dll Report Id: cb5d90b5-f0db-11e1-ae3c-64315024e3ab

    Error - 8/28/2012 5:04:40 AM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000031a40
    Faulting
    process id: 0x19dc Faulting application start time: 0x01cd84e89fbfb625 Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 6613bf3b-f0ef-11e1-ae3c-64315024e3ab

    Error - 8/28/2012 10:19:05 AM | Computer Name = HPDESKTOP1 | Source = Application Error | ID = 1000
    Description = Faulting application name: carboniteservice.exe, version: 4.0.4.806,
    time stamp: 0x4d6ffa6b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000031a40
    Faulting
    process id: 0x1a68 Faulting application start time: 0x01cd84fc288fabbf Faulting application
    path: C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 527e2a24-f11b-11e1-ae3c-64315024e3ab

    [ Hewlett-Packard Events ]
    Error - 7/13/2012 7:52:34 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:44:37 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:54:00 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:54:00 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:54:57 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:55:12 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:55:45 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:56:34 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/14/2012 11:58:30 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/6/2012 1:52:13 PM | Computer Name = HPDESKTOP1 | Source = HPSF.exe | ID = 4000
    Description =

    [ System Events ]
    Error - 8/27/2012 11:24:13 PM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the CarboniteService service,
    but this action failed with the following error: %%1056

    Error - 8/28/2012 1:00:29 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7031
    Description = The CarboniteService service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 8/28/2012 1:01:29 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the CarboniteService service,
    but this action failed with the following error: %%1056

    Error - 8/28/2012 2:44:21 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7031
    Description = The CarboniteService service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 8/28/2012 2:45:21 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the CarboniteService service,
    but this action failed with the following error: %%1056

    Error - 8/28/2012 5:04:41 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7031
    Description = The CarboniteService service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 8/28/2012 5:05:41 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the CarboniteService service,
    but this action failed with the following error: %%1056

    Error - 8/28/2012 9:55:58 AM | Computer Name = HPDESKTOP1 | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 80.

    Error - 8/28/2012 10:19:07 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7031
    Description = The CarboniteService service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 8/28/2012 10:20:07 AM | Computer Name = HPDESKTOP1 | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the CarboniteService service,
    but this action failed with the following error: %%1056


    < End of report >
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :OTL
      DRV - [2012/08/14 11:33:34 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\kxhaBH20.sys -- (kxhaBH20)
      DRV - [2012/08/14 11:26:35 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\sS43NcfQ.sys -- (sS43NcfQ)
      DRV - [2012/08/14 11:26:24 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\JmUjk3Ai.sys -- (JmUjk3Ai)
      IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
      IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
      IE - HKLM\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/myweb...&n=77ed2945&psa=&st=sb&searchfor={searchTerms}
      IE - HKCU\..\SearchScopes\{0BDAF422-7CB0-42AC-80C2-3A279B3CACF5}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
      IE - HKCU\..\SearchScopes\{15B78E6B-5A75-48FB-A917-52B4309A4D42}: "URL" =
      IE - HKCU\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebsearch.com/myweb...&n=77ed2945&psa=&st=sb&searchfor={searchTerms}
      O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O4 - HKCU..\Run: [AdobeBridge] File not found
      [2012/08/24 16:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
      [2012/08/24 16:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BE3DA6A-4249-4BEC-9AE7-CA0EA247E62C}
      [2012/08/24 16:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}
      [2012/08/24 16:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
      [2012/08/24 16:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
      [2012/08/24 16:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D}
      [2012/08/24 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22}
      @Alternate Data Stream - 956 bytes -> C:\ProgramData\Microsoft:9HnKuYp3w468hj00UUv3m3nkr
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
      @Alternate Data Stream - 1106 bytes -> C:\Users\JASON\AppData\Local\NXI98iAF:KGfkAh4MzXmeNxnbs6On9C0NSYPU
      @Alternate Data Stream - 1105 bytes -> C:\ProgramData\Microsoft:1PM9NNTpP24GbmWz3BIvCVkKV

      :commands
      [emptytemp]
      [reboot]

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
     
  20. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    Hi DMJ - Ran the OTL but still have the virus. Here is the Log: Thanks again.

