Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Zero Access B Trojan


  • Please log in to reply
50 replies to this topic

#1 Timmy.

Timmy.

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 26 February 2012 - 04:49 PM

I have Norton 360 and it detects that there is Zero Access B Trojan but requires me to manually remove it. I went to their website but they only have the tool for a 32-bit, my computer is 64 bit. It is similar to this topic http://www.bleepingcomputer.com/forums/topic442394.html
Also, I'm not sure if this is related to the virus or not but every time I restart my computer, windows won't start.
I have to recover to a previous point in time when it was working fine.
Any help is appreciated.
Thank you very much.
I think I'm supposed to post this...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by Tim at 13:42:56 on 2012-02-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3832.1318 [GMT -8:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\raidcall\raidcall.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\coIEPlg.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PRISMSVR.EXE] "C:\Windows\system32\PRISMSVR.EXE" /APPLY
mRun: [RaidCall] C:\Program Files (x86)\raidcall\raidcall.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Tim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\2WIRES~1.LNK - C:\Program Files\2Wire\LaunchSetupWiz.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: $talisma_url$
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{807C56CC-18F3-4A0D-8EF6-DFE17D55DC18} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{807C56CC-18F3-4A0D-8EF6-DFE17D55DC18}\2375942554539363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{807C56CC-18F3-4A0D-8EF6-DFE17D55DC18}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{807C56CC-18F3-4A0D-8EF6-DFE17D55DC18}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\coIEPlg.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [PRISMSVR.EXE] "C:\Windows\system32\PRISMSVR.EXE" /APPLY
mRun-x64: [RaidCall] C:\Program Files (x86)\raidcall\raidcall.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\g9fwuhuy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\g9fwuhuy.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\g9fwuhuy.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: XUL Cache: {4aafe4ae-c8f3-4931-8e02-ff36a9cdbd35} - %profile%\extensions\{4aafe4ae-c8f3-4931-8e02-ff36a9cdbd35}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 FixTDSS;TDSS Fixtool driver;C:\Windows\system32\drivers\FixTDSS.sys --> C:\Windows\system32\drivers\FixTDSS.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120224.002\IDSviA64.sys [2012-2-24 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-9 652360]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-1-17 517632]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\ccsvchst.exe [2012-2-9 130008]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-7 2358656]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-2 136176]
S2 SDRSVC32;Windows Backup ;C:\ProgramData\iepeers32.exe --> C:\ProgramData\iepeers32.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-8 138360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-2 136176]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2010-1-19 23536]
S3 sj;sj;C:\Users\Tim\Desktop\Timmy\Eden Eternal\EdenEternal\sjcs64.sys [2010-11-19 47224]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-26 05:33:28 -------- d-----w- C:\sh4ldr
2012-02-26 05:33:28 -------- d-----w- C:\Program Files\Enigma Software Group
2012-02-26 05:32:28 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-02-26 00:42:23 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-25 01:29:58 -------- d-----w- C:\Users\Tim\AppData\Local\{DB7DA2B4-C37E-494B-A7D9-ADE320BD6FC7}
2012-02-25 01:29:22 -------- d-----w- C:\Users\Tim\AppData\Local\{B6E84EC4-3F39-44A2-8527-17AA8B60A005}
2012-02-24 03:11:14 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-24 02:56:40 -------- d-----w- C:\Users\Tim\AppData\Local\{789F178D-0C5F-472F-A7F6-A85C8EA44B20}
2012-02-24 02:56:19 -------- d-----w- C:\Users\Tim\AppData\Local\{1B22F9BC-DC85-4EE9-BB07-8350A10315E3}
2012-02-23 14:20:43 -------- d-----w- C:\Users\Tim\AppData\Local\{3A15DFDF-CDE2-49B4-99FC-36C3362216D5}
2012-02-23 14:20:29 -------- d-----w- C:\Users\Tim\AppData\Local\{A7CD2689-CD19-4C5D-8112-850E7D460E46}
2012-02-23 05:31:48 -------- d-----w- C:\Users\Tim\AppData\Local\{5A2B8DCE-930E-41D9-970A-54584204D82E}
2012-02-23 05:31:35 -------- d-----w- C:\Users\Tim\AppData\Local\{CFA6FFCB-7693-4A73-B062-F9513AB4751F}
2012-02-22 22:19:46 -------- d-----w- C:\Users\Tim\AppData\Local\{DDCCEB8F-E8FE-468F-A79E-50DB22613F05}
2012-02-22 22:19:33 -------- d-----w- C:\Users\Tim\AppData\Local\{E63F3F48-FCE9-47D2-8279-412D291499A8}
2012-02-22 14:14:14 -------- d-----w- C:\Users\Tim\AppData\Local\{71FF0CF3-ED6C-4FAF-9FDB-96BEE95865C1}
2012-02-22 14:14:01 -------- d-----w- C:\Users\Tim\AppData\Local\{12F95552-4250-4A9B-AB9B-724CF0AE9822}
2012-02-22 02:54:14 -------- d-----w- C:\Users\Tim\AppData\Local\{A89F6B1A-EF4C-480E-9372-6762757783FE}
2012-02-22 02:54:02 -------- d-----w- C:\Users\Tim\AppData\Local\{FE50779F-A6E8-40D2-A9B5-3DB31F1B7109}
2012-02-21 22:26:41 -------- d-----w- C:\Users\Tim\AppData\Local\{562B600C-1D69-413D-8CC5-1A99FF5FCFED}
2012-02-21 22:10:07 -------- d-----w- C:\Users\Tim\AppData\Local\{01A5A941-2A7F-4603-9F9A-A40F0F32DD3F}
2012-02-21 14:13:34 -------- d-----w- C:\Users\Tim\AppData\Local\{36FDE84D-2258-476A-82E4-C405023A2C51}
2012-02-21 14:13:23 -------- d-----w- C:\Users\Tim\AppData\Local\{D3CCD9E7-B6A1-4395-AA1A-5E7C54C03CD1}
2012-02-21 06:57:05 -------- d-----w- C:\Users\Tim\AppData\Local\{892F9CE4-AFB2-4A0C-86F4-74FFEAB9AFE6}
2012-02-21 06:56:53 -------- d-----w- C:\Users\Tim\AppData\Local\{B3FD1726-E115-44C6-8403-FE900F0BD8F1}
2012-02-20 15:28:47 -------- d-----w- C:\Users\Tim\AppData\Local\{09E7F3D0-D295-471A-A89C-DA8F4362BAC5}
2012-02-20 15:28:31 -------- d-----w- C:\Users\Tim\AppData\Local\{0E8DBE07-5A2E-4C47-9464-CA129C4FA691}
2012-02-20 00:53:48 -------- d-----w- C:\Users\Tim\AppData\Local\{E0768CC4-B08B-486C-9F83-B1AC4857C450}
