Scan result of Farbar Recovery Scan Tool Version: 25-05-2012
Ran by 5136 at 25-05-2012 19:02:23
Running from E:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: Registry editing has been disabled by your administrator.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
========================== Registry (Whitelisted) =============
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)
==================== Services (Whitelisted) ======
========================== Drivers (Whitelisted) =============
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-05-25 19:02 - 2012-05-25 19:02 - 0000000 ____D C:\FRST
2012-05-25 18:45 - 2012-05-25 18:45 - 0003472 ____N C:\bootsqm.dat
2012-05-25 18:14 - 2012-05-25 18:14 - 0000000 __SHD C:\found.000
2012-05-25 16:44 - 2012-05-25 16:43 - 0208384 __ASH C:\Users\5136\AppData\Roaming\WinArchiver.exe
2012-05-25 13:28 - 2012-05-25 13:34 - 0000000 ____D C:\sn0wbreeze
2012-05-24 23:25 - 2012-03-31 08:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-24 23:25 - 2012-03-31 06:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-24 23:25 - 2012-03-31 06:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-24 23:25 - 2012-03-31 05:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-24 23:25 - 2012-03-17 09:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-24 23:25 - 2012-03-03 08:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-24 23:25 - 2012-03-03 07:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-24 23:24 - 2012-03-30 13:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-23 11:53 - 2012-05-23 11:53 - 0099321 ____A C:\Users\5136\Documents\Boardingpass FRAPMI 24may2012.pdf
2012-05-21 05:18 - 2012-05-21 05:18 - 0558080 ____N C:\Users\5136\Documents\Accommodation report - present season.xls
2012-05-21 05:18 - 2012-05-21 05:18 - 0500224 ____N C:\Users\5136\Documents\Accommodation report - next season.xls
2012-05-21 05:18 - 2012-05-21 05:18 - 0315392 ____N C:\Users\5136\Documents\Accommodation report - third season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 1129984 ____N C:\Users\5136\Documents\Destination report - present season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 0896000 ____N C:\Users\5136\Documents\Destination report - next season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 0492544 ____N C:\Users\5136\Documents\Destination report - third season.xls
2012-05-18 18:05 - 2012-05-18 18:05 - 0004096 ___AH C:\Users\5136\AppData\Local\keyfile3.drm
2012-05-17 09:53 - 2012-05-17 09:53 - 0081440 ____A C:\Users\5136\Documents\HKT SUBA SUKA w1112.xlsx
2012-05-17 09:20 - 2012-05-17 09:33 - 0029520 ____A C:\Users\5136\Documents\HKT SUBA w1112 RoomNight Cap.xlsx
2012-05-16 20:29 - 2012-05-17 09:35 - 0121351 ____A C:\Users\5136\Documents\Test.xlsx
2012-05-15 12:21 - 2012-05-15 20:08 - 4056441 ____A C:\Users\5136\Documents\Agenda Produkt möte 120516.docx
2012-05-15 10:31 - 2012-05-15 10:31 - 0056231 ____A C:\Users\5136\Documents\Beedneed AYT s12.xlsx
2012-05-14 15:52 - 2012-05-14 15:52 - 0000000 ____D C:\Users\5136\Lync Recordings
2012-05-14 15:43 - 2012-05-14 15:44 - 0027235 ____A C:\Users\5136\Documents\TCNE Product Matrix s12 w1213.xlsx
2012-05-14 04:57 - 2012-05-14 04:57 - 0536064 ____N C:\Users\5136\Documents\Overview report - TCNE.xls
2012-05-11 14:29 - 2012-05-11 14:29 - 0195003 ____A C:\Users\5136\Documents\IKEA TCNE letter.dotx
2012-05-11 14:28 - 2012-05-11 14:28 - 7626867 ____A C:\Users\5136\Documents\TCNE presentation.pptx
2012-05-11 14:13 - 2012-05-11 14:13 - 3386804 ____A C:\Users\5136\Documents\TCNE Resort & Hotel division.pptx
2012-05-11 13:24 - 2012-05-11 13:27 - 0000000 ____D C:\Users\5136\Documents\DVDFab
2012-05-11 13:24 - 2012-05-11 13:25 - 0000000 ____D C:\Users\5136\AppData\Roaming\Vso