    All processes killed
    ========== OTL ==========
    Service kxhaBH20 stopped successfully!
    Service kxhaBH20 deleted successfully!
    C:\Windows\SysWOW64\drivers\kxhaBH20.sys moved successfully.
    Service sS43NcfQ stopped successfully!
    Service sS43NcfQ deleted successfully!
    C:\Windows\SysWOW64\drivers\sS43NcfQ.sys moved successfully.
    Service JmUjk3Ai stopped successfully!
    Service JmUjk3Ai deleted successfully!
    C:\Windows\SysWOW64\drivers\JmUjk3Ai.sys moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BDAF422-7CB0-42AC-80C2-3A279B3CACF5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDAF422-7CB0-42AC-80C2-3A279B3CACF5}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15B78E6B-5A75-48FB-A917-52B4309A4D42}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B78E6B-5A75-48FB-A917-52B4309A4D42}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef80d754-fb77-4a7f-be75-489beebb20c9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
    C:\ProgramData\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7} folder moved successfully.
    C:\ProgramData\{9BE3DA6A-4249-4BEC-9AE7-CA0EA247E62C} folder moved successfully.
    C:\ProgramData\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666} folder moved successfully.
    C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E} folder moved successfully.
    C:\ProgramData\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C} folder moved successfully.
    C:\ProgramData\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D} folder moved successfully.
    C:\ProgramData\{232FC370-3714-4F10-BC93-DA33AA1D6D22} folder moved successfully.
    ADS C:\ProgramData\Microsoft:9HnKuYp3w468hj00UUv3m3nkr deleted successfully.
    ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
    ADS C:\Users\JASON\AppData\Local\NXI98iAF:KGfkAh4MzXmeNxnbs6On9C0NSYPU deleted successfully.
    ADS C:\ProgramData\Microsoft:1PM9NNTpP24GbmWz3BIvCVkKV deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: JASON
    ->Temp folder emptied: 10087942 bytes
    ->Temporary Internet Files folder emptied: 632463574 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 380184751 bytes
    ->Apple Safari cache emptied: 37400576 bytes
    ->Flash cache emptied: 57606 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 107552 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1906216 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
    RecycleBin emptied: 140755 bytes

    Total Files Cleaned = 1,013.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 08302012_134717
    Files\Folders moved on Reboot...
    C:\Users\JASON\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Windows\temp\msdtadmin\_D81F42AE-09B0-480C-8D0B-AA4A9FD1B8EF_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_5C677F6D-1494-42E4-A6E5-0B580FD1332C_\inuse moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\JASON\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Windows\temp\msdtadmin\_D81F42AE-09B0-480C-8D0B-AA4A9FD1B8EF_\inuse not found!
    File C:\Windows\temp\msdtadmin\_5C677F6D-1494-42E4-A6E5-0B580FD1332C_\inuse not found!
    Registry entries deleted on Reboot...
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  22. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    Hi DMJ-

    I still have the original Google Re-Direct Virus with the Random Audio Advertisments that I have always had. When you search on Google or Bing and click on a search result - you get redirected to various scam ads websites. Also radomly audio advertisments start playing on the computer (sound like radio ads). My AVG anti-virus program pops up about every 10 seconds with a treat detection from file C:\Windows\SysWOW64\user32.dll and says Virus found: Win32\Patched

    Besides this annoying virus my computer seems to be running normally.

    Thanks again.
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi there. Open OTL, copy and paste this to the Custom Scans/Fixes box:

    user32.dll
    %TEMP%\smtmp\*.* /s

    Then, hit the Run Scan button.

    Post any logs in your next reply.
     
  24. Jason Miller

    Jason Miller TS Rookie Topic Starter Posts: 37

    Here is the scan:

    OTL logfile created on: 9/2/2012 7:20:04 PM - Run 2
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\JASON\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 57.35% Memory free
    7.50 Gb Paging File | 5.62 Gb Available in Paging File | 75.02% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 685.29 Gb Total Space | 123.60 Gb Free Space | 18.04% Space Free | Partition Type: NTFS
    Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