2012-02-20 00:53:18 -------- d-----w- C:\Users\Tim\AppData\Local\{7568EF21-C6D4-4D93-8E06-EB6BF8DDF6D8}
2012-02-19 16:13:00 -------- d-----w- C:\Users\Tim\AppData\Local\{8CFF0642-14D7-4398-8DA4-4A1F1D3556D4}
2012-02-19 16:12:45 -------- d-----w- C:\Users\Tim\AppData\Local\{359BA579-5B3A-4BD3-AE67-04B66FB85487}
2012-02-19 02:38:05 -------- d-----w- C:\Users\Tim\AppData\Local\{DBEB3248-ED72-4E84-A379-12229D1689EA}
2012-02-19 02:37:45 -------- d-----w- C:\Users\Tim\AppData\Local\{08BA95C3-6E27-4E31-9746-D7CC7D220C8A}
2012-02-18 15:38:35 -------- d-----w- C:\Users\Tim\AppData\Local\{DFD36E02-002E-4C47-A99E-264CF2E84AC0}
2012-02-18 15:38:12 -------- d-----w- C:\Users\Tim\AppData\Local\{1015BC92-EFD4-49C7-9AD8-40738D724F74}
2012-02-18 02:26:10 -------- d-----w- C:\Users\Tim\AppData\Local\{74942E2A-B210-46BB-BE6A-4EB58F3352CD}
2012-02-18 02:25:57 -------- d-----w- C:\Users\Tim\AppData\Local\{44EBB315-45AD-4F95-B20E-790865639B36}
2012-02-17 22:42:32 -------- d-----w- C:\Users\Tim\AppData\Local\{404D91CF-4944-464B-AA74-6CE3C90E53A4}
2012-02-17 22:42:21 -------- d-----w- C:\Users\Tim\AppData\Local\{8E4D762B-6129-4D87-86D5-38D1F0188FAD}
2012-02-17 14:05:56 -------- d-----w- C:\Users\Tim\AppData\Local\{EEB1BB26-01F8-47A0-BE74-1A91ED123E71}
2012-02-17 14:05:34 -------- d-----w- C:\Users\Tim\AppData\Local\{CD3F959D-15E4-436E-8ADA-CF4B7A30A537}
2012-02-17 04:29:32 -------- d-----w- C:\Users\Tim\AppData\Local\{B9B447F0-610A-40EB-99BE-5E90F4577816}
2012-02-17 04:29:11 -------- d-----w- C:\Users\Tim\AppData\Local\{680E7411-A15C-466C-B2B0-CC82B348F708}
2012-02-16 22:10:26 -------- d-----w- C:\Users\Tim\AppData\Local\{95D7ED74-AB98-44F2-B32B-346A06696214}
2012-02-16 22:10:13 -------- d-----w- C:\Users\Tim\AppData\Local\{FDB5A71D-D679-4A6D-AF50-F802DE61060B}
2012-02-16 14:03:26 -------- d-----w- C:\Users\Tim\AppData\Local\{4EC48EAD-9B4A-4309-B5E4-EBAD7940DAE0}
2012-02-16 14:03:13 -------- d-----w- C:\Users\Tim\AppData\Local\{B22A9ABE-9745-4E87-AFB7-E928AC83A019}
2012-02-16 00:40:10 -------- d-----w- C:\Users\Tim\AppData\Local\{8A356AE5-29B3-4036-9004-224A8406234F}
2012-02-16 00:39:55 -------- d-----w- C:\Users\Tim\AppData\Local\{5E826CD9-04D6-4853-A052-0BB7B203C6BB}
2012-02-15 23:02:33 -------- d-----w- C:\Users\Tim\AppData\Local\{CD940A22-0DDD-465B-B8BA-F0BA46D0FE94}
2012-02-15 23:02:21 -------- d-----w- C:\Users\Tim\AppData\Local\{A5231564-964E-4484-BEAE-53A945F40B76}
2012-02-15 14:04:09 -------- d-----w- C:\Users\Tim\AppData\Local\{B6EF34FF-F7F5-4AD7-90B9-570F70593C4E}
2012-02-15 14:03:58 -------- d-----w- C:\Users\Tim\AppData\Local\{903892A1-36EF-4B4A-974D-A33EC28CD77D}
2012-02-15 04:23:07 -------- d-----w- C:\Users\Tim\AppData\Local\{D4DBDF1D-3D4B-4E3C-AA88-4DE50C15ADA6}
2012-02-15 04:22:44 -------- d-----w- C:\Users\Tim\AppData\Local\{4BE73084-641A-49B0-868E-3AFCBEB26442}
2012-02-14 22:19:16 -------- d-----w- C:\Users\Tim\AppData\Local\{395F7EA8-26C2-4643-AA71-5FA04B905AF2}
2012-02-14 22:18:57 -------- d-----w- C:\Users\Tim\AppData\Local\{64B2FD85-7FCF-42B6-9A4E-5D6CF1A0C4EB}
2012-02-14 14:02:27 -------- d-----w- C:\Users\Tim\AppData\Local\{F3C7A1C7-95AA-434C-BB48-FC236FC9722A}
2012-02-14 14:02:16 -------- d-----w- C:\Users\Tim\AppData\Local\{277E9DB5-DF88-4EDC-835C-F9CB736F049F}
2012-02-13 20:37:18 -------- d-----w- C:\Users\Tim\AppData\Local\{0B667B58-7C1F-4017-8650-1092B0467DE4}
2012-02-13 20:37:07 -------- d-----w- C:\Users\Tim\AppData\Local\{58884724-C4C6-4EB3-86A0-07135725F993}
2012-02-13 15:19:48 -------- d-----w- C:\Users\Tim\AppData\Local\{EA549D6C-448E-4A4D-B84A-7E27D410ED7E}
2012-02-13 15:19:37 -------- d-----w- C:\Users\Tim\AppData\Local\{9E6C7EC3-E3DB-40E0-A381-3795FCF94646}
2012-02-13 06:16:27 -------- d-----w- C:\Users\Tim\AppData\Local\{365BDBFE-7A07-4956-9D05-F0E1CD04273A}
2012-02-13 06:16:15 -------- d-----w- C:\Users\Tim\AppData\Local\{FE5CF8D4-0660-40E2-97CF-FA8EDAAB9152}
2012-02-12 22:33:08 -------- d-----w- C:\Users\Tim\AppData\Local\{44DE5467-08AA-441B-8490-878A5E86F00A}
2012-02-12 22:32:56 -------- d-----w- C:\Users\Tim\AppData\Local\{AA00BB99-8BA1-4557-8D04-A9C57FDEBDB6}
2012-02-12 15:10:55 -------- d-----w- C:\Users\Tim\AppData\Local\{71630943-ECB8-484B-98EC-C758F1D98681}
2012-02-12 15:10:44 -------- d-----w- C:\Users\Tim\AppData\Local\{604226BA-DF85-4E4E-A3CD-D4E26EE408F4}
2012-02-12 06:24:57 -------- d-----w- C:\Users\Tim\AppData\Local\{A3D46A6F-7CAD-45B3-99DF-F6AC4E1DB4A5}
2012-02-12 02:06:50 -------- d-----w- C:\Users\Tim\AppData\Local\{3B06855F-5B66-40BA-8974-322C3E0F9CDC}
2012-02-12 02:06:37 -------- d-----w- C:\Users\Tim\AppData\Local\{36210DD4-D09D-48F8-B9AE-55B4E5E8D140}
2012-02-11 16:00:18 -------- d-----w- C:\Users\Tim\AppData\Local\{3E16EAC5-5D54-45C0-94DA-5D006CFF6094}
2012-02-11 16:00:07 -------- d-----w- C:\Users\Tim\AppData\Local\{B36669B7-DA73-4355-8937-AF2E9CB0AF9A}
2012-02-11 05:52:35 -------- d-----w- C:\Users\Tim\AppData\Local\{DF5EAFAA-E537-4840-B83F-3D921312C001}
2012-02-11 05:52:13 -------- d-----w- C:\Users\Tim\AppData\Local\{9AE07710-91F7-4CE7-B4DB-942BAC99F8AE}
2012-02-10 22:35:12 -------- d-----w- C:\Users\Tim\AppData\Local\{08B416C8-3906-4E34-817F-49E600FA3535}
2012-02-10 22:35:00 -------- d-----w- C:\Users\Tim\AppData\Local\{1CA1077F-03FF-4BC9-9015-9ED11E85AFE4}
2012-02-10 14:06:05 -------- d-----w- C:\Users\Tim\AppData\Local\{5EB52FFE-AB9F-49F2-B4B5-4C8575D52774}
2012-02-10 14:05:53 -------- d-----w- C:\Users\Tim\AppData\Local\{C37F462A-D034-4647-96CE-745BF5BF59D8}
2012-02-10 02:29:57 -------- d-----w- C:\Users\Tim\AppData\Local\{8B9BCB06-13B8-433E-838A-C64BEA62BBC4}
2012-02-10 02:29:43 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-10 02:04:01 -------- d-----w- C:\Users\Tim\AppData\Local\{7E7F1672-1265-4FFB-817A-24FA3E98FCFA}
2012-02-10 02:03:49 -------- d-----w- C:\Users\Tim\AppData\Local\{494CECE2-87AF-4BF6-90EB-B910C16F68C5}
2012-02-10 00:04:02 -------- d-----w- C:\Users\Tim\AppData\Local\{15443512-9A66-4A89-B033-2A73582754A3}
2012-02-10 00:03:51 -------- d-----w- C:\Users\Tim\AppData\Local\{1FF57F01-3696-464B-B6ED-D07CDB200A59}
2012-02-09 23:52:24 -------- d-----w- C:\Users\Tim\AppData\Local\{8EC3F627-BED6-45E5-A9E7-A882EC0A9CD1}
2012-02-09 23:52:13 -------- d-----w- C:\Users\Tim\AppData\Local\{47521F42-24F3-4493-B3A4-659B53E71C34}