2012-05-11 13:24 - 2012-05-11 13:24 - 0099384 ____A C:\Users\5136\AppData\Roaming\inst.exe
2012-05-11 13:24 - 2012-05-11 13:24 - 0082816 ____A (VSO Software) C:\Windows\System32\Drivers\pcouffin.sys
2012-05-11 13:24 - 2012-05-11 13:24 - 0082816 ____A (VSO Software) C:\Users\5136\AppData\Roaming\pcouffin.sys
2012-05-11 13:24 - 2012-05-11 13:24 - 0007859 ____A C:\Users\5136\AppData\Roaming\pcouffin.cat
2012-05-11 13:24 - 2012-05-11 13:24 - 0001167 ____A C:\Users\5136\AppData\Roaming\pcouffin.inf
2012-05-11 13:24 - 2012-05-11 13:24 - 0000034 ____A C:\Users\5136\AppData\Roaming\pcouffin.log
2012-05-11 13:24 - 2012-05-11 13:24 - 0000000 ____D C:\Program Files (x86)\DVDFab 5
2012-05-11 09:49 - 2012-05-14 15:18 - 0043714 ____A C:\Users\5136\Documents\AYT SURO SUSB s12 Occ Follow-up Aug-Oct.xlsx
2012-05-10 14:46 - 2012-05-10 14:46 - 0015872 ____A C:\Windows\System32\results.xml
2012-05-10 14:45 - 2012-05-10 14:45 - 0000000 ____D C:\Program Files\Common Files\Intel
2012-05-10 14:45 - 2012-05-10 14:45 - 0000000 ____D C:\Program Files (x86)\Intel
2012-05-10 14:27 - 2012-05-10 14:44 - 90242800 ____A (Hewlett Packard ) C:\Users\5136\Desktop\sp56282.exe
2012-05-10 14:24 - 2012-05-10 14:24 - 0000000 ____D C:\Users\5136\AppData\Roaming\Hewlett-Packard
2012-05-10 14:21 - 2012-05-10 14:21 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-05-10 11:20 - 2012-05-10 12:31 - 0043519 ____A C:\Users\5136\Documents\AYT SURO SUSB s12 Occ Follow-up.xlsx
2012-05-08 15:52 - 2012-05-08 15:52 - 0591879 ____A C:\Users\5136\Desktop\TT_InterimResults2012_PressRelease_08May2012.pdf
2012-05-04 21:25 - 2012-05-04 21:40 - 0000000 ____D C:\Users\5136\AppData\Roaming\vlc
2012-05-04 21:25 - 2012-05-04 21:25 - 0001072 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-04 21:25 - 2012-05-04 21:25 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-05-04 18:29 - 2012-05-04 18:29 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-05-03 15:45 - 2012-05-03 15:45 - 0085947 ____A C:\Users\5136\Desktop\ScreenHunter_01 May. 03 15.45.jpg
2012-05-03 11:07 - 2012-05-03 11:42 - 0030747 ____A C:\Users\5136\Documents\Combi - Destination report.xlsx
2012-05-03 11:06 - 2012-05-03 11:46 - 0029710 ____A C:\Users\5136\Documents\Combi - Departure report.xlsx
2012-05-03 11:05 - 2012-05-15 09:42 - 0033551 ____A C:\Users\5136\Documents\Combi - Accomodation report.xlsx
2012-05-03 11:02 - 2012-05-03 11:02 - 0043658 ____A C:\Users\5136\Downloads\Destination report.xlsx
2012-05-03 11:02 - 2012-05-03 11:01 - 0045576 ____A C:\Users\5136\Downloads\Departure report.xlsx
2012-05-03 11:01 - 2012-05-03 11:01 - 0055675 ____A C:\Users\5136\Downloads\Accomodation report.xlsx
2012-04-30 14:54 - 2012-04-30 14:54 - 0004378 ____A C:\Windows\DPINST.LOG
2012-04-30 14:47 - 2012-04-30 14:47 - 0000000 ____D C:\Users\5136\Documents\Fax
2012-04-29 16:47 - 2012-04-29 16:51 - 22258985 ____A C:\Users\5136\Downloads\Steve Carell & Ricky Gervais at the 2008 Primetime Emmy Awar[1].flv
2012-04-29 16:28 - 2012-04-29 16:32 - 22258985 ____A C:\Users\5136\Downloads\Steve Carell & Ricky Gervais at the 2008 Primetime Emmy Awar.flv
2012-04-29 15:45 - 2012-04-29 15:47 - 99784360 ____A C:\Users\5136\Downloads\Golden Globes 2012 - Ricky Gervais Opening Monologue.mp4
2012-04-29 15:29 - 2012-05-11 15:38 - 0000000 ____D C:\Users\All Users\YTD YouTube Downloader & Converter
2012-04-29 15:29 - 2012-04-29 15:33 - 36509349 ____A C:\Users\5136\Downloads\Golden Globes 2011 - Ricky Gervais Opening Monologue.flv
2012-04-29 15:29 - 2012-04-29 15:29 - 0001052 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2012-04-28 13:24 - 2012-04-28 20:45 - 0000000 ____D C:\Users\5136\Documents\Vistumbler
2012-04-28 13:24 - 2012-04-28 13:25 - 0000000 ____D C:\Program Files (x86)\Vistumbler
2012-04-28 13:24 - 2012-04-28 13:24 - 0000969 ____A C:\Users\5136\Desktop\Vistumbler.lnk
