Scan result of Farbar Recovery Scan Tool Version: 19-05-2012 Ran by SYSTEM at 22-05-2012 13:32:00 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9913376 2009-12-29] (Realtek Semiconductor) HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-16] (Egis Technology Inc.) HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1465304 2010-02-03] (McAfee, Inc.) HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-04-16] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [260608 2010-03-08] (NewTech Infosystems, Inc.) HKU\Administrator\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-21] (Google Inc.) HKU\User\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [152872 2007-06-27] (Nero AG) HKU\User\...\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h [1015808 2010-10-27] (Ares Development Group) HKU\User\...\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x] HKLM-x32\...\RunOnce: [IdentityCardFUB] C:\Windows\oem\IdentityCard\FUB.exe [227872 2009-10-08] () HKLM-x32\...\Runonce: [AirShare] "C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\AirShareInstaller.exe" 0;1;1;1.6.65;C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\; [x] HKLM-x32\...\RunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{72B77~1\setup.exe /reboot /z [316736 2010-04-21] (NewTech Infosystems ) Tcpip\Parameters: [DhcpNameServer] 168.95.1.1 ==================== Services (Whitelisted) ====== 2 0070621271847342mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\007062~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [7947 2010-04-21] () 2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) 2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2009-12-23] (Intel Corporation) 2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2009-12-14] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2009-12-14] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2009-12-14] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2009-12-14] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2009-12-14] (McAfee, Inc.) 3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [509416 2009-12-30] (McAfee, Inc.) 2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2009-12-14] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2009-12-14] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199032 2010-01-05] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [244840 2010-01-05] (McAfee, Inc.) 2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [148520 2010-01-05] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2009-12-14] (McAfee, Inc.) 3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-16] (Egis Technology Inc.) 2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) ========================== Drivers (Whitelisted) ============= 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [62416 2010-01-05] (McAfee, Inc.) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121504 2010-01-05] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [189880 2010-01-05] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [440688 2010-01-05] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [528232 2010-01-05] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75288 2010-01-05] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [93840 2010-01-05] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [279752 2010-01-05] (McAfee, Inc.) 3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.) 3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [239136 2010-02-28] (Realtek Semiconductor Corp.) 3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [213280 2009-12-01] (Realtek Semiconductor Corp.) 3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-05-22 13:31 - 2012-05-22 13:32 - 0000000 ____D C:\FRST 2012-05-22 07:35 - 2012-05-22 08:42 - 1073741824 __ASH C:\zPagefile.sys 2012-05-22 06:27 - 2012-05-22 06:27 - 0003304 ____N C:\bootsqm.dat 2012-05-21 23:25 - 2012-05-21 23:25 - 0000000 ____D C:\Backup1 2012-05-20 16:16 - 2012-05-20 16:16 - 0000000 ____D C:\Backup 2012-05-20 16:10 - 2012-05-20 16:10 - 0000000 ____A C:\Recovery.txt 2012-05-17 23:35 - 2012-05-17 23:35 - 0000000 ____D C:\Users\User\AppData\Local\{C484C349-AA2C-4607-8F88-4EA741631793} 2012-05-17 23:35 - 2012-05-17 23:35 - 0000000 ____D