2012-02-09 23:19:33 -------- d-----w- C:\Users\Tim\AppData\Local\{AAC90BFC-B105-442D-88CA-1E98855BE1E2}
2012-02-09 23:05:00 -------- d-----w- C:\Users\Tim\AppData\Local\{B68DEFDD-CAA6-4151-BBCE-E886D84F000A}
2012-02-09 23:04:48 -------- d-----w- C:\Users\Tim\AppData\Local\{EF40922E-ECB0-4232-B26D-4B49AC6BFFA4}
2012-02-09 22:31:57 -------- d-----w- C:\Users\Tim\AppData\Local\{61DDD23D-BB45-4417-9112-DA43E0C0E93F}
2012-02-09 22:31:39 -------- d-----w- C:\Users\Tim\AppData\Local\{A2DCF338-711A-430F-9A55-1612DEB5E9B0}
2012-02-09 22:29:15 27256 ----a-w- C:\Windows\System32\drivers\FixTDSS.sys
2012-02-09 22:29:15 -------- d-----w- C:\Users\Tim\AppData\Roaming\FixTDSS
2012-02-09 22:19:30 -------- d-----w- C:\Users\Tim\AppData\Local\{55303AA8-525D-4704-B65E-F73279CD60AA}
2012-02-09 22:19:19 -------- d-----w- C:\Users\Tim\AppData\Local\{3BDADF61-83BE-4E89-8C7C-4A0A56CDDF86}
2012-02-09 22:04:32 -------- d-----w- C:\Users\Tim\AppData\Local\{537CDB81-C188-49BF-8B90-8F1EB43BE94C}
2012-02-09 22:04:16 -------- d-----w- C:\Users\Tim\AppData\Local\{0D826F21-5402-49E3-9453-048B94094FAB}
2012-02-09 14:26:14 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-02-09 14:26:13 912504 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-02-09 14:26:13 744568 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-02-09 14:26:13 450680 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-02-09 14:26:13 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-02-09 14:26:13 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-02-09 14:25:55 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502000.00D
2012-02-09 14:06:10 -------- d-----w- C:\Users\Tim\AppData\Local\{94FA6DBC-0FD4-4CD5-B0FD-C542BFFA8AA7}
2012-02-09 14:05:59 -------- d-----w- C:\Users\Tim\AppData\Local\{32FFA726-FAA6-483B-B6FB-8A2AFAE4A5BF}
2012-02-09 05:13:12 -------- d-----w- C:\Users\Tim\AppData\Local\{7A3CCC59-CA6A-4429-9574-BDB7329C1EF3}
2012-02-09 05:12:58 -------- d-----w- C:\Users\Tim\AppData\Local\{28B6B993-E35D-48B9-9324-56979FC5D31B}
2012-02-09 05:09:04 -------- d-----w- C:\Users\Tim\AppData\Local\{DAD5CCB6-D6B1-478F-ADA5-FCD204087DEC}
2012-02-09 05:08:52 -------- d-----w- C:\Users\Tim\AppData\Local\{1BCA55E3-FF15-4E3C-96D2-25E76B2A0081}
2012-02-09 05:02:07 -------- d-----w- C:\Users\Tim\AppData\Local\{B0D7AE5C-77F7-4324-A0D1-AE79DEA1A8BC}
2012-02-09 05:01:44 -------- d-----w- C:\Users\Tim\AppData\Local\{A9B49E87-749E-4CEA-87DF-13E97A6B0D17}
2012-02-09 04:50:51 -------- d-----w- C:\Users\Tim\AppData\Local\{8B612A31-416A-4490-8839-EA1CE2D6EF37}
2012-02-09 04:50:26 -------- d-----w- C:\Users\Tim\AppData\Local\{AD4D82F9-875C-4F4B-B973-92F088E658C0}
2012-02-09 04:42:21 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-02-09 04:39:34 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-02-09 04:37:26 -------- d-----w- C:\Users\Tim\AppData\Local\{1C0AB7AE-BA7E-480E-8F0A-7ECA59C47B11}
2012-02-09 04:37:15 -------- d-----w- C:\Users\Tim\AppData\Local\{B6B0DC9E-F593-4441-95FC-044453666319}
2012-02-09 04:26:17 -------- d-----w- C:\Users\Tim\AppData\Local\LogMeIn Rescue Applet
2012-02-09 03:41:40 -------- d-----w- C:\Users\Tim\AppData\Local\{6B3FDFF2-8885-4D8E-B9A0-2A11E006FE05}
2012-02-09 03:41:26 -------- d-----w- C:\Users\Tim\AppData\Local\{C0F21AB4-D55E-46DB-A86C-B51A7F81AEC0}
2012-02-09 03:32:42 -------- d-----w- C:\Users\Tim\AppData\Local\{BB8B2D2F-778F-4F9D-8214-BD77198AC1A1}
2012-02-09 03:32:31 -------- d-----w- C:\Users\Tim\AppData\Local\{9D842716-BDD0-454A-9540-DC4EA6B3747E}
2012-02-09 01:59:00 -------- d-----w- C:\Users\Tim\AppData\Local\{42E98AE5-DF17-47BE-A2EA-2606BA48E781}
2012-02-09 01:58:50 -------- d-----w- C:\Users\Tim\AppData\Local\{59DB98E6-E155-4F75-830D-9E37FE766B8F}
2012-02-09 01:26:25 -------- d-----w- C:\Users\Tim\AppData\Local\{15BBF309-EA77-48FD-B646-FDCD88FFB444}
2012-02-09 01:26:14 -------- d-----w- C:\Users\Tim\AppData\Local\{BF1A5437-FF4A-43D1-A883-91B99C0BA03F}
2012-02-08 22:15:31 -------- d-----w- C:\Users\Tim\AppData\Local\{05FEEBB6-C8F8-40C8-A038-66B63C33E855}
2012-02-08 22:15:20 -------- d-----w- C:\Users\Tim\AppData\Local\{AEB813EA-FC70-4E88-BD08-F21A346E363C}
2012-02-08 14:05:48 -------- d-----w- C:\Users\Tim\AppData\Local\{7704DB92-3DE1-40C4-A9EA-599EDA86D270}
2012-02-08 14:05:38 -------- d-----w- C:\Users\Tim\AppData\Local\{78691FDE-6A00-49D6-9A5D-160305B94F46}
2012-02-08 00:11:40 -------- d-----w- C:\Users\Tim\AppData\Local\{AE1BF0D7-03D4-4773-856B-7D01D407CC1F}
2012-02-08 00:11:30 -------- d-----w- C:\Users\Tim\AppData\Local\{C01157F6-70DE-4BF1-92F7-1929ACFE5B64}
2012-02-07 14:07:50 -------- d-----w- C:\Users\Tim\AppData\Local\{C8AF71A7-6612-46B7-8A7A-63659CD31D08}
2012-02-07 14:07:39 -------- d-----w- C:\Users\Tim\AppData\Local\{88716A26-17E3-47AB-8F4F-1CFCC3C3F63D}
2012-02-07 02:42:32 -------- d-----w- C:\Users\Tim\AppData\Local\{89CDA367-C822-46B6-BDE1-486DE8BFAFB7}
2012-02-07 02:42:21 -------- d-----w- C:\Users\Tim\AppData\Local\{77618018-F431-4CD5-93C8-69948268C1D7}
2012-02-06 22:10:14 -------- d-----w- C:\Users\Tim\AppData\Local\{7DE3531A-2CC7-4E6D-A605-228EA4AC8637}
2012-02-06 22:10:03 -------- d-----w- C:\Users\Tim\AppData\Local\{1FD842BD-3414-4781-BB8C-51AF8B22FBD1}
2012-02-06 14:02:16 -------- d-----w- C:\Users\Tim\AppData\Local\{D036A572-A7AA-485C-8051-9EE1B2702CCC}
2012-02-06 14:02:05 -------- d-----w- C:\Users\Tim\AppData\Local\{CAD0098B-2351-44B9-9B66-6852FD08AE3C}
2012-02-05 19:46:12 -------- d-----w- C:\Users\Tim\AppData\Local\{462279F7-B652-41C9-9D97-FBDCEB0D5BB4}
2012-02-05 19:46:01 -------- d-----w- C:\Users\Tim\AppData\Local\{FF603550-2B16-4851-B821-57F395355A4A}
2012-02-05 14:13:26 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-05 13:09:37 -------- d-----w- C:\Users\Tim\AppData\Local\{1FC645A1-03D3-4942-A4A2-95A79A1F9DE5}
2012-02-05 13:09:25 -------- d-----w- C:\Users\Tim\AppData\Local\{33910A9B-8B0F-4F5F-AF57-F79253CE0B55}
2012-02-05 02:39:18 -------- d-----w- C:\Users\Tim\AppData\Local\{833F0A84-F17C-43CD-B987-62BC98ECA3E2}
2012-02-05 02:39:08 -------- d-----w- C:\Users\Tim\AppData\Local\{6B786AFF-3517-460F-BAB0-2795B2086821}
2012-02-04 14:41:43 -------- d-----w- C:\Users\Tim\AppData\Local\{AA0FDEA3-7DC8-41CE-AE29-F5816FFC823E}