2012-04-28 13:23 - 2012-04-28 13:23 - 0000000 ____D C:\Users\5136\Downloads\Vistumbler v10-11
2012-04-28 13:17 - 2012-04-28 13:17 - 0001084 ____A C:\Users\5136\Desktop\Network Stumbler.lnk
2012-04-28 13:17 - 2012-04-28 13:17 - 0000000 ____D C:\Program Files (x86)\Network Stumbler
2012-04-27 18:30 - 2012-04-28 18:03 - 0905699 ____A C:\Users\5136\Documents\LCA problematiken.pptx
2012-04-27 15:38 - 2012-05-11 14:29 - 0014929 ____A C:\Users\5136\Documents\IKEA eng.docx
2012-04-25 17:36 - 2012-04-27 15:40 - 0015878 ____A C:\Users\5136\Documents\IKEA.docx
2012-04-25 10:14 - 2012-04-25 10:16 - 0037931 ____A C:\Users\5136\Documents\CHQ 2012.xlsx
============ 3 Months Modified Files and Folders =============
2012-05-25 19:02 - 2012-05-25 19:02 - 0000000 ____D C:\FRST
2012-05-25 19:02 - 2012-02-25 22:01 - 0595774 ____A C:\Windows\ntbtlog.txt
2012-05-25 18:58 - 2009-07-14 07:13 - 0738460 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-25 18:54 - 2012-01-03 12:30 - 2076987392 __ASH C:\hiberfil.sys
2012-05-25 18:53 - 2009-07-14 06:51 - 0072570 ____A C:\Windows\setupact.log
2012-05-25 18:46 - 2012-01-03 12:32 - 0000405 ____A C:\Windows\SMSCFG.INI
2012-05-25 18:45 - 2012-05-25 18:45 - 0003472 ____N C:\bootsqm.dat
2012-05-25 18:45 - 2009-07-14 07:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-25 18:14 - 2012-05-25 18:14 - 0000000 __SHD C:\found.000
2012-05-25 17:42 - 2012-04-07 14:07 - 0000986 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-25 17:18 - 2012-01-03 12:32 - 2036179 ____A C:\Windows\WindowsUpdate.log
2012-05-25 16:59 - 2009-07-14 06:45 - 0015360 _____ C:\Windows\System32\umstartup.etl
2012-05-25 16:43 - 2012-05-25 16:44 - 0208384 __ASH C:\Users\5136\AppData\Roaming\WinArchiver.exe
2012-05-25 16:23 - 2012-04-19 08:41 - 0872448 ___AH C:\Users\5136\Desktop\filesync.metadata
2012-05-25 16:23 - 2012-04-07 12:46 - 40062976 ___AH C:\Users\5136\Documents\filesync.metadata
2012-05-25 16:12 - 2012-04-07 14:07 - 0000990 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-25 15:22 - 2012-01-12 15:04 - 0000135 ____A C:\Users\Public\Desktop\Java-VITS.url
2012-05-25 15:22 - 2012-01-11 11:25 - 0006070 _RASH C:\Users\5136\ntuser.pol
2012-05-25 15:22 - 2012-01-11 11:25 - 0000000 ____D C:\users\5136
2012-05-25 15:22 - 2012-01-03 12:37 - 0194209 _RASH C:\Users\All Users\ntuser.pol
2012-05-25 15:20 - 2012-01-03 12:31 - 0000992 ____A C:\Windows\System32\config\netlogon.ftl
2012-05-25 15:16 - 2009-07-14 06:45 - 0023808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-25 15:16 - 2009-07-14 06:45 - 0023808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-25 15:10 - 2012-01-11 11:25 - 0000000 ____D C:\Users\5136\Tracing
2012-05-25 14:36 - 2012-04-13 10:27 - 0000000 ____D C:\Users\5136\Documents\Templates
2012-05-25 13:34 - 2012-05-25 13:28 - 0000000 ____D C:\sn0wbreeze
2012-05-25 10:47 - 2010-04-22 11:01 - 0000000 ____D C:\Users\5136\Documents\3 BJS
2012-05-25 08:44 - 2010-11-21 05:47 - 0045462 ____A C:\Windows\PFRO.log
2012-05-25 08:44 - 2009-07-14 06:45 - 0420688 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-24 23:25 - 2011-07-04 10:26 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-24 23:24 - 2010-11-21 08:30 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-24 22:09 - 2012-02-05 16:26 - 0000000 ____D C:\Users\5136\AppData\Roaming\redsn0w
2012-05-24 13:47 - 2012-01-11 14:47 - 3690496 ___AH C:\Users\5136\Downloads\filesync.metadata
2012-05-24 07:01 - 2012-02-08 13:23 - 0000000 ____D C:\Users\5136\AppData\Local\Xobni
2012-05-23 13:34 - 2011-01-11 14:01 - 0270040 ____A C:\Users\5136\Documents\Diet.xlsx
2012-05-23 11:53 - 2012-05-23 11:53 - 0099321 ____A C:\Users\5136\Documents\Boardingpass FRAPMI 24may2012.pdf
2012-05-22 07:06 - 2009-07-14 07:08 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-21 12:00 - 2011-10-26 11:29 - 0046402 ____N C:\Users\5136\Documents\Sales budget S12.xlsx