C:\Users\User\AppData\Local\{520AB666-EC27-414A-B5D2-CDA0108D2C44} 2012-05-17 11:15 - 2012-05-17 11:15 - 0000000 ____D C:\Users\User\AppData\Local\{B29B1C9B-5C78-4AC8-903D-6C6667F96106} 2012-05-17 11:15 - 2012-05-17 11:15 - 0000000 ____D C:\Users\User\AppData\Local\{2F9678B0-11C3-4AF5-BACB-49DCD52C4FD5} 2012-05-16 04:16 - 2012-05-16 04:16 - 0000000 ____D C:\Users\User\AppData\Local\{699B89A1-94A6-4737-B9C5-D1588AFD589A} 2012-05-16 04:16 - 2012-05-16 04:16 - 0000000 ____D C:\Users\User\AppData\Local\{3C4C2F54-3525-46C7-85CC-DD082DEDFB74} 2012-05-15 02:47 - 2012-05-15 02:47 - 0000000 ____D C:\Users\User\AppData\Local\{27C7FD36-A2E4-4EF4-9E47-23545F56AD9C} 2012-05-14 09:40 - 2012-05-15 02:47 - 0000000 ____D C:\Users\User\AppData\Local\{A8FC8478-35AE-43D2-9649-CC37472B344B} 2012-05-14 09:40 - 2012-05-14 09:40 - 0000000 ____D C:\Users\User\AppData\Local\{A6F1FD76-9F75-43FF-9662-EF08A62A2A13} 2012-05-14 09:39 - 2012-05-14 09:39 - 0000000 ____D C:\Windows\es 2012-05-14 09:37 - 2012-05-14 09:37 - 0000000 ____D C:\Program Files\Windows Live 2012-05-14 02:45 - 2012-05-14 02:45 - 0000000 ____D C:\Users\User\AppData\Local\{E28348C9-8E58-48DC-B74F-EBD80C22660C} 2012-05-14 02:45 - 2012-05-14 02:45 - 0000000 ____D C:\Users\User\AppData\Local\{B3554D71-E6EF-4E4B-B11D-DE7C22F0AAA2} 2012-05-14 00:54 - 2012-05-14 00:54 - 0000000 ____D C:\Users\User\AppData\Local\{C9E4F020-4F26-490C-81D9-322EF23258A6} 2012-05-14 00:54 - 2012-05-14 00:54 - 0000000 ____D C:\Users\User\AppData\Local\{A3F49670-232A-4846-9CD6-664F70F1F7C8} 2012-05-13 22:52 - 2012-05-13 22:55 - 0000000 ____D C:\Users\User\Desktop\musica 2012-05-13 22:51 - 2012-05-13 22:52 - 0000000 ____D C:\Users\User\Desktop\varios cari 2012-05-13 22:51 - 2012-05-13 22:51 - 0000000 ____D C:\Users\User\Desktop\varios 2012-05-13 22:51 - 2012-03-12 05:51 - 0000000 ____D C:\Users\User\Desktop\regueton 2011 2012-05-12 14:52 - 2012-05-12 14:52 - 0000000 ____D C:\Users\User\AppData\Local\{EB5FD5B2-8FA5-4423-A2D3-7447EB9D3A84} 2012-05-12 14:52 - 2012-05-12 14:52 - 0000000 ____D C:\Users\User\AppData\Local\{BC7D76BD-2435-46C2-AA16-2D6B36733A4E} 2012-05-12 00:04 - 2012-05-12 00:04 - 0000000 ____D C:\Program Files\Microsoft Silverlight 2012-05-11 07:49 - 2012-05-11 07:49 - 0000000 ____D C:\Users\User\Desktop\DOC027.XSM 2012-05-11 07:49 - 2012-05-11 01:43 - 0045284 ____A C:\Users\User\Desktop\curriculum.docx 2012-05-11 03:33 - 2012-05-11 03:33 - 0000000 ____D C:\Users\User\Desktop\curro 2012-05-10 12:24 - 2012-05-10 12:24 - 0000000 ____D C:\Users\User\AppData\Local\{BAFE8FC9-BBBF-4338-9326-27ADB1452197} 2012-05-10 12:24 - 2012-05-10 12:24 - 0000000 ____D C:\Users\User\AppData\Local\{0C5B00C0-0D52-4928-B098-CB7D6E0F44D5} 2012-05-10 00:00 - 2012-05-10 00:05 - 0000000 ____D C:\Users\User\Desktop\pen 2012-05-07 02:11 - 2012-05-10 00:30 - 0026624 ____A C:\Users\User\Desktop\curriculum.wps 2012-05-07 02:01 - 2012-05-07 02:01 - 0264550 ____A C:\Users\User\Desktop\Moje zdjecie 1.png 2012-05-04 09:42 - 2012-05-04 09:42 - 0000000 ____D C:\Users\User\AppData\Local\{FE6EDED0-B47B-4DDB-88CE-138FE31DB860} 2012-05-04 09:42 - 2012-05-04 09:42 - 0000000 ____D C:\Users\User\AppData\Local\{FAAD3DEA-E127-4296-8025-4E6FC3D85B5F} 2012-05-02 11:44 - 2012-05-02 11:44 - 0131584 ____A C:\Users\User\Desktop\dieta3000kcal.doc 2012-05-02 11:40 - 2012-05-02 11:40 - 0131584 ____A C:\Users\User\Desktop\dieta 2250kcal.doc 2012-04-30 22:42 - 2012-04-30 22:48 - 0000000 ____D C:\Users\User\Desktop\house 2012-04-30 15:38 - 2012-05-19 06:43 - 0000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-806295760-645604311-1674677108-1000UA.job 2012-04-30 15:38 - 2012-05-19 01:10 - 0000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-806295760-645604311-1674677108-1000Core.job 2012-04-30 15:38 - 2012-04-30 15:38 - 0000000 ____D C:\Users\User\AppData\Local\Facebook 2012-04-30 15:37 - 2012-04-30 15:37 - 0493520 ____A (Facebook Inc.) C:\Users\User\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe 2012-04-29 08:04 - 2012-04-29 08:04 - 0000000 ____D C:\Users\User\AppData\Local\{EE74FA53-CBEF-4985-99C5-774CBB5C1003} 2012-04-29 08:03 - 2012-04-29 08:04 - 0000000 ____D C:\Users\User\AppData\Local\{5CF474C0-8639-45DC-959E-BD1667BE56B5} 2012-04-28 07:47 - 2012-04-28 07:47 - 0000000 ____D C:\Users\User\AppData\Local\{E71F925C-85CF-499B-9E0B-872A717B6A0E} 2012-04-28 07:47 - 2012-04-28 07:47 - 0000000 ____D C:\Users\User\AppData\Local\{4391E2F7-F291-41FA-BA8B-80A3A5A467D5} 2012-04-27 07:26 - 2012-04-27 07:26 - 0000000 ____D C:\Users\User\AppData\Local\{D82FF97A-C039-4D8D-A758-8BA2CCF4F477} 2012-04-27 07:26 - 2012-04-27 07:26 - 0000000 ____D C:\Users\User\AppData\Local\{73B2DA56-B4DE-4FCB-827C-310057063100} 2012-04-26 00:04 - 2012-04-26 04:27 - 0002106 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk 2012-04-26 00:04 - 2012-04-26 04:27 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan 2012-04-26 00:04 - 2012-04-26 00:04 - 0000000 ____D C:\Users\All Users\McAfee Security Scan 2012-04-26 00:04 - 2012-04-26 00:04 - 0000000 ____D C:\ProgramData\McAfee Security Scan 2012-04-25 11:52 - 2012-04-25 11:52 - 0000000 ____D C:\Users\User\AppData\Local\{637C63D9-0DF2-4058-A9D6-B2252A3F328C} 2012-04-25 11:51 - 2012-04-25 11:52 - 0000000 ____D C:\Users\User\AppData\Local\{47D61C0A-4CE8-46BC-89F2-523C550C7DFA} 2012-04-25 07:19 - 2012-04-25 07:19 - 0000000 ____D C:\Users\User\AppData\Local\{AAD0592F-933F-4B38-B968-788E62578A1D} 2012-04-25 07:19 - 2012-04-25 07:19 - 0000000 ____D C:\Users\User\AppData\Local\{97F139C8-C2C0-4A3A-AAAA-D76E0FB13E50} 2012-04-24 04:08 - 2012-04-24 04:09 - 0000000 ____D C:\Users\User\AppData\Roaming\Mozilla 2012-04-24 04:08 - 2012-04-24 04:08 - 0000000 ____D C:\Users\User\AppData\Local\Mozilla 2012-04-24 04:08 - 2012-04-24 04:08 - 0000000 ____D C:\Users\All Users\Mozilla 2012-04-24 04:08 - 2012-04-24 04:08 - 0000000 ____D C:\ProgramData\Mozilla 2012-04-24 04:08 - 2012-04-24 04:08 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2012-04-24 04:08 - 2012-04-24 04:08 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox ============ 3 Months Modified Files and Folders ============= 2012-05-22 13:32 - 2012-05-22 13:31 - 0000000 ____D C:\FRST 2012-05-22 11:30 - 2011-03-10 08:04 - 2962300928 __ASH C:\hiberfil.sys 2012-05-22 11:30 - 2010-04-21 03:19 - 0000000 ____D C:\Windows\Panther 2012-05-22 08:42 - 2012-05-22 07:35 - 1073741824 __ASH C:\zPagefile.sys 2012-05-22 07:35 - 2009-07-13 19:18 - 0000000 __SHD C:\$RECYCLE.BIN 2012-05-22 06:30 - 2012-04-01 14:16 - 0500402 ____A C:\Windows\ntbtlog.txt 2012-05-22 06:28 - 2011-03-10 08:04 - 0063840 ____A C:\Windows\PFRO.log 2012-05-22 06:27 - 2012-05-22 06:27 - 0003304 ____N C:\bootsqm.dat 2012-05-21 23:57 - 2010-04-21 02:56 - 0023825 ____A C:\Windows\patch.log 2012-05-21 23:56 - 2009-03-12 01:30 - 0000000 ____D C:\Windows\LP 2012-05-21 23:47 - 2009-07-13 21:38 - 0025600 __ASH C:\Windows\System32\config\BCD-Template.LOG 2012-05-21 23:47 - 2009-07-13 21:32 - 0028672 ____A C:\Windows\System32\config\BCD-Template 2012-05-21 23:25 - 2012-05-21 23:25 - 0000000 ____D C:\Backup1 2012-05-20 16:54 - 2011-03-10 16:58 - 0694386 ____A C:\Windows\System32\perfh00A.dat 2012-05-20 16:54 - 2011-03-10 16:58 - 0134448 ____A C:\Windows\System32\perfc00A.dat 2012-05-20 16:53 - 2011-03-10 16:57 - 0000000 ____D C:\Windows\SysWOW64\es 2012-05-20 16:53 - 2011-03-10 16:57 - 0000000 ____D C:\Windows\SysWOW64\Drivers\es-ES 2012-05-20 16:53 - 2011-03-10 16:57 - 0000000 ____D C:\Windows\System32\es 2012-05-20 16:53 - 2011-03-10 16:57 - 0000000 ____D C:\Windows\System32\Drivers\es-ES 2012-05-20 16:53 - 2011-03-10 16:57 - 0000000 ____D C:\Windows\es-ES 2012-05-20 16:52 - 2011-03-10 16:58 - 0341432 ____A C:\Windows\System32\perfi00A.dat 2012-05-20 16:52 - 2011-03-10 16:58 - 0041390 ____A C:\Windows\System32\perfd00A.dat 2012-05-20 16:22 - 2011-11-01 08:00 - 0000000 ____D C:\Users\User\AppData\Roaming\MusicNet 2012-05-20 16:22 - 2011-03-24 13:30 - 0000000 ____D C:\Users\User\AppData\Roaming\Media Player Classic 2012-05-20 16:22 - 2011-03-11 03:03 - 0000000 ____D C:\Users\User\AppData\Roaming\Ahead 2012-05-20 16:22 - 2011-03-10 08:43 - 0000000 ____D C:\Users\User\AppData\Roaming\Liteon 2012-05-20 16:21 - 2011-06-08 09:19 - 0000000 ____D C:\Users\User\AppData\Local\optBeruby 2012-05-20 16:21 - 2011-03-16 10:56 - 0000000 ____D C:\Users\User\AppData\Local\{5340440F-0222-433B-95F3-886AFBE3F137} 2012-05-20 16:21 - 2011-03-11 02:25 - 0000000 ____D C:\Users\User\AppData\Local\Windows Live 2012-05-20 16:16 - 2012-05-20 16:16 - 0000000 ____D C:\Backup 2012-05-20 16:16 - 2012-04-09 10:26 - 0000000 ____D C:\Users\Public\Documents\1Click DVD Copy Pro 2012-05-20 16:16 - 