2012-02-04 14:41:32 -------- d-----w- C:\Users\Tim\AppData\Local\{636B91D4-B04C-4FF8-8353-4FEB440C8030}
2012-02-04 04:50:07 -------- d-----w- C:\Users\Tim\AppData\Local\{DDE2CA5C-0CC5-4D0A-90A1-18A51FBAA3A7}
2012-02-04 04:49:56 -------- d-----w- C:\Users\Tim\AppData\Local\{61DEFBCF-AA0C-447C-94A9-D424F92C8099}
2012-02-04 00:00:43 -------- d-----w- C:\Users\Tim\AppData\Local\{454729B1-5F43-493A-9CC5-15E228084060}
2012-02-04 00:00:20 -------- d-----w- C:\Users\Tim\AppData\Local\{D31477EF-C9A7-43ED-9A82-3D7FFD404D96}
2012-02-03 14:18:26 -------- d-----w- C:\Users\Tim\AppData\Local\{D097CCB4-8708-4410-9463-3E64D87E1B4B}
2012-02-03 14:18:15 -------- d-----w- C:\Users\Tim\AppData\Local\{29B62D5E-C69F-402D-BC9E-B9D7D5569DAC}
2012-02-03 02:26:06 -------- d-----w- C:\Users\Tim\AppData\Local\{D957CBC4-C9F5-4B71-9021-426972CDAC47}
2012-02-03 02:25:56 -------- d-----w- C:\Users\Tim\AppData\Local\{620BF49F-5B26-4AB3-9F1A-23BAAA6BBC3F}
2012-02-03 02:23:25 -------- d-----w- C:\NBRT
2012-02-03 02:15:12 -------- d-----w- C:\Users\Tim\AppData\Local\{EFA24E6B-51FF-4F3D-92F6-664D8B87BC23}
2012-02-03 02:15:00 -------- d-----w- C:\Users\Tim\AppData\Local\{6AA0C1D7-5E52-4A9B-AA99-79F773BA14BB}
2012-02-03 02:08:11 -------- d-----w- C:\Users\Tim\AppData\Local\{468F3536-01AA-4569-9AB1-BBB3F86F35E2}
2012-02-03 02:08:00 -------- d-----w- C:\Users\Tim\AppData\Local\{DF64AB63-DCD3-48FF-B0F5-1B9BACB7C5E7}
2012-02-03 01:56:48 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-02-03 01:55:57 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0401000.00F
2012-02-03 01:55:57 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2012-02-03 01:55:53 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-02-03 01:48:23 -------- d-----w- C:\Users\Tim\AppData\Local\{45BF4C77-E8B7-420F-964C-B8832C70B9A1}
2012-02-02 23:58:17 -------- d-----w- C:\Users\Tim\AppData\Local\{67B4C802-7976-4223-9B2E-4E9701FD27E2}
2012-02-02 23:58:03 -------- d-----w- C:\Users\Tim\AppData\Local\{58CC7520-04F0-43F1-985F-E03305C82FB7}
2012-02-02 23:52:27 -------- d-----w- C:\Users\Tim\AppData\Local\{1D578613-21E7-467C-9796-5F646958F202}
2012-02-02 23:52:15 -------- d-----w- C:\Users\Tim\AppData\Local\{F6F17627-281A-4767-BFA1-FE7AB6A8A80E}
2012-02-02 14:04:47 -------- d-----w- C:\Users\Tim\AppData\Local\{4911BF57-7A59-409A-AA6D-F6B7248EA486}
2012-02-02 14:04:36 -------- d-----w- C:\Users\Tim\AppData\Local\{61D5DB75-2D9E-4F58-A713-76359D299A25}
2012-02-02 06:30:14 -------- d-----w- C:\Users\Tim\AppData\Local\{463E5D51-E467-4206-9C73-63F88A2CCE7B}
2012-02-02 06:30:03 -------- d-----w- C:\Users\Tim\AppData\Local\{A12DA924-CCDE-4732-AA4A-51763A61CB29}
2012-02-02 06:05:51 -------- d-----w- C:\Users\Tim\AppData\Local\{40C02339-088D-49C8-9EA5-647568E81D96}
2012-02-02 06:05:41 -------- d-----w- C:\Users\Tim\AppData\Local\{36F64E95-915D-4ABF-BFA6-BDBE64C00277}
2012-02-02 00:35:19 -------- d-----w- C:\Users\Tim\AppData\Local\{C14BCE6D-224F-42E8-9184-5FEEB8DD2D34}
2012-02-02 00:35:08 -------- d-----w- C:\Users\Tim\AppData\Local\{3BCEC4B0-2BB9-4D9A-8112-42D9522E4EF3}
2012-02-02 00:23:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-02 00:22:33 -------- d-----w- C:\Users\Tim\AppData\Local\{FADB93C3-7904-4BEB-9E1A-2C5728D19B91}
2012-02-02 00:22:20 -------- d-----w- C:\Users\Tim\AppData\Local\{ECCE1818-9A7B-4126-89D7-0FFBADBF542C}
2012-02-02 00:18:04 -------- d-----w- C:\Users\Tim\AppData\Roaming\Malwarebytes
2012-02-02 00:18:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-01 22:11:25 -------- d-----w- C:\Users\Tim\AppData\Local\{B28F67A1-8699-461B-B949-39DDCDCCA01C}
2012-02-01 22:11:12 -------- d-----w- C:\Users\Tim\AppData\Local\{89EAF84F-0435-40D1-A809-A719B540127E}
2012-02-01 14:06:53 -------- d-----w- C:\Users\Tim\AppData\Local\{C3752545-A4E7-45A1-9F37-6D64A1577817}
2012-02-01 14:06:42 -------- d-----w- C:\Users\Tim\AppData\Local\{AB2E020F-EB7A-4C5C-8ED9-E34D9E41BA0F}
2012-01-31 23:48:48 -------- d-----w- C:\Users\Tim\AppData\Local\{38BC50E7-0E60-4F7A-881C-408A14B6E9B4}
2012-01-31 23:48:36 -------- d-----w- C:\Users\Tim\AppData\Local\{30055816-C01C-4329-99F2-DD4E2AD0A863}
2012-01-31 14:03:35 -------- d-----w- C:\Users\Tim\AppData\Local\{BE1D3A72-58E3-4874-B686-A917BAB39E43}
2012-01-31 14:03:22 -------- d-----w- C:\Users\Tim\AppData\Local\{63993435-0FD0-4C98-A4E4-3F62658A9195}
2012-01-31 03:37:47 -------- d-----w- C:\Users\Tim\AppData\Local\{94BFAB18-6440-46F4-A2EB-CD8DA4917651}
2012-01-31 03:37:35 -------- d-----w- C:\Users\Tim\AppData\Local\{2AC9A069-BE15-4300-9CCC-1EC33D7840FD}
2012-01-30 21:49:51 -------- d-----w- C:\Users\Tim\AppData\Local\{0FF6DF27-D0C0-4190-96A2-31DCE16C33EC}
2012-01-30 21:49:40 -------- d-----w- C:\Users\Tim\AppData\Local\{D39CEB46-DE4C-479F-B802-B925612E1721}
2012-01-30 14:04:24 -------- d-----w- C:\Users\Tim\AppData\Local\{510905E7-D7AF-4DC3-86A0-4FA9F34E5E04}
2012-01-30 14:04:06 -------- d-----w- C:\Users\Tim\AppData\Local\{6D12C352-BE58-456D-B37D-76A9BD3A21B6}
2012-01-30 00:20:17 -------- d-----w- C:\Users\Tim\AppData\Local\{AE98C8F5-5C54-4052-8407-0B4EE44CAC2C}
2012-01-30 00:20:06 -------- d-----w- C:\Users\Tim\AppData\Local\{0181306F-9B15-45DA-BB56-B946A38BE804}
2012-01-29 14:38:45 -------- d-----w- C:\Users\Tim\AppData\Local\{9A2749BE-78AE-4865-8F6B-FA397215F921}
2012-01-29 14:38:33 -------- d-----w- C:\Users\Tim\AppData\Local\{927BD391-4363-4791-9BCA-4301874ADD44}
2012-01-29 01:42:38 -------- d-----w- C:\Users\Tim\AppData\Local\{C6819C31-D37F-4CF1-9924-2FC6F05F311B}
2012-01-28 12:05:45 -------- d-----w- C:\Users\Tim\AppData\Local\{1E8A607A-8928-463E-8556-3F568169D461}
2012-01-28 03:18:38 -------- d-----w- C:\Users\Tim\AppData\Local\{69F09EEF-13C5-4366-9D0F-AC9783E0E0BB}
2012-01-28 03:18:18 -------- d-----w- C:\Users\Tim\AppData\Local\{2DE39127-5903-496D-BD8D-A54F24A856E2}
2012-01-28 03:12:27 -------- d-----w- C:\Users\Tim\AppData\Local\{FAEF2B35-9571-49E0-8249-D258E37F2283}
2012-01-28 03:12:16 -------- d-----w- C:\Users\Tim\AppData\Local\{AE257FB0-9FFB-48DE-B23F-815EEAA162C0}
.
==================== Find3M ====================
.
2012-01-20 01:06:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec
2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 13:45:09.04 ===============