2012-05-21 06:32 - 2011-09-19 14:23 - 0436572 ____A C:\Users\5136\Documents\Websearch NoMerge Jul12.xlsx
2012-05-21 06:32 - 2011-09-08 11:53 - 2888136 ____A C:\Users\5136\Documents\Websearch Hotel s12.xlsx
2012-05-21 06:30 - 2012-02-03 12:07 - 2799274 ____A C:\Users\5136\Documents\Websearch Hotel w1213.xlsx
2012-05-21 05:18 - 2012-05-21 05:18 - 0558080 ____N C:\Users\5136\Documents\Accommodation report - present season.xls
2012-05-21 05:18 - 2012-05-21 05:18 - 0500224 ____N C:\Users\5136\Documents\Accommodation report - next season.xls
2012-05-21 05:18 - 2012-05-21 05:18 - 0315392 ____N C:\Users\5136\Documents\Accommodation report - third season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 1129984 ____N C:\Users\5136\Documents\Destination report - present season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 0896000 ____N C:\Users\5136\Documents\Destination report - next season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 0492544 ____N C:\Users\5136\Documents\Destination report - third season.xls
2012-05-18 18:05 - 2012-05-18 18:05 - 0004096 ___AH C:\Users\5136\AppData\Local\keyfile3.drm
2012-05-17 20:48 - 2012-01-03 13:43 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-05-17 10:58 - 2012-01-16 10:34 - 0000000 ____D C:\Users\5136\AppData\Local\ElevatedDiagnostics
2012-05-17 09:53 - 2012-05-17 09:53 - 0081440 ____A C:\Users\5136\Documents\HKT SUBA SUKA w1112.xlsx
2012-05-17 09:35 - 2012-05-16 20:29 - 0121351 ____A C:\Users\5136\Documents\Test.xlsx
2012-05-17 09:33 - 2012-05-17 09:20 - 0029520 ____A C:\Users\5136\Documents\HKT SUBA w1112 RoomNight Cap.xlsx
2012-05-16 16:47 - 2010-04-22 10:50 - 0000000 ____D C:\Users\5136\Documents\0 Yield
2012-05-16 14:48 - 2010-04-22 10:50 - 1562624 ____A C:\Users\5136\Documents\Travelplan BjS.xls
2012-05-15 20:08 - 2012-05-15 12:21 - 4056441 ____A C:\Users\5136\Documents\Agenda Produkt möte 120516.docx
2012-05-15 10:31 - 2012-05-15 10:31 - 0056231 ____A C:\Users\5136\Documents\Beedneed AYT s12.xlsx
2012-05-15 09:42 - 2012-05-03 11:05 - 0033551 ____A C:\Users\5136\Documents\Combi - Accomodation report.xlsx
2012-05-14 15:52 - 2012-05-14 15:52 - 0000000 ____D C:\Users\5136\Lync Recordings
2012-05-14 15:44 - 2012-05-14 15:43 - 0027235 ____A C:\Users\5136\Documents\TCNE Product Matrix s12 w1213.xlsx
2012-05-14 15:18 - 2012-05-11 09:49 - 0043714 ____A C:\Users\5136\Documents\AYT SURO SUSB s12 Occ Follow-up Aug-Oct.xlsx
2012-05-14 04:57 - 2012-05-14 04:57 - 0536064 ____N C:\Users\5136\Documents\Overview report - TCNE.xls
2012-05-11 15:38 - 2012-04-29 15:29 - 0000000 ____D C:\Users\All Users\YTD YouTube Downloader & Converter
2012-05-11 14:29 - 2012-05-11 14:29 - 0195003 ____A C:\Users\5136\Documents\IKEA TCNE letter.dotx
2012-05-11 14:29 - 2012-04-27 15:38 - 0014929 ____A C:\Users\5136\Documents\IKEA eng.docx
2012-05-11 14:28 - 2012-05-11 14:28 - 7626867 ____A C:\Users\5136\Documents\TCNE presentation.pptx
2012-05-11 14:13 - 2012-05-11 14:13 - 3386804 ____A C:\Users\5136\Documents\TCNE Resort & Hotel division.pptx
2012-05-11 13:27 - 2012-05-11 13:24 - 0000000 ____D C:\Users\5136\Documents\DVDFab
2012-05-11 13:25 - 2012-05-11 13:24 - 0000000 ____D C:\Users\5136\AppData\Roaming\Vso
2012-05-11 13:24 - 2012-05-11 13:24 - 0099384 ____A C:\Users\5136\AppData\Roaming\inst.exe
2012-05-11 13:24 - 2012-05-11 13:24 - 0082816 ____A (VSO Software) C:\Windows\System32\Drivers\pcouffin.sys
2012-05-11 13:24 - 2012-05-11 13:24 - 0082816 ____A (VSO Software) C:\Users\5136\AppData\Roaming\pcouffin.sys
2012-05-11 13:24 - 2012-05-11 13:24 - 0007859 ____A C:\Users\5136\AppData\Roaming\pcouffin.cat
2012-05-11 13:24 - 2012-05-11 13:24 - 0001167 ____A C:\Users\5136\AppData\Roaming\pcouffin.inf