2012-04-09 10:24 - 0000000 ____D C:\Users\Public\Documents\LGSI 2012-05-20 16:10 - 2012-05-20 16:10 - 0000000 ____A C:\Recovery.txt 2012-05-20 16:10 - 2011-03-10 08:19 - 0000000 ____D C:\Recovery 2012-05-19 07:14 - 2011-03-11 09:56 - 0000000 ____D C:\Users\User\AppData\Roaming\Skype 2012-05-19 07:07 - 2011-03-11 09:57 - 0001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-05-19 06:50 - 2012-03-29 12:01 - 0000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-05-19 06:47 - 2011-06-28 12:18 - 0000000 ____D C:\Users\User\Desktop\My Shared Folder 2012-05-19 06:43 - 2012-04-30 15:38 - 0000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-806295760-645604311-1674677108-1000UA.job 2012-05-19 05:13 - 2012-03-29 12:01 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-05-19 05:13 - 2011-05-22 09:12 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-05-19 01:13 - 2011-03-11 09:57 - 0001092 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-05-19 01:10 - 2012-04-30 15:38 - 0000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-806295760-645604311-1674677108-1000Core.job 2012-05-17 23:35 - 2012-05-17 23:35 - 0000000 ____D C:\Users\User\AppData\Local\{C484C349-AA2C-4607-8F88-4EA741631793} 2012-05-17 23:35 - 2012-05-17 23:35 - 0000000 ____D C:\Users\User\AppData\Local\{520AB666-EC27-414A-B5D2-CDA0108D2C44} 2012-05-17 11:16 - 2011-03-11 10:13 - 0000000 ____D C:\Users\User\AppData\Roaming\Winamp 2012-05-17 11:15 - 2012-05-17 11:15 - 0000000 ____D C:\Users\User\AppData\Local\{B29B1C9B-5C78-4AC8-903D-6C6667F96106} 2012-05-17 11:15 - 2012-05-17 11:15 - 0000000 ____D C:\Users\User\AppData\Local\{2F9678B0-11C3-4AF5-BACB-49DCD52C4FD5} 2012-05-17 11:14 - 2011-03-11 01:38 - 0000000 ____D C:\Users\User\Tracing 2012-05-16 04:16 - 2012-05-16 04:16 - 0000000 ____D C:\Users\User\AppData\Local\{699B89A1-94A6-4737-B9C5-D1588AFD589A} 2012-05-16 04:16 - 2012-05-16 04:16 - 0000000 ____D C:\Users\User\AppData\Local\{3C4C2F54-3525-46C7-85CC-DD082DEDFB74} 2012-05-15 02:47 - 2012-05-15 02:47 - 0000000 ____D C:\Users\User\AppData\Local\{27C7FD36-A2E4-4EF4-9E47-23545F56AD9C} 2012-05-15 02:47 - 2012-05-14 09:40 - 0000000 ____D C:\Users\User\AppData\Local\{A8FC8478-35AE-43D2-9649-CC37472B344B} 2012-05-14 09:40 - 2012-05-14 09:40 - 0000000 ____D C:\Users\User\AppData\Local\{A6F1FD76-9F75-43FF-9662-EF08A62A2A13} 2012-05-14 09:39 - 2012-05-14 09:39 - 0000000 ____D C:\Windows\es 2012-05-14 09:37 - 2012-05-14 09:37 - 0000000 ____D C:\Program Files\Windows Live 2012-05-14 09:37 - 2011-03-10 08:49 - 0000000 ____D C:\Program Files (x86)\Windows Live 2012-05-14 09:35 - 2011-03-10 08:50 - 0069760 ____A C:\Windows\DirectX.log 2012-05-14 02:45 - 2012-05-14 02:45 - 0000000 ____D C:\Users\User\AppData\Local\{E28348C9-8E58-48DC-B74F-EBD80C22660C} 2012-05-14 02:45 - 2012-05-14 02:45 - 0000000 ____D C:\Users\User\AppData\Local\{B3554D71-E6EF-4E4B-B11D-DE7C22F0AAA2} 2012-05-14 00:54 - 2012-05-14 00:54 - 0000000 ____D C:\Users\User\AppData\Local\{C9E4F020-4F26-490C-81D9-322EF23258A6} 2012-05-14 00:54 - 2012-05-14 00:54 - 0000000 ____D C:\Users\User\AppData\Local\{A3F49670-232A-4846-9CD6-664F70F1F7C8} 2012-05-13 22:55 - 2012-05-13 22:52 - 0000000 ____D C:\Users\User\Desktop\musica 2012-05-13 22:52 - 2012-05-13 22:51 - 0000000 ____D C:\Users\User\Desktop\varios cari 2012-05-13 22:51 - 2012-05-13 22:51 - 0000000 ____D C:\Users\User\Desktop\varios 2012-05-12 14:52 - 2012-05-12 14:52 - 0000000 ____D C:\Users\User\AppData\Local\{EB5FD5B2-8FA5-4423-A2D3-7447EB9D3A84} 2012-05-12 14:52 - 2012-05-12 14:52 - 0000000 ____D C:\Users\User\AppData\Local\{BC7D76BD-2435-46C2-AA16-2D6B36733A4E} 2012-05-12 00:04 - 2012-05-12 00:04 - 0000000 ____D C:\Program Files\Microsoft Silverlight 2012-05-11 07:49 - 2012-05-11 07:49 - 0000000 ____D C:\Users\User\Desktop\DOC027.XSM 2012-05-11 03:33 - 2012-05-11 03:33 - 0000000 ____D C:\Users\User\Desktop\curro 2012-05-11 01:43 - 2012-05-11 07:49 - 0045284 ____A C:\Users\User\Desktop\curriculum.docx 2012-05-10 12:24 - 2012-05-10 12:24 - 0000000 ____D C:\Users\User\AppData\Local\{BAFE8FC9-BBBF-4338-9326-27ADB1452197} 2012-05-10 12:24 - 2012-05-10 12:24 - 0000000 ____D C:\Users\User\AppData\Local\{0C5B00C0-0D52-4928-B098-CB7D6E0F44D5} 2012-05-10 00:30 - 2012-05-07 02:11 - 0026624 ____A C:\Users\User\Desktop\curriculum.wps 2012-05-10 