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:20 PM

Posted 26 February 2012 - 07:05 PM

Welcome to Bleeping Computer, Timmy.


Let's get a hold of the infected computer...

You will need a USB flash drive and access to a clean computer for the procedure outlined below.

Also, you may want to print these instructions so you can have access to follow them.


Please plug a flash drive into a clean computer.
Go to Start > Computer
Double-click Computer, and select the flash drive.
Right-click and select: Format
Press Start on the Format prompt.
Remove when done.

Now, download Farbar Recovery Scan Tool x64
Save the program to the >> USB flash drive.

Next, plug the flash drive into the infected computer.

>>>Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select your language settings, and click: Next
  • Select your User account and click: OK (If you did not set a password, leave blank.)

On the System Recovery Options menu you get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the Command window, at the bliking cursor type notepad and press: Enter
[*]In Notepad, under the File menu select: Open
[*]Double-click Computer, find the flash drive letter, remember what letter it is, click on it, and press: Open
[*]Close out of Notepad.
[*]Click the Command window
[*]Type g:\frst64.exe, and press: Enter
Note: Replace the drive letter g with the drive letter of your flash drive!
[*]The tool will start and prepare to run. Follow the prompts.
[*]You may be asked to once again type: g:\frst64.exe at the Command prompt, and press: Enter
[*]Click Yes to the disclaimer.
[*]Press the Scan button.
[*]The program saves the FRST.txt, on the flash drive.
[*]Click the Command prompt window, type exit, and press: Enter
[*]Back at the System Recovery Options, press: ShutDown[/list]
Please remove the USB flash drive from the infected computer, plug it into the clean computer, and copy/paste the FRST.txt in your reply.

Edited by Aaflac, 28 February 2012 - 12:22 PM.

Old duck...


#3 Timmy.

Timmy.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 27 February 2012 - 09:58 PM

Hello there,
Thanks for taking your time helping me.
And here is the log...

Scan result of Farbar Recovery Scan Tool Version: 27-02-2012 01
Ran by SYSTEM at 27-02-2012 18:52:24
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [568888 2010-01-18] ()
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED [3331944 2009-12-03] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-27] (Apple Inc.)
HKLM-x32\...\Run: [PRISMSVR.EXE] "C:\Windows\system32\PRISMSVR.EXE" /APPLY [x]
HKLM-x32\...\Run: [RaidCall] C:\Program Files (x86)\raidcall\raidcall.exe [2080768 2012-02-10] (RAIDCALL.COM)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Tim\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Tim\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4425048 2010-09-16] (AOL Inc.)
HKU\Tim\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Tim\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\Tim\...\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Tim\...\Policies\system: [DisableRegistryTools] 0
HKU\Tim\...\Policies\system: [DisableTaskMgr] 0
HKLM\...\RunOnce: [226_1618401229422] "C:\Users\Tim\AppData\Local\LOGMEI~1\LMIR0001.tmp_r.bat" [270 2012-02-26] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AMD_RAIDXpert; "C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s [122880 2009-12-15] (AMD)
2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127984 2010-02-26] (CinemaNow, Inc.)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-11-18] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-11-18] (Alcatel-Lucent)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
2 N360; "C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 oracleorahome90agent; C:\Windows\System32\aclient.dll [6656 2009-07-13] (Oak Technology Inc.)
2 LightScribeService; "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [x]
2 SDRSVC32; C:\ProgramData\iepeers32.exe [x]

========================== Drivers (Whitelisted) =============

0 ahcix64s; C:\Windows\System32\DRIVERS\ahcix64s.sys [230456 2009-10-06] (Advanced Micro Devices, Inc)
3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6366720 2010-02-02] (ATI Technologies Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2012-02-07] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-08] (Symantec Corporation)
3 EraserUtilDrv11122; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [138360 2012-02-25] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-08] (Symantec Corporation)
0 FixTDSS; C:\Windows\System32\drivers\FixTDSS.sys [27256 2012-02-09] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120225.003\IDSvia64.sys [488568 2012-02-17] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.018\ENG64.SYS [117880 2012-02-25] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.018\EX64.SYS [2048632 2012-02-25] (Symantec Corporation)
3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2010-12-02] (Nokia)
3 sj; \??\C:\Users\Tim\Desktop\Timmy\Eden Eternal\EdenEternal\sjcs64.sys [47224 2011-12-14] ()
1 SRTSP; C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360x64\0502000.00D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0502000.00D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-02-08] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360x64\0502000.00D\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
3 dump_wmimmc; \??\C:\Program Files (x86)\softnyxGame\GunBoundIS\GameGuard\dump_wmimmc.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena\safedrv.sys [x]
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 npggsvc; C:\Windows\system32\GameMon.des -service [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
2 srservice; [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: oracleorahome90agent