2012-05-11 13:24 - 2012-05-11 13:24 - 0000034 ____A C:\Users\5136\AppData\Roaming\pcouffin.log
2012-05-11 13:24 - 2012-05-11 13:24 - 0000000 ____D C:\Program Files (x86)\DVDFab 5
2012-05-11 13:24 - 2011-02-27 18:04 - 0000937 ____A C:\Users\5136\Desktop\DVDFab 5.lnk
2012-05-10 14:46 - 2012-05-10 14:46 - 0015872 ____A C:\Windows\System32\results.xml
2012-05-10 14:45 - 2012-05-10 14:45 - 0000000 ____D C:\Program Files\Common Files\Intel
2012-05-10 14:45 - 2012-05-10 14:45 - 0000000 ____D C:\Program Files (x86)\Intel
2012-05-10 14:45 - 2012-01-03 13:42 - 0000000 ____D C:\SWSETUP
2012-05-10 14:45 - 2012-01-03 12:31 - 0000000 ____D C:\Intel
2012-05-10 14:44 - 2012-05-10 14:27 - 90242800 ____A (Hewlett Packard ) C:\Users\5136\Desktop\sp56282.exe
2012-05-10 14:24 - 2012-05-10 14:24 - 0000000 ____D C:\Users\5136\AppData\Roaming\Hewlett-Packard
2012-05-10 14:24 - 2012-01-11 11:25 - 0000000 ____D C:\Users\5136\AppData\Roaming\hpqLog
2012-05-10 14:21 - 2012-05-10 14:21 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-05-10 14:21 - 2012-01-03 13:42 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-05-10 12:31 - 2012-05-10 11:20 - 0043519 ____A C:\Users\5136\Documents\AYT SURO SUSB s12 Occ Follow-up.xlsx
2012-05-08 15:52 - 2012-05-08 15:52 - 0591879 ____A C:\Users\5136\Desktop\TT_InterimResults2012_PressRelease_08May2012.pdf
2012-05-06 20:45 - 2009-07-14 05:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-04 21:40 - 2012-05-04 21:25 - 0000000 ____D C:\Users\5136\AppData\Roaming\vlc
2012-05-04 21:25 - 2012-05-04 21:25 - 0001072 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-04 21:25 - 2012-05-04 21:25 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-05-04 18:30 - 2009-07-14 05:18 - 0000000 __SHD C:\$Recycle.Bin
2012-05-04 18:29 - 2012-05-04 18:29 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-05-03 15:45 - 2012-05-03 15:45 - 0085947 ____A C:\Users\5136\Desktop\ScreenHunter_01 May. 03 15.45.jpg
2012-05-03 11:46 - 2012-05-03 11:06 - 0029710 ____A C:\Users\5136\Documents\Combi - Departure report.xlsx
2012-05-03 11:42 - 2012-05-03 11:07 - 0030747 ____A C:\Users\5136\Documents\Combi - Destination report.xlsx
2012-05-03 11:02 - 2012-05-03 11:02 - 0043658 ____A C:\Users\5136\Downloads\Destination report.xlsx
2012-05-03 11:01 - 2012-05-03 11:02 - 0045576 ____A C:\Users\5136\Downloads\Departure report.xlsx
2012-05-03 11:01 - 2012-05-03 11:01 - 0055675 ____A C:\Users\5136\Downloads\Accomodation report.xlsx
2012-05-02 09:11 - 2011-05-01 21:31 - 0010425 ____A C:\Users\5136\Documents\Monthly reports schedule.xlsx
2012-04-30 14:55 - 2010-04-22 10:10 - 0000000 ___RD C:\Users\5136\Documents\Scanned Documents
2012-04-30 14:54 - 2012-04-30 14:54 - 0004378 ____A C:\Windows\DPINST.LOG
2012-04-30 14:47 - 2012-04-30 14:47 - 0000000 ____D C:\Users\5136\Documents\Fax
2012-04-30 14:47 - 2009-07-14 05:20 - 0000000 ____D C:\Windows\ModemLogs
2012-04-29 16:51 - 2012-04-29 16:47 - 22258985 ____A C:\Users\5136\Downloads\Steve Carell & Ricky Gervais at the 2008 Primetime Emmy Awar[1].flv
2012-04-29 16:32 - 2012-04-29 16:28 - 22258985 ____A C:\Users\5136\Downloads\Steve Carell & Ricky Gervais at the 2008 Primetime Emmy Awar.flv
2012-04-29 15:47 - 2012-04-29 15:45 - 99784360 ____A C:\Users\5136\Downloads\Golden Globes 2012 - Ricky Gervais Opening Monologue.mp4
2012-04-29 15:33 - 2012-04-29 15:29 - 36509349 ____A C:\Users\5136\Downloads\Golden Globes 2011 - Ricky Gervais Opening Monologue.flv
2012-04-29 15:29 - 2012-04-29 15:29 - 0001052 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2012-04-29 15:29 - 2012-03-16 20:49 - 0000000 ____D C:\Users\All Users\YouTube Downloader
2012-04-29 15:29 - 2012-03-16 20:49 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader
2012-04-28 20:45 - 2012-04-28 13:24 - 0000000 ____D C:\Users\5136\Documents\Vistumbler