00:30 - 2012-03-26 03:29 - 0000222 ____A C:\Users\User\AppData\Roaming\wklnhst.dat 2012-05-10 00:17 - 2011-03-11 01:13 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-05-10 00:05 - 2012-05-10 00:00 - 0000000 ____D C:\Users\User\Desktop\pen 2012-05-07 02:01 - 2012-05-07 02:01 - 0264550 ____A C:\Users\User\Desktop\Moje zdjecie 1.png 2012-05-06 01:26 - 2011-12-14 13:32 - 0000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics 2012-05-04 11:50 - 2012-04-16 07:42 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2012-05-04 09:42 - 2012-05-04 09:42 - 0000000 ____D C:\Users\User\AppData\Local\{FE6EDED0-B47B-4DDB-88CE-138FE31DB860} 2012-05-04 09:42 - 2012-05-04 09:42 - 0000000 ____D C:\Users\User\AppData\Local\{FAAD3DEA-E127-4296-8025-4E6FC3D85B5F} 2012-05-03 09:24 - 2011-03-11 01:51 - 0000000 ____D C:\Users\User\AppData\Local\Ares 2012-05-02 11:44 - 2012-05-02 11:44 - 0131584 ____A C:\Users\User\Desktop\dieta3000kcal.doc 2012-05-02 11:40 - 2012-05-02 11:40 - 0131584 ____A C:\Users\User\Desktop\dieta 2250kcal.doc 2012-04-30 22:48 - 2012-04-30 22:42 - 0000000 ____D C:\Users\User\Desktop\house 2012-04-30 17:01 - 2012-04-01 12:08 - 1585386 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-04-30 17:01 - 2012-04-01 12:08 - 0001912 ____A C:\Windows\epplauncher.mif 2012-04-30 17:01 - 2012-04-01 12:08 - 0000000 ____D C:\Program Files\Microsoft Security Client 2012-04-30 17:01 - 2012-04-01 12:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-04-30 15:38 - 2012-04-30 15:38 - 0000000 ____D C:\Users\User\AppData\Local\Facebook 2012-04-30 15:37 - 2012-04-30 15:37 - 0493520 ____A (Facebook Inc.) C:\Users\User\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe 2012-04-29 08:04 - 2012-04-29 08:04 - 0000000 ____D C:\Users\User\AppData\Local\{EE74FA53-CBEF-4985-99C5-774CBB5C1003} 2012-04-29 08:04 - 2012-04-29 08:03 - 0000000 ____D C:\Users\User\AppData\Local\{5CF474C0-8639-45DC-959E-BD1667BE56B5} 2012-04-28 07:47 - 2012-04-28 07:47 - 0000000 ____D C:\Users\User\AppData\Local\{E71F925C-85CF-499B-9E0B-872A717B6A0E} 2012-04-28 07:47 - 2012-04-28 07:47 - 0000000 ____D C:\Users\User\AppData\Local\{4391E2F7-F291-41FA-BA8B-80A3A5A467D5} 2012-04-27 07:26 - 2012-04-27 07:26 - 0000000 ____D C:\Users\User\AppData\Local\{D82FF97A-C039-4D8D-A758-8BA2CCF4F477} 2012-04-27 07:26 - 2012-04-27 07:26 - 0000000 ____D C:\Users\User\AppData\Local\{73B2DA56-B4DE-4FCB-827C-310057063100} 2012-04-26 04:27 - 2012-04-26 00:04 - 0002106 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk 2012-04-26 04:27 - 2012-04-26 00:04 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan 2012-04-26 00:04 - 2012-04-26 00:04 - 0000000 ____D C:\Users\All Users\McAfee Security Scan 2012-04-26 00:04 - 2012-04-26 00:04 - 0000000 ____D C:\ProgramData\McAfee Security Scan 2012-04-25 11:52 - 2012-04-25 11:52 - 0000000 ____D C:\Users\User\AppData\Local\{637C63D9-0DF2-4058-A9D6-B2252A3F328C} 2012-04-25 11:52 - 2012-04-25 11:51 - 0000000 ____D C:\Users\User\AppData\Local\{47D61C0A-4CE8-46BC-89F2-523C550C7DFA} 2012-04-25 07:19 - 2012-04-25 07:19 - 0000000 ____D C:\Users\User\AppData\Local\{AAD0592F-933F-4B38-B968-788E62578A1D} 2012-04-25 07:19 - 2012-04-25 07:19 - 0000000 ____D C:\Users\User\AppData\Local\{97F139C8-C2C0-4A3A-AAAA-D76E0FB13E50} 2012-04-25 03:50 - 2011-03-11 01:38 - 0000000 ____D C:\Users\User\Downloads\PROGRAMAS NO TOCAR! 2012-04-24 10:36 - 2011-12-04 08:13 - 0000064 ____A C:\Users\User\Documents\gps.txt 2012-04-24 04:09 - 2012-04-24 04:08 - 0000000 ____D C:\Users\User\AppData\Roaming\Mozilla 2012-04-24 04:08 - 2012-04-24 04:08 - 0000000 ____D C:\Users\User\AppData\Local\Mozilla 2012-04-24 04:08 - 2012-04-24 04:08 - 0000000 ____D C:\Users\All Users\Mozilla 2012-04-24 04:08 - 2012-04-24 04:08 - 0000000 ____D C:\ProgramData\Mozilla 2012-04-24 04:08 - 2012-04-24 04:08 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2012-04-24 04:08 - 2012-04-24 04:08 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-04-23 15:38 - 2012-01-03 04:12 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-23 15:22 - 2011-03-11 01:24 - 0000000 ____D C:\Users\All Users\boost_interprocess 2012-04-23 15:22 - 2011-03-11 01:24 - 0000000 ____D C:\ProgramData\boost_interprocess 2012-04-20 09:56 - 2011-03-10 23:41 - 0000000 ____D C:\Users\User\AppData\Local\Google 2012-04-18 