============ One Month Created Files and Folders ==============

2012-02-27 18:52 - 2012-02-27 18:52 - 0000000 ____D C:\FRST
2012-02-27 18:20 - 2012-02-27 18:20 - 1382485 ____A C:\Users\Tim\Downloads\FRST64.exe
2012-02-26 16:05 - 2012-02-26 16:05 - 1176240 ____A (LogMeIn, Inc.) C:\Users\Tim\Downloads\Support-LogMeInRescue (3).exe
2012-02-26 13:48 - 2012-02-26 13:48 - 0048716 ____A C:\Users\Tim\Desktop\DDS.txt
2012-02-26 13:48 - 2012-02-26 13:48 - 0012110 ____A C:\Users\Tim\Desktop\Attach.txt
2012-02-25 21:46 - 2012-02-25 21:46 - 0045568 __ASH C:\Users\Tim\AppData\Thumbs.db
2012-02-25 21:33 - 2012-02-25 22:20 - 0000000 ____D C:\sh4ldr
2012-02-25 21:33 - 2012-02-25 21:33 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-02-25 21:32 - 2012-02-25 22:20 - 0000000 ____D C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-02-25 21:31 - 2012-02-25 21:31 - 0725408 ____A (Enigma Software Group USA, LLC.) C:\Users\Tim\Downloads\SpyHunter-Installer.exe
2012-02-25 16:44 - 2012-02-25 16:44 - 0002141 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-02-25 16:42 - 2012-02-25 16:42 - 0000000 ____D C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-25 07:48 - 2012-02-25 07:48 - 0106263 ____A C:\Users\Tim\Downloads\harvestingliabilityenglish (1).pdf
2012-02-24 17:29 - 2012-02-24 17:30 - 0000000 ____D C:\Users\Tim\AppData\Local\{DB7DA2B4-C37E-494B-A7D9-ADE320BD6FC7}
2012-02-24 17:29 - 2012-02-24 17:29 - 0000000 ____D C:\Users\Tim\AppData\Local\{B6E84EC4-3F39-44A2-8527-17AA8B60A005}
2012-02-23 18:56 - 2012-02-23 18:56 - 0000000 ____D C:\Users\Tim\AppData\Local\{789F178D-0C5F-472F-A7F6-A85C8EA44B20}
2012-02-23 18:56 - 2012-02-23 18:56 - 0000000 ____D C:\Users\Tim\AppData\Local\{1B22F9BC-DC85-4EE9-BB07-8350A10315E3}
2012-02-23 06:20 - 2012-02-23 06:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{A7CD2689-CD19-4C5D-8112-850E7D460E46}
2012-02-23 06:20 - 2012-02-23 06:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{3A15DFDF-CDE2-49B4-99FC-36C3362216D5}
2012-02-22 21:31 - 2012-02-22 21:32 - 0000000 ____D C:\Users\Tim\AppData\Local\{5A2B8DCE-930E-41D9-970A-54584204D82E}
2012-02-22 21:31 - 2012-02-22 21:31 - 0000000 ____D C:\Users\Tim\AppData\Local\{CFA6FFCB-7693-4A73-B062-F9513AB4751F}
2012-02-22 19:35 - 2012-02-22 19:35 - 0002288 ____A C:\{5C90411C-9440-4098-B363-926538B5452D}
2012-02-22 19:33 - 2012-02-22 19:33 - 0002184 ____A C:\{1513FEC1-E25C-447E-9E6D-E2FFFE3D484E}
2012-02-22 19:22 - 2012-02-22 19:22 - 0002128 ____A C:\{2E9C6B62-BA58-4D23-9891-A5A8A1130B3E}
2012-02-22 19:20 - 2012-02-22 19:20 - 0002128 ____A C:\{E8DF7BFC-8211-4C2B-8AA7-52727F73DFAC}
2012-02-22 14:19 - 2012-02-22 14:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{E63F3F48-FCE9-47D2-8279-412D291499A8}
2012-02-22 14:19 - 2012-02-22 14:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{DDCCEB8F-E8FE-468F-A79E-50DB22613F05}
2012-02-22 06:14 - 2012-02-22 06:14 - 0000000 ____D C:\Users\Tim\AppData\Local\{71FF0CF3-ED6C-4FAF-9FDB-96BEE95865C1}
2012-02-22 06:14 - 2012-02-22 06:14 - 0000000 ____D C:\Users\Tim\AppData\Local\{12F95552-4250-4A9B-AB9B-724CF0AE9822}
2012-02-21 18:54 - 2012-02-21 18:54 - 0000000 ____D C:\Users\Tim\AppData\Local\{FE50779F-A6E8-40D2-A9B5-3DB31F1B7109}
2012-02-21 18:54 - 2012-02-21 18:54 - 0000000 ____D C:\Users\Tim\AppData\Local\{A89F6B1A-EF4C-480E-9372-6762757783FE}
2012-02-21 14:26 - 2012-02-21 14:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{562B600C-1D69-413D-8CC5-1A99FF5FCFED}
2012-02-21 14:10 - 2012-02-21 14:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{01A5A941-2A7F-4603-9F9A-A40F0F32DD3F}
2012-02-21 06:13 - 2012-02-21 06:13 - 0000000 ____D C:\Users\Tim\AppData\Local\{D3CCD9E7-B6A1-4395-AA1A-5E7C54C03CD1}
2012-02-21 06:13 - 2012-02-21 06:13 - 0000000 ____D C:\Users\Tim\AppData\Local\{36FDE84D-2258-476A-82E4-C405023A2C51}
2012-02-20 22:57 - 2012-02-20 22:57 - 0000000 ____D C:\Users\Tim\AppData\Local\{892F9CE4-AFB2-4A0C-86F4-74FFEAB9AFE6}
2012-02-20 22:56 - 2012-02-20 22:57 - 0000000 ____D C:\Users\Tim\AppData\Local\{B3FD1726-E115-44C6-8403-FE900F0BD8F1}
2012-02-20 21:42 - 2012-02-20 21:42 - 0002776 ____A C:\{053783FF-A8CE-4243-B19D-8676D95FC1CB}
2012-02-20 21:34 - 2012-02-20 21:34 - 0002368 ____A C:\{F09126DD-1B2A-42A7-AF0E-90F2848AAEA3}
2012-02-20 07:28 - 2012-02-20 07:28 - 0000000 ____D C:\Users\Tim\AppData\Local\{0E8DBE07-5A2E-4C47-9464-CA129C4FA691}
2012-02-20 07:28 - 2012-02-20 07:28 - 0000000 ____D C:\Users\Tim\AppData\Local\{09E7F3D0-D295-471A-A89C-DA8F4362BAC5}
2012-02-19 16:53 - 2012-02-19 16:54 - 0000000 ____D C:\Users\Tim\AppData\Local\{E0768CC4-B08B-486C-9F83-B1AC4857C450}
2012-02-19 16:53 - 2012-02-19 16:53 - 0000000 ____D C:\Users\Tim\AppData\Local\{7568EF21-C6D4-4D93-8E06-EB6BF8DDF6D8}
2012-02-19 08:13 - 2012-02-19 08:13 - 0000000 ____D C:\Users\Tim\AppData\Local\{8CFF0642-14D7-4398-8DA4-4A1F1D3556D4}
2012-02-19 08:12 - 2012-02-19 08:12 - 0000000 ____D C:\Users\Tim\AppData\Local\{359BA579-5B3A-4BD3-AE67-04B66FB85487}
2012-02-18 18:38 - 2012-02-18 18:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{DBEB3248-ED72-4E84-A379-12229D1689EA}
2012-02-18 18:37 - 2012-02-18 18:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{08BA95C3-6E27-4E31-9746-D7CC7D220C8A}
2012-02-18 07:38 - 2012-02-18 07:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{DFD36E02-002E-4C47-A99E-264CF2E84AC0}
2012-02-18 07:38 - 2012-02-18 07:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{1015BC92-EFD4-49C7-9AD8-40738D724F74}
2012-02-17 18:26 - 2012-02-17 18:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{74942E2A-B210-46BB-BE6A-4EB58F3352CD}
2012-02-17 18:25 - 2012-02-17 18:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{44EBB315-45AD-4F95-B20E-790865639B36}
2012-02-17 14:42 - 2012-02-17 14:42 - 0000000 ____D C:\Users\Tim\AppData\Local\{8E4D762B-6129-4D87-86D5-38D1F0188FAD}
2012-02-17 14:42 - 2012-02-17 14:42 - 0000000 ____D C:\Users\Tim\AppData\Local\{404D91CF-4944-464B-AA74-6CE3C90E53A4}
2012-02-17 06:05 - 2012-02-17 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{EEB1BB26-01F8-47A0-BE74-1A91ED123E71}
2012-02-17 06:05 - 2012-02-17 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{CD3F959D-15E4-436E-8ADA-CF4B7A30A537}
2012-02-16 20:29 - 2012-02-16 20:29 - 0000000 ____D C:\Users\Tim\AppData\Local\{B9B447F0-610A-40EB-99BE-5E90F4577816}
2012-02-16 20:29 - 2012-02-16 20:29 - 0000000 ____D C:\Users\Tim\AppData\Local\{680E7411-A15C-466C-B2B0-CC82B348F708}