2012-04-28 18:03 - 2012-04-27 18:30 - 0905699 ____A C:\Users\5136\Documents\LCA problematiken.pptx
2012-04-28 13:25 - 2012-04-28 13:24 - 0000000 ____D C:\Program Files (x86)\Vistumbler
2012-04-28 13:24 - 2012-04-28 13:24 - 0000969 ____A C:\Users\5136\Desktop\Vistumbler.lnk
2012-04-28 13:23 - 2012-04-28 13:23 - 0000000 ____D C:\Users\5136\Downloads\Vistumbler v10-11
2012-04-28 13:17 - 2012-04-28 13:17 - 0001084 ____A C:\Users\5136\Desktop\Network Stumbler.lnk
2012-04-28 13:17 - 2012-04-28 13:17 - 0000000 ____D C:\Program Files (x86)\Network Stumbler
2012-04-27 21:57 - 2012-04-02 00:55 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-27 15:40 - 2012-04-25 17:36 - 0015878 ____A C:\Users\5136\Documents\IKEA.docx
2012-04-25 10:16 - 2012-04-25 10:14 - 0037931 ____A C:\Users\5136\Documents\CHQ 2012.xlsx
2012-04-23 13:59 - 2012-04-16 22:33 - 0000000 ____D C:\Users\5136\Documents\UK Shit
2012-04-21 00:25 - 2012-01-11 11:25 - 0000000 ____D C:\Users\5136\AppData\LocalLow
2012-04-19 16:05 - 2009-07-14 04:34 - 0000540 ____A C:\Windows\win.ini
2012-04-17 08:05 - 2012-04-12 15:56 - 0000863 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
2012-04-17 08:05 - 2009-07-14 04:34 - 0000864 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-17 08:04 - 2012-04-12 15:56 - 0005708 ____A C:\Users\5136\umbrella0.log
2012-04-16 01:37 - 2009-07-14 04:34 - 0000878 ____A C:\Windows\System32\Drivers\etc\hosts.old
2012-04-16 01:14 - 2012-04-12 15:56 - 0000000 ____D C:\Users\5136\.shsh
2012-04-15 11:47 - 2012-04-15 11:47 - 0001519 ____A C:\MAKEMSI_VBSCA-Kaspersky Security Scan(1.0.0.500)-söndag.log
2012-04-15 11:47 - 2012-04-14 12:44 - 0000000 ____D C:\Windows\System32\appmgmt
2012-04-12 17:06 - 2012-04-12 16:55 - 32937288 ____A C:\Users\5136\Downloads\winzip16-64.exe
2012-04-12 16:46 - 2012-01-11 11:25 - 0000000 ____D C:\Users\5136\AppData\Local\VirtualStore
2012-04-12 15:48 - 2012-04-12 15:48 - 2139656 ____A (Conduit) C:\Users\5136\Downloads\WiseConvert_2.1.exe
2012-04-12 15:02 - 2012-01-03 12:36 - 0001800 ____A C:\Windows\NPTSOPN.mif
2012-04-12 15:02 - 2011-07-04 10:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-11 21:51 - 2012-04-02 00:22 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-11 15:27 - 2012-04-02 00:22 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-10 10:42 - 2012-04-10 10:42 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-04-10 10:42 - 2012-01-03 14:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-04-07 16:09 - 2012-04-07 14:09 - 0000000 ____D C:\Users\5136\AppData\Roaming\Google
2012-04-07 14:09 - 2012-04-07 14:07 - 0000000 ____D C:\Users\5136\AppData\Local\Google
2012-04-07 14:08 - 2012-04-07 14:08 - 0000000 ____D C:\Users\All Users\Google
2012-04-07 14:08 - 2012-04-07 14:08 - 0000000 ____D C:\Program Files\Google
2012-04-07 14:08 - 2012-04-07 14:07 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-07 14:07 - 2012-04-07 14:07 - 0000000 ____D C:\Users\5136\AppData\Local\Deployment
2012-04-07 14:07 - 2012-04-07 14:07 - 0000000 ____D C:\Users\5136\AppData\Local\Apps\2.0
2012-04-04 15:56 - 2012-04-02 00:22 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 08:59 - 2012-04-04 08:59 - 0001789 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-04 08:59 - 2012-04-04 08:59 - 0000000 ____D C:\Program Files\iTunes
2012-04-04 08:59 - 2012-04-04 08:59 - 0000000 ____D C:\Program Files\iPod
2012-04-04 08:59 - 2012-04-04 08:59 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-03 13:44 - 2012-04-03 13:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Lync
2012-04-03 13:44 - 2012-01-03 14:12 - 0000000 ____D C:\Users\All Users\Downloaded Installations
2012-04-03 13:44 - 2012-01-03 12:36 - 0000000 ____D C:\Program Files (x86)\Microsoft Office Communicator
2012-04-02 00:58 - 2012-03-16 20:49 - 0000000 ____D C:\Program Files (x86)\Application Updater