07:54 - 2012-04-18 07:54 - 0750488 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll 2012-04-18 07:54 - 2012-04-18 07:54 - 0660368 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-04-18 07:54 - 2012-04-18 07:54 - 0264584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-04-18 07:54 - 2012-04-18 07:54 - 0188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-04-18 07:54 - 2012-04-18 07:54 - 0188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-04-18 07:54 - 2012-04-18 07:54 - 0000000 ____D C:\Program Files\Java 2012-04-18 07:52 - 2012-04-18 07:52 - 0000000 ____D C:\Users\All Users\Sun 2012-04-18 07:52 - 2012-04-18 07:52 - 0000000 ____D C:\ProgramData\Sun 2012-04-18 07:51 - 2012-04-18 07:51 - 0000000 ____D C:\Program Files (x86)\Oracle 2012-04-18 07:50 - 2011-03-10 08:20 - 0000000 ____D C:\Users\User\AppData\LocalLow 2012-04-18 07:49 - 2012-04-18 07:50 - 0173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-04-18 07:49 - 2012-04-18 07:50 - 0173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-04-18 07:49 - 2012-04-18 07:49 - 0000000 ____D C:\Program Files (x86)\Java 2012-04-16 08:19 - 2012-04-16 08:19 - 0000000 ____D C:\Users\User\AppData\Local\{FCCB9A49-2374-4BFE-8E67-B70716594C46} 2012-04-16 08:19 - 2012-04-16 08:19 - 0000000 ____D C:\Users\User\AppData\Local\{7A89D7A5-217A-4BC1-9D9A-9C42C6B1A890} 2012-04-16 07:42 - 2012-04-16 07:42 - 0000000 ____D C:\Users\User\AppData\Local\{D7547754-1A71-4ABF-B44D-73FEE29B51E2} 2012-04-11 23:51 - 2012-04-11 23:51 - 0000000 ____D C:\Users\User\AppData\Local\{759D5129-9953-4D51-BC17-A8F0CE47C10B} 2012-04-11 11:51 - 2012-04-11 11:51 - 0000000 ____D C:\Users\User\AppData\Local\{652D34FF-A2F8-40E9-82A7-82EE7F73395F} 2012-04-11 02:55 - 2012-03-26 03:37 - 0016896 ____A C:\Users\User\Documents\Curriculum.wps 2012-04-09 23:17 - 2012-04-09 10:26 - 0000000 ____D C:\Users\All Users\1click dvd copy pro 2012-04-09 23:17 - 2012-04-09 10:26 - 0000000 ____D C:\ProgramData\1click dvd copy pro 2012-04-09 11:24 - 2012-04-09 11:23 - 0000000 ____D C:\Users\User\AppData\Local\{B5E7F5D5-9336-432A-8A2B-25D033A766E3} 2012-04-09 10:41 - 2012-04-09 10:34 - 0000000 ____D C:\Users\User\Documents\DVDFab 2012-04-09 10:34 - 2012-04-09 10:34 - 0001022 ____A C:\Users\User\Desktop\DVDFab 8 Qt.lnk 2012-04-09 10:34 - 2012-04-09 10:34 - 0000000 ____D C:\Program Files (x86)\DVDFab 8 Qt 2012-04-09 10:24 - 2012-04-09 10:24 - 0000000 ____D C:\Program Files (x86)\LG Software Innovations 2012-04-07 14:44 - 2012-04-07 14:44 - 0000000 ____D C:\Users\User\AppData\Roaming\RealNetworks 2012-04-04 09:23 - 2012-04-04 09:23 - 0000000 ____D C:\Users\User\AppData\Local\{1AFFD231-4E8C-411F-BA11-ECA3C547CBFD} 2012-04-04 05:56 - 2012-04-01 12:36 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-03 13:35 - 2012-04-03 13:35 - 0002684 ____A C:\AdwCleaner[R1].txt 2012-04-02 08:56 - 2011-03-15 11:07 - 0000000 ____D C:\Users\User\Documents\Mis archivos recibidos 2012-04-02 08:49 - 2011-03-11 01:51 - 0000000 ____D C:\Users\User\Desktop\descargas ares 2012-04-02 08:25 - 2011-03-10 03:49 - 0000000 ____D C:\Users\User\Desktop\todas las fotos 2012-04-02 07:00 - 2011-03-11 01:54 - 0000000 ____A C:\Windows\SysWOW64\config.nt 2012-04-02 06:26 - 2012-04-02 06:26 - 0000000 ____D C:\_OTL 2012-04-02 03:36 - 2012-04-02 03:36 - 0000000 ____D C:\Users\User\AppData\Local\{2EF7A96C-D00E-4533-ADFB-A2642AAE8BD3} 2012-04-02 03:22 - 2012-04-02 03:22 - 0006207 ____A C:\Users\User\Documents\FIX.REG 2012-04-01 11:35 - 2011-05-11 09:41 - 0000000 ____D C:\Program Files (x86)\SweetIM 2012-04-01 11:29 - 2012-04-01 11:29 - 0000020 ____A C:\Windows\`õ  2012-04-01 03:24 - 2012-04-01 03:24 - 0000000 ____D C:\Users\User\AppData\Local\{DE88B761-D077-4FB0-9679-1F129FCD641A} 2012-03-31 13:08 - 2012-03-31 13:08 - 0018785 ____A C:\Users\User\Downloads\528278_378227665545583_230249087010109_1171142_2122213931_n.jpg 2012-03-31 11:40 - 2012-03-31 11:40 - 0000000 ____D C:\Users\User\AppData\Local\{A1393C19-134E-4070-B950-29534AE39382} 2012-03-30 11:11 - 2011-03-24 11:52 - 0000000 ____D C:\Users\User\AppData\Local\Cyberlink 2012-03-30 04:58 - 2012-03-30 04:58 - 0000000 ____D C:\Users\User\AppData\Local\{3833F160-ACEA-41A3-B444-357E7D36B88D} 2012-03-29 12:02 - 2012-03-29 12:01 - 0000000 ____D C:\Users\User\AppData\Local\{550FD4BA-CEB7-42A6-AE2F-E30922606EC1} 