2012-02-16 14:10 - 2012-02-16 14:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{FDB5A71D-D679-4A6D-AF50-F802DE61060B}
2012-02-16 14:10 - 2012-02-16 14:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{95D7ED74-AB98-44F2-B32B-346A06696214}
2012-02-16 06:03 - 2012-02-16 06:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{B22A9ABE-9745-4E87-AFB7-E928AC83A019}
2012-02-16 06:03 - 2012-02-16 06:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{4EC48EAD-9B4A-4309-B5E4-EBAD7940DAE0}
2012-02-15 18:33 - 2012-02-15 18:33 - 0106263 ____A C:\Users\Tim\Downloads\harvestingliabilityenglish.pdf
2012-02-15 16:40 - 2012-02-15 16:40 - 0000000 ____D C:\Users\Tim\AppData\Local\{8A356AE5-29B3-4036-9004-224A8406234F}
2012-02-15 16:39 - 2012-02-15 16:40 - 0000000 ____D C:\Users\Tim\AppData\Local\{5E826CD9-04D6-4853-A052-0BB7B203C6BB}
2012-02-15 15:02 - 2012-02-15 15:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{CD940A22-0DDD-465B-B8BA-F0BA46D0FE94}
2012-02-15 15:02 - 2012-02-15 15:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{A5231564-964E-4484-BEAE-53A945F40B76}
2012-02-15 06:04 - 2012-02-15 06:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{B6EF34FF-F7F5-4AD7-90B9-570F70593C4E}
2012-02-15 06:03 - 2012-02-15 06:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{903892A1-36EF-4B4A-974D-A33EC28CD77D}
2012-02-14 20:23 - 2012-02-14 20:23 - 0000000 ____D C:\Users\Tim\AppData\Local\{D4DBDF1D-3D4B-4E3C-AA88-4DE50C15ADA6}
2012-02-14 20:22 - 2012-02-14 20:23 - 0000000 ____D C:\Users\Tim\AppData\Local\{4BE73084-641A-49B0-868E-3AFCBEB26442}
2012-02-14 14:26 - 2012-01-13 20:02 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-14 14:26 - 2012-01-04 01:59 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-14 14:26 - 2012-01-04 01:58 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-14 14:26 - 2012-01-04 01:03 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-14 14:26 - 2012-01-04 01:03 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-14 14:26 - 2012-01-02 22:24 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-14 14:26 - 2012-01-02 21:44 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-14 14:26 - 2011-12-27 19:59 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-14 14:26 - 2011-12-16 00:45 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-14 14:26 - 2011-12-16 00:45 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-14 14:26 - 2011-12-16 00:45 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-14 14:26 - 2011-12-16 00:42 - 9335296 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-14 14:26 - 2011-12-16 00:42 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-02-14 14:26 - 2011-12-16 00:42 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-14 14:26 - 2011-12-16 00:42 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-14 14:26 - 2011-12-16 00:42 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-14 14:26 - 2011-12-16 00:42 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-14 14:26 - 2011-12-16 00:41 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-14 14:26 - 2011-12-16 00:41 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-14 14:26 - 2011-12-16 00:40 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-14 14:26 - 2011-12-16 00:40 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-14 14:26 - 2011-12-16 00:40 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-14 14:26 - 2011-12-16 00:40 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-14 14:26 - 2011-12-16 00:40 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-14 14:26 - 2011-12-16 00:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-14 14:26 - 2011-12-16 00:02 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-14 14:26 - 2011-12-16 00:02 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-14 14:26 - 2011-12-16 00:02 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-14 14:26 - 2011-12-15 23:59 - 5999104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-14 14:26 - 2011-12-15 23:59 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-14 14:26 - 2011-12-15 23:59 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-02-14 14:26 - 2011-12-15 23:59 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-14 14:26 - 2011-12-15 23:59 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-14 14:26 - 2011-12-15 23:59 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-14 14:26 - 2011-12-15 23:58 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-14 14:26 - 2011-12-15 23:58 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-14 14:26 - 2011-12-15 23:58 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-14 14:26 - 2011-12-15 23:58 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-14 14:26 - 2011-12-15 23:58 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-14 14:26 - 2011-12-15 23:58 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-14 14:26 - 2011-12-15 23:58 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-14 14:26 - 2011-12-15 23:56 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-14 14:26 - 2011-12-15 23:26 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-14 14:26 - 2011-12-15 22:49 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-14 14:26 - 2011-12-15 22:43 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-14 14:26 - 2011-12-15 22:15 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-14 14:19 - 2012-02-14 14:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{395F7EA8-26C2-4643-AA71-5FA04B905AF2}
2012-02-14 14:18 - 2012-02-14 14:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{64B2FD85-7FCF-42B6-9A4E-5D6CF1A0C4EB}
2012-02-14 06:02 - 2012-02-14 06:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{F3C7A1C7-95AA-434C-BB48-FC236FC9722A}
2012-02-14 06:02 - 2012-02-14 06:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{277E9DB5-DF88-4EDC-835C-F9CB736F049F}
2012-02-13 21:46 - 2012-02-27 00:03 - 0009484 ____A C:\Users\Tim\Desktop\Meg Plan.xlsx
2012-02-13 12:37 - 2012-02-13 12:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{58884724-C4C6-4EB3-86A0-07135725F993}
2012-02-13 12:37 - 2012-02-13 12:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{0B667B58-7C1F-4017-8650-1092B0467DE4}
2012-02-13 11:43 - 2012-02-13 11:43 - 1176240 ____A (LogMeIn, Inc.) C:\Users\Tim\Downloads\Support-LogMeInRescue (2).exe