2012-04-02 00:55 - 2012-04-02 00:55 - 0001774 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-04-02 00:55 - 2012-04-02 00:55 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-02 00:55 - 2012-04-02 00:55 - 0000000 ____D C:\Users\5136\AppData\Roaming\SUPERAntiSpyware.com
2012-04-02 00:27 - 2012-04-01 21:09 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-02 00:22 - 2012-04-02 00:22 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-02 00:22 - 2012-04-02 00:22 - 0000000 ____D C:\Users\5136\AppData\Roaming\Malwarebytes
2012-04-02 00:16 - 2012-04-01 20:55 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-02 00:15 - 2012-04-02 00:15 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-04-02 00:15 - 2012-04-01 21:09 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-04-01 23:57 - 2012-04-01 23:57 - 0000000 ____D C:\Windows\pss
2012-04-01 23:30 - 2012-04-01 23:30 - 0000162 ___AH C:\Users\5136\Documents\~$rolinska.docx
2012-04-01 22:44 - 2012-04-01 22:34 - 0005761 ____A C:\Windows\System32\avgrep.txt
2012-04-01 21:22 - 2011-01-12 17:32 - 0000000 ____D C:\Users\5136\Downloads\Xilisoft.Video.Converter.Ultimate.v5.1.26.Build.0904.Multilingual-ENGiNE [BeLLBoY]
2012-04-01 21:10 - 2012-04-01 21:10 - 0000000 ____D C:\Users\5136\AppData\Roaming\AVG2012
2012-04-01 21:09 - 2012-04-01 21:09 - 0000000 ___HD C:\$AVG
2012-04-01 21:09 - 2012-04-01 21:09 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-01 21:07 - 2012-04-01 21:07 - 3869480 ____A (AVG Technologies) C:\Users\5136\Downloads\avg_free_stb_all_2012_2125_cnet (1).exe
2012-04-01 20:55 - 2012-04-01 20:55 - 3869480 ____A (AVG Technologies) C:\Users\5136\Downloads\avg_free_stb_all_2012_2125_cnet.exe
2012-03-31 08:05 - 2012-05-24 23:25 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 06:39 - 2012-05-24 23:25 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-31 06:39 - 2012-05-24 23:25 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-31 05:10 - 2012-05-24 23:25 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 13:35 - 2012-05-24 23:24 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 10:53 - 2012-03-28 10:53 - 0280729 ____A C:\Users\5136\Downloads\ZoomIt (2).zip
2012-03-26 08:46 - 2010-04-22 11:02 - 0000000 ____D C:\Users\5136\Documents\4 DEST
2012-03-22 13:14 - 2012-03-22 12:59 - 0000000 ____D C:\Users\5136\Documents\My Received Files
2012-03-20 10:40 - 2012-03-20 10:40 - 0000000 ____D C:\Users\5136\AppData\Local\SoftGrid Client
2012-03-17 09:58 - 2012-05-24 23:25 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-17 09:36 - 2012-03-17 09:22 - 0000000 ____D C:\Users\5136\AppData\Roaming\BitTorrent
2012-03-17 09:23 - 2012-03-17 09:23 - 0000969 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2012-03-17 09:23 - 2012-03-17 09:23 - 0000000 ____D C:\Users\5136\AppData\Local\Conduit
2012-03-17 09:23 - 2012-03-17 09:23 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-03-17 09:23 - 2012-03-17 09:23 - 0000000 ____D C:\Program Files (x86)\BitTorrentBar
2012-03-17 09:23 - 2012-03-17 09:23 - 0000000 ____D C:\Program Files (x86)\BitTorrent
2012-03-17 09:22 - 2012-03-17 09:22 - 5708144 ____A (BitTorrent, Inc.) C:\Users\5136\Downloads\BitTorrent.exe
2012-03-16 20:49 - 2012-03-16 20:49 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
2012-03-11 14:33 - 2012-01-11 11:25 - 0000000 ____D C:\Users\5136\AppData\Roaming\Adobe
2012-03-04 17:19 - 2012-04-01 23:34 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-04 16:23 - 2012-04-01 23:33 - 54215544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-03-03 08:35 - 2012-05-24 23:25 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-03 07:31 - 2012-05-24 23:25 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-03 00:14 - 2012-03-03 00:14 - 0000000 ____D C:\Xobni