    Computer Name: HPDESKTOP1 | User Name: JASON | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/27 13:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/20 14:46:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JASON\Desktop\OTL.exe
    PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/02/23 15:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/01/31 14:43:34 | 000,048,128 | ---- | M] (FS) -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
    PRC - [2011/12/06 09:48:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/10/01 11:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/06/30 16:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2011/04/22 20:28:46 | 001,081,344 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
    PRC - [2011/03/28 20:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/03/03 23:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2011/01/19 15:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
    PRC - [2009/09/30 13:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
    PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2008/10/20 17:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brownie\BRNIPMON.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/25 01:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/25 01:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/08 16:53:48 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
    MOD - [2011/03/16 18:30:58 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
    MOD - [2010/08/24 19:56:50 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
    MOD - [2008/11/12 18:32:30 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
    MOD - [2003/03/26 21:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/06/30 06:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/03/03 23:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
    SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/05/20 18:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2012/01/31 14:43:34 | 000,048,128 | ---- | M] (FS) [Auto | Running] -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe -- (SpyroService)
    SRV - [2011/12/06 09:48:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/10/01 11:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 11:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/07/13 07:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2011/06/30 16:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2011/06/21 18:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/03/28 20:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/07/24 00:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/08 11:11:11 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\72999610.sys -- (72999610)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/02/15 14:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/10/01 11:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 11:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 11:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 11:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/07/13 07:00:14 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2011/06/30 08:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/06/30 06:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/06/17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/18 21:13:36 | 000,024,992 | ---- | M] (Windows (R) DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vad.sys -- (VAD_DEV)
    DRV:64bit: - [2010/09/02 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/08/13 06:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2010/08/13 06:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2010/07/21 20:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2010/05/20 18:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2010/03/10 08:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/14 22:24:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/21 07:54:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/12/13 16:48:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/21 23:03:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/21 07:52:37 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AVG Safe Search = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
    CHR - Extension: AVG Do Not Track = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
    CHR - Extension: Gmail = C:\Users\JASON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/08/26 18:41:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF49D771-4EDE-4A85-B771-E1CDD3CA87C1}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb2 - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/31 18:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FS
    [2012/08/31 18:48:31 | 000,000,000 | ---D | C] -- C:\Users\JASON\AppData\Local\Downloaded Installations
    [2012/08/31 18:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\FS
    [2012/08/30 13:47:17 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/08/26 19:33:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/26 18:41:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/24 16:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
    [2012/08/21 22:57:50 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Vendio
    [2012/08/21 22:57:28 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Virus
    [2012/08/21 22:52:00 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/08/21 22:51:41 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2012/08/21 22:51:40 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/08/21 22:51:38 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/08/21 22:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/08/21 08:56:22 | 000,000,000 | ---D | C] -- C:\Users\JASON\Desktop\Bourne Creative SEO Course
    [2012/08/16 03:04:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/08/16 03:04:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/08/16 03:04:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/08/16 03:04:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/08/16 03:04:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/08/16 03:04:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/08/16 03:04:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/08/16 03:04:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/08/16 03:04:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/08/16 03:04:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/08/16 03:04:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/08/16 03:04:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/08/16 03:04:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/08/15 04:24:36 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
    [2012/08/15 04:24:32 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2012/08/15 04:24:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2012/08/15 04:24:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
    [2012/08/15 04:24:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
    [2012/08/15 04:24:31 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
    [2012/08/15 04:24:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
    [2012/08/15 04:24:29 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