2012-03-29 11:52 - 2012-03-29 11:52 - 0000000 ____D C:\Users\User\AppData\Local\{308DD480-5626-49CF-9A52-8F03936F5534} 2012-03-26 07:23 - 2012-03-26 07:23 - 0000000 ____D C:\Users\User\AppData\Local\{6BD3E112-A86C-4E9D-A9F4-D33E80161887} 2012-03-26 07:23 - 2012-03-26 07:23 - 0000000 ____D C:\Users\User\AppData\Local\{0D999BA4-64B5-4CDA-87AF-ACF539EE2B0B} 2012-03-26 03:30 - 2012-03-26 03:30 - 0000000 ____D C:\Users\User\AppData\Roaming\Template 2012-03-25 05:13 - 2012-03-25 05:13 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2012-03-25 04:47 - 2012-03-25 03:52 - 979878288 ____A (Microsoft Corporation) C:\Users\User\Downloads\X17-75080.exe 2012-03-25 04:13 - 2012-03-25 04:13 - 0321309 ____A C:\Users\User\Downloads\google_wzory_cv.zip 2012-03-25 04:10 - 2012-02-19 09:26 - 0000000 ____D C:\Users\User\Downloads\SEGURIDA SOCIAL POLONIA 2012-03-24 05:34 - 2012-03-24 05:34 - 0000000 ____D C:\Users\User\AppData\Local\{8635DCF2-FC0D-4913-BF12-987DEFD19E1E} 2012-03-24 05:34 - 2012-03-24 05:34 - 0000000 ____D C:\Users\User\AppData\Local\{1D167A04-D41F-4825-9B55-F4A5606400BE} 2012-03-23 05:26 - 2012-03-23 05:26 - 0000000 ____D C:\Users\User\AppData\Local\{C342FF73-E0FE-45E5-9056-2E18CD85BCD9} 2012-03-23 05:26 - 2012-03-23 05:26 - 0000000 ____D C:\Users\User\AppData\Local\{8303C2F9-C055-4162-AEA8-456EE1125CD4} 2012-03-21 09:38 - 2011-03-11 09:56 - 0000000 ___RD C:\Program Files (x86)\Skype 2012-03-21 09:38 - 2011-03-11 09:56 - 0000000 ____D C:\Users\All Users\Skype 2012-03-21 09:38 - 2011-03-11 09:56 - 0000000 ____D C:\ProgramData\Skype 2012-03-20 10:44 - 2011-04-27 05:25 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys 2012-03-20 10:44 - 2011-04-18 03:18 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys 2012-03-17 13:12 - 2012-03-17 13:12 - 0000000 ____D C:\Users\User\AppData\Local\{BA70850A-CF38-45E5-8365-DA9B02388974} 2012-03-17 13:12 - 2012-03-17 13:12 - 0000000 ____D C:\Users\User\AppData\Local\{8461797A-8956-42C0-B75D-93FDF4B701CD} 2012-03-16 13:29 - 2012-03-16 13:29 - 0000000 ____D C:\Users\User\AppData\Local\{CCD50F7C-AABD-450F-B1FE-35DDD04A3717} 2012-03-16 13:29 - 2012-03-16 13:29 - 0000000 ____D C:\Users\User\AppData\Local\{0E4BFF3D-23C5-4D9D-88C7-149D5994FC6F} 2012-03-15 05:33 - 2012-03-15 05:33 - 0000000 ____D C:\Users\User\AppData\Local\{93B1E97D-12BD-472A-9880-D595AB4E0479} 2012-03-15 05:33 - 2012-03-15 05:33 - 0000000 ____D C:\Users\User\AppData\Local\{80858592-3CB4-4FC2-83B8-ABC958F5E627} 2012-03-12 05:51 - 2012-05-13 22:51 - 0000000 ____D C:\Users\User\Desktop\regueton 2011 2012-03-11 13:21 - 2012-03-11 13:21 - 0000000 ____D C:\Users\User\AppData\Local\{571C15CD-01A4-438A-B449-CB978FF654D3} 2012-03-11 13:21 - 2012-03-11 13:21 - 0000000 ____D C:\Users\User\AppData\Local\{31FA8B66-04E1-49BB-AA72-207A9041FE16} 2012-03-11 01:55 - 2012-03-11 01:55 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf 2012-03-10 05:21 - 2012-03-10 05:21 - 0000000 ____D C:\Users\User\AppData\Local\{61692992-A9F5-4F13-99AE-D6CF13E0C241} 2012-03-10 05:21 - 2012-03-10 05:21 - 0000000 ____D C:\Users\User\AppData\Local\{128C6732-C6F0-453F-A955-1449C1F477AC} 2012-03-10 01:33 - 2012-02-08 14:21 - 0000000 ____D C:\Program Files (x86)\20Dollars2Surf 2012-03-09 10:24 - 2012-03-09 10:24 - 0000000 ____D C:\Users\User\AppData\Local\{60E02E37-E209-40EE-9806-52E53A4F0F0C} 2012-03-09 10:24 - 2012-03-09 10:23 - 0000000 ____D C:\Users\User\AppData\Local\{31860228-9155-4FAD-8B61-42429FD1BE05} 2012-03-08 13:00 - 2012-03-08 13:00 - 0000000 ____D C:\Users\User\AppData\Local\{5E61D0ED-AECE-471F-B521-D8DDD67AB848} 2012-03-08 13:00 - 2012-03-08 12:59 - 0000000 ____D C:\Users\User\AppData\Local\{BF1C1096-5FCE-4307-953B-6581BCB4A9B0} 2012-03-08 08:50 - 2012-03-08 08:50 - 0049016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll 2012-03-08 08:37 - 2012-03-08 08:37 - 0302448 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR 2012-03-07 14:45 - 2012-03-07 14:45 - 0000000 ____D C:\Users\User\AppData\Local\{CEA19D64-E783-4097-95CB-7C3211D2BD1C} 2012-03-07 14:45 - 2012-03-07 14:45 - 0000000 ____D C:\Users\User\AppData\Local\{BAE1778E-4E38-4CBF-8AC2-CA65F4646D6B} 2012-03-06 02:23 - 2012-03-06 02:23 - 0000000 ____D C:\Users\User\AppData\Local\{B50CDF15-38CE-405E-8D9B-A30DF6BF66CC} 2012-03-06 02:23 - 2012-03-06 02:23 - 0000000 ____D C:\Users\User\AppData\Local\{0CFB7537-BDA9-4FCC-BB8F-E923A009B74E} 2012-03-04 12:41 - 2012-03-04 12:40 - 0000000 ____D C:\Users\User\AppData\Local\{653512B1-F232-41D0-8DEE-25AFD66C9B1A} 2012-03-04 12:40 - 2012-03-04 12:40 - 0000000 ____D C:\Users\User\AppData\Local\{E209C60B-9E18-4C3E-A39F-EDD0F9952E50} 2012-03-03 12:46 - 2012-03-03 12:46 - 0000000 ____D C:\Users\User\AppData\Local\{3A862E2B-0E15-4F71-9B59-4854DFFB6E85} 2012-03-03 12:46 - 2012-03-03 12:46 - 0000000 ____D C:\Users\User\AppData\Local\{0626248B-7153-4AAA-91F8-A77487510D17} 2012-03-01 08:46 - 2012-03-01 08:45 - 0000000 ____D C:\Users\User\AppData\Local\{1039C1F9-5FD5-4682-8D6A-295D10807554} 2012-03-01 08:45 - 2012-03-01 08:45 - 0000000 ____D C:\Users\User\AppData\Local\{BAE788B0-64AD-4C18-B6EE-11FCB9AC6816} 2012-02-29 13:23 - 2012-02-29 13:23 - 0000000 ____D C:\Users\User\AppData\Local\{822A5F99-1353-4689-970C-6051B9C3A7C1} 2012-02-29 13:23 - 2012-02-29 13:23 - 0000000 ____D C:\Users\User\AppData\Local\{58B74690-AAB7-440D-8DD4-5D6E211D9C23} 2012-02-29 01:23 - 2012-02-29 01:22 - 0000000 ____D C:\Users\User\AppData\Local\{139B2EA7-7D30-40D2-927B-85C4641190A0} 2012-02-29 01:22 - 2012-02-29 01:22 - 0000000 ____D C:\Users\User\AppData\Local\{28B9ABCD-4528-4254-BAF2-6B6B18E8AEDF} 2012-02-28 11:19 - 2012-02-28 11:19 - 0000000 ____D C:\Users\User\AppData\Local\{BA7552FE-4503-40B7-B317-A060B0B18F5C} 2012-02-28 11:19 - 2012-02-28 11:19 - 0000000 ____D C:\Users\User\AppData\Local\{5E343A74-0757-4DDB-880C-CA32B05400F4} 2012-02-27 22:56 - 2012-04-16 07:50 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-02-27 17:18 - 2012-04-16 07:50 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-02-27 14:51 - 2012-02-27 14:51 - 0000000 ____D C:\Users\User\AppData\Local\{C0D895F3-A3F9-4A05-B795-F9D79584B50C} 2012-02-27 14:51 - 2012-02-27 14:51 - 0000000 ____D C:\Users\User\AppData\Local\{75ADCA56-2D67-4D7D-BD92-A5644283DD07} 2012-02-25 15:17 - 2012-02-25 15:17 - 0000000 ____D C:\Users\User\AppData\Local\{D44B9A90-2D28-472E-8561-9C34DB8BDA98} 2012-02-25 15:17 - 2012-02-25 15:17 - 0000000 ____D C:\Users\User\AppData\Local\{59B6059F-18EC-4036-A1C8-7CA2C60A1199} 2012-02-24 15:06 - 2012-02-24 15:05 - 0000000 ____D C:\Users\User\AppData\Local\{4AAE911C-364F-471A-B949-770A5A15EEBA} 2012-02-24 15:05 - 2012-02-24 15:05 - 0000000 ____D C:\Users\User\AppData\Local\{4DF6375B-B3AC-442E-9234-7C70AB8E2443} 2012-02-24 01:48 - 2012-02-24 01:48 - 0000000 ____D C:\Users\User\AppData\Local\{928F6711-3E66-4CDF-8EFF-5892C37D6A6C} 2012-02-24 01:48 - 2012-02-24 01:48 - 0000000 ____D C:\Users\User\AppData\Local\{584EB420-9C67-4A1E-BE92-F9ABA909E25C} 2012-02-23 05:44 - 2012-02-23 05:44 - 0000000 ____D C:\Users\User\AppData\Local\{6D222108-EF4C-4497-A6F1-0E3B69BC009F} 2012-02-23 05:44 - 2012-02-23 05:44 - 0000000 ____D C:\Users\User\AppData\Local\{3DEF65E2-0FBF-4B27-8FEE-6B6B8426D59C} 2012-02-23 00:18 - 2011-03-10 09:50 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 3766.76 MB Available physical RAM: 3216.97 MB Total Pagefile: 3764.91 MB Available Pagefile: 3209.9 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (Acer) (Fixed) (Total:582.07 GB) (Free:453.27 GB) NTFS 2 Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:2.84 GB) NTFS ==>[System with boot components (obtained from reading drive)] 3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF 4 Drive g: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 7639 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 14 GB 31 KB Partition 2 Primary 101 MB 14 GB Partition 3 Primary 582 GB 14 GB ====================================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E PQSERVICE NTFS Partition 14 GB Healthy Hidden ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM RESE NTFS Partition 101 MB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Acer NTFS Partition 582 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7638 MB 31 KB ====================================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G KINGSTON FAT32 Removable 7638 MB Healthy ====================================================================================================== ========================================================== Last Boot: 2010-04-21 02:19 ======================= End Of Log ==========================