2012-03-01 08:46 - 2012-04-19 16:04 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 08:38 - 2012-04-19 16:04 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 08:33 - 2012-04-19 16:04 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 08:28 - 2012-04-19 16:04 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 07:37 - 2012-04-19 16:04 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 07:33 - 2012-04-19 16:04 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 07:29 - 2012-04-19 16:04 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 20:33 - 2012-02-29 20:33 - 0028672 ____A C:\Users\5136\Downloads\29022012_0159_0001004103.xls
2012-02-28 14:22 - 2012-01-03 12:36 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-28 09:34 - 2012-04-19 16:05 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 09:02 - 2012-04-19 16:05 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 08:56 - 2012-04-19 16:05 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 08:50 - 2012-04-19 16:05 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 08:49 - 2012-04-19 16:05 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 08:48 - 2012-04-19 16:05 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 08:48 - 2012-04-19 16:05 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 08:47 - 2012-04-19 16:05 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 08:45 - 2012-04-19 16:05 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 08:43 - 2012-04-19 16:05 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 08:43 - 2012-04-19 16:05 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 08:42 - 2012-04-19 16:05 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 08:39 - 2012-04-19 16:05 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-28 03:52 - 2012-04-19 16:05 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-28 03:27 - 2012-04-19 16:05 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-28 03:18 - 2012-04-19 16:05 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-28 03:12 - 2012-04-19 16:05 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-28 03:11 - 2012-04-19 16:05 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-28 03:11 - 2012-04-19 16:05 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-28 03:09 - 2012-04-19 16:05 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-28 03:08 - 2012-04-19 16:05 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-28 03:06 - 2012-04-19 16:05 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-28 03:04 - 2012-04-19 16:05 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-28 03:03 - 2012-04-19 16:05 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-28 03:03 - 2012-04-19 16:05 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-28 02:59 - 2012-04-19 16:05 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
========================= Memory info ======================
Percentage of memory in use: 8%
Total physical RAM: 8102.36 MB
Available physical RAM: 7414.75 MB
Total Pagefile: 16202.91 MB
Available Pagefile: 15527.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
======================= Partitions =========================
1 Drive c: (OSDisk) (Fixed) (Total:279.46 GB) (Free:13.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:30.03 GB) (Free:2.42 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 279 GB 0 B
Disk 1 Online 30 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 279 GB 1024 KB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OSDisk NTFS Partition 279 GB Healthy System (partition with boot components)
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 30 GB 4032 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 30 GB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-05-23 14:54