    [2012/08/14 11:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\unhook
    [2012/08/14 11:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE
    [2012/08/11 21:31:01 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\72999610.sys
    [2012/08/11 09:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/08/07 20:29:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/07 20:29:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/07 20:29:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/06 19:29:28 | 000,000,000 | ---D | C] -- C:\Users\JASON\AppData\Roaming\Malwarebytes
    [2012/08/06 19:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/06 19:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/06 19:28:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/06 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/02 19:17:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/02 19:17:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/02 19:13:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/02 19:10:19 | 093,556,287 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/09/02 19:07:01 | 000,000,328 | ---- | M] () -- C:\Windows\Brownie.ini
    [2012/09/02 19:06:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/02 19:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/02 19:04:55 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/02 17:08:46 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
    [2012/09/01 12:52:57 | 000,000,036 | -H-- | M] () -- C:\Windows\SysWow64\f9t.dat
    [2012/09/01 08:42:57 | 000,043,520 | ---- | M] () -- C:\Users\JASON\Desktop\Backup of Jason Miller - Resume.wbk
    [2012/08/31 18:49:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
    [2012/08/31 04:15:23 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/30 18:57:44 | 000,628,825 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/08/30 14:04:40 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJASON.job
    [2012/08/26 18:41:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/25 12:58:51 | 000,166,967 | ---- | M] () -- C:\Users\JASON\Desktop\freehampton.pdf
    [2012/08/24 16:15:35 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2012/08/23 17:10:13 | 004,736,524 | R--- | M] (Swearware) -- C:\Users\JASON\Desktop\ComboFix.exe
    [2012/08/21 23:03:22 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    [2012/08/21 22:51:30 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
    [2012/08/21 22:51:30 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
    [2012/08/21 22:51:30 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/08/21 22:51:30 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/08/21 22:51:30 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/08/21 22:51:30 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2012/08/20 22:03:51 | 000,001,033 | ---- | M] () -- C:\Users\JASON\Desktop\Rankerizer.lnk
    [2012/08/19 16:13:26 | 000,000,000 | ---- | M] () -- C:\Users\JASON\Documents\Nuance Image Printer Writer Port
    [2012/08/18 18:46:24 | 000,644,339 | ---- | M] () -- C:\Users\JASON\Desktop\specialoffer$33.pdf
    [2012/08/18 18:46:23 | 000,153,799 | ---- | M] () -- C:\Users\JASON\Desktop\clicksure$33.pdf
    [2012/08/16 03:29:09 | 016,274,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/16 03:03:38 | 000,000,372 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/08/10 19:56:55 | 000,027,520 | ---- | M] () -- C:\Users\JASON\AppData\Local\dt.dat
    [2012/08/09 15:47:48 | 000,777,257 | ---- | M] () -- C:\Users\JASON\Desktop\Storage space S. Orleans.JPG
    [2012/08/08 11:11:11 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\72999610.sys
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/01 08:20:25 | 000,043,520 | ---- | C] () -- C:\Users\JASON\Desktop\Backup of Jason Miller - Resume.wbk
    [2012/08/31 18:49:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
    [2012/08/27 10:27:50 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJASON.job
    [2012/08/25 12:58:51 | 000,166,967 | ---- | C] () -- C:\Users\JASON\Desktop\freehampton.pdf
    [2012/08/24 16:15:35 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2012/08/18 18:46:24 | 000,644,339 | ---- | C] () -- C:\Users\JASON\Desktop\specialoffer$33.pdf
    [2012/08/18 18:46:23 | 000,153,799 | ---- | C] () -- C:\Users\JASON\Desktop\clicksure$33.pdf
    [2012/08/10 19:56:55 | 000,027,520 | ---- | C] () -- C:\Users\JASON\AppData\Local\dt.dat
    [2012/08/09 15:47:39 | 000,777,257 | ---- | C] () -- C:\Users\JASON\Desktop\Storage space S. Orleans.JPG
    [2012/08/07 20:29:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/07 20:29:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/07 20:29:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/07 20:29:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/07 20:29:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/04 19:38:26 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
    [2012/03/16 14:32:55 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2011/12/25 13:40:14 | 000,000,132 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/24 19:00:00 | 000,000,132 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2011/12/20 21:04:39 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2011/12/20 21:04:39 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2011/12/20 21:03:05 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3070CW.INI
    [2011/12/20 21:02:24 | 000,000,328 | ---- | C] () -- C:\Windows\Brownie.ini
    [2011/12/18 22:51:22 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
    [2011/11/16 14:46:22 | 000,001,456 | ---- | C] () -- C:\Users\JASON\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/10/04 09:09:22 | 000,000,600 | ---- | C] () -- C:\Users\JASON\AppData\Local\PUTTY.RND
    [2011/08/19 20:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config
    [2011/06/08 15:38:53 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
    [2011/06/07 00:20:10 | 000,001,854 | ---- | C] () -- C:\Users\JASON\AppData\Roaming\GhostObjGAFix.xml
    [2011/03/17 20:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/02/15 19:06:21 | 000,777,968 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/09 23:35:30 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2011/02/09 23:35:30 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2011/02/09 23:34:40 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
    [2011/02/09 23:31:09 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
    [2011/02/09 23:23:18 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2011/02/06 21:30:37 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/01/11 21:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2010/12/14 22:00:30 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2010/12/14 21:45:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/09/21 11:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

    ========== Custom Scans ==========

    < user32.dll >

    < %TEMP%\smtmp\*.* /s >
    < End of report >
     
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Open OTL, click the None button...copy and paste this to the Custom Scans/Fixes box and hit Run Scan:

    user32.* /md5
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...