2012-02-13 07:19 - 2012-02-13 07:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{EA549D6C-448E-4A4D-B84A-7E27D410ED7E}
2012-02-13 07:19 - 2012-02-13 07:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{9E6C7EC3-E3DB-40E0-A381-3795FCF94646}
2012-02-12 22:16 - 2012-02-12 22:16 - 0000000 ____D C:\Users\Tim\AppData\Local\{FE5CF8D4-0660-40E2-97CF-FA8EDAAB9152}
2012-02-12 22:16 - 2012-02-12 22:16 - 0000000 ____D C:\Users\Tim\AppData\Local\{365BDBFE-7A07-4956-9D05-F0E1CD04273A}
2012-02-12 22:14 - 2012-02-12 22:14 - 1198734029 ____A C:\Windows\MEMORY.DMP
2012-02-12 22:14 - 2012-02-12 22:14 - 0274768 ____A C:\Windows\Minidump\021212-24538-01.dmp
2012-02-12 22:14 - 2012-02-12 22:14 - 0000000 ____D C:\Windows\Minidump
2012-02-12 14:33 - 2012-02-12 14:33 - 0000000 ____D C:\Users\Tim\AppData\Local\{44DE5467-08AA-441B-8490-878A5E86F00A}
2012-02-12 14:32 - 2012-02-12 14:33 - 0000000 ____D C:\Users\Tim\AppData\Local\{AA00BB99-8BA1-4557-8D04-A9C57FDEBDB6}
2012-02-12 07:10 - 2012-02-12 07:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{71630943-ECB8-484B-98EC-C758F1D98681}
2012-02-12 07:10 - 2012-02-12 07:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{604226BA-DF85-4E4E-A3CD-D4E26EE408F4}
2012-02-11 22:27 - 2012-02-11 23:57 - 3993042 ____A C:\Windows\ntbtlog.txt
2012-02-11 22:24 - 2012-02-11 22:24 - 0000000 ____D C:\Users\Tim\AppData\Local\{A3D46A6F-7CAD-45B3-99DF-F6AC4E1DB4A5}
2012-02-11 18:06 - 2012-02-11 18:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{3B06855F-5B66-40BA-8974-322C3E0F9CDC}
2012-02-11 18:06 - 2012-02-11 18:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{36210DD4-D09D-48F8-B9AE-55B4E5E8D140}
2012-02-11 08:00 - 2012-02-11 08:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{B36669B7-DA73-4355-8937-AF2E9CB0AF9A}
2012-02-11 08:00 - 2012-02-11 08:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{3E16EAC5-5D54-45C0-94DA-5D006CFF6094}
2012-02-10 21:52 - 2012-02-10 21:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{DF5EAFAA-E537-4840-B83F-3D921312C001}
2012-02-10 21:52 - 2012-02-10 21:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{9AE07710-91F7-4CE7-B4DB-942BAC99F8AE}
2012-02-10 14:35 - 2012-02-10 14:35 - 0000000 ____D C:\Users\Tim\AppData\Local\{1CA1077F-03FF-4BC9-9015-9ED11E85AFE4}
2012-02-10 14:35 - 2012-02-10 14:35 - 0000000 ____D C:\Users\Tim\AppData\Local\{08B416C8-3906-4E34-817F-49E600FA3535}
2012-02-10 06:06 - 2012-02-10 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{5EB52FFE-AB9F-49F2-B4B5-4C8575D52774}
2012-02-10 06:05 - 2012-02-10 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{C37F462A-D034-4647-96CE-745BF5BF59D8}
2012-02-09 18:29 - 2012-02-09 18:29 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-1.60.1.1000.exe
2012-02-09 18:29 - 2012-02-09 18:29 - 0001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-09 18:29 - 2012-02-09 18:29 - 0000000 ____D C:\Users\Tim\AppData\Local\{8B9BCB06-13B8-433E-838A-C64BEA62BBC4}
2012-02-09 18:29 - 2011-12-10 15:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-02-09 18:14 - 2012-02-09 18:14 - 0001167 ____A C:\Users\Tim\Desktop\TalonPatch.exe - Shortcut.lnk
2012-02-09 18:04 - 2012-02-09 18:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{7E7F1672-1265-4FFB-817A-24FA3E98FCFA}
2012-02-09 18:03 - 2012-02-09 18:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{494CECE2-87AF-4BF6-90EB-B910C16F68C5}
2012-02-09 16:05 - 2012-02-09 16:05 - 0815312 ____A (Symantec Corporation) C:\Users\Tim\Downloads\NBRT-Retail-Downloader (1).exe
2012-02-09 16:04 - 2012-02-09 16:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{15443512-9A66-4A89-B033-2A73582754A3}
2012-02-09 16:03 - 2012-02-09 16:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{1FF57F01-3696-464B-B6ED-D07CDB200A59}
2012-02-09 15:52 - 2012-02-09 15:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{8EC3F627-BED6-45E5-A9E7-A882EC0A9CD1}
2012-02-09 15:52 - 2012-02-09 15:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{47521F42-24F3-4493-B3A4-659B53E71C34}
2012-02-09 15:19 - 2012-02-09 15:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{AAC90BFC-B105-442D-88CA-1E98855BE1E2}
2012-02-09 15:05 - 2012-02-09 15:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{B68DEFDD-CAA6-4151-BBCE-E886D84F000A}
2012-02-09 15:04 - 2012-02-09 15:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{EF40922E-ECB0-4232-B26D-4B49AC6BFFA4}
2012-02-09 14:58 - 2012-02-09 14:58 - 2804808 ____A (Symantec Corporation) C:\Users\Tim\Downloads\NPE (1).exe
2012-02-09 14:52 - 2012-02-09 14:53 - 1766312 ____A (Symantec Corporation) C:\Users\Tim\Desktop\FixZeroAccess.exe
2012-02-09 14:52 - 2012-02-09 14:52 - 1766312 ____A (Symantec Corporation) C:\Users\Tim\Downloads\FixZeroAccess.exe
2012-02-09 14:45 - 2012-02-09 14:45 - 1176240 ____A (LogMeIn, Inc.) C:\Users\Tim\Downloads\Support-LogMeInRescue (1).exe
2012-02-09 14:31 - 2012-02-09 14:32 - 0000000 ____D C:\Users\Tim\AppData\Local\{61DDD23D-BB45-4417-9112-DA43E0C0E93F}
2012-02-09 14:31 - 2012-02-09 14:31 - 0000000 ____D C:\Users\Tim\AppData\Local\{A2DCF338-711A-430F-9A55-1612DEB5E9B0}
2012-02-09 14:29 - 2012-02-09 14:29 - 1932256 ____A (Symantec Corporation) C:\Users\Tim\Downloads\FixTDSS (1).exe
2012-02-09 14:29 - 2012-02-09 14:29 - 0027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-02-09 14:29 - 2012-02-09 14:29 - 0000000 ____D C:\Users\Tim\AppData\Roaming\FixTDSS
2012-02-09 14:19 - 2012-02-09 14:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{55303AA8-525D-4704-B65E-F73279CD60AA}
2012-02-09 14:19 - 2012-02-09 14:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{3BDADF61-83BE-4E89-8C7C-4A0A56CDDF86}
2012-02-09 14:07 - 2012-02-09 14:07 - 1932256 ____A (Symantec Corporation) C:\Users\Tim\Downloads\FixTDSS.exe
2012-02-09 14:04 - 2012-02-09 14:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{537CDB81-C188-49BF-8B90-8F1EB43BE94C}
2012-02-09 14:04 - 2012-02-09 14:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{0D826F21-5402-49E3-9453-048B94094FAB}
2012-02-09 06:06 - 2012-02-09 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{94FA6DBC-0FD4-4CD5-B0FD-C542BFFA8AA7}
2012-02-09 06:05 - 2012-02-09 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{32FFA726-FAA6-483B-B6FB-8A2AFAE4A5BF}
2012-02-08 21:13 - 2012-02-08 21:13 - 0000000 ____D C:\Users\Tim\AppData\Local\{7A3CCC59-CA6A-4429-9574-BDB7329C1EF3}
2012-02-08 21:12 - 2012-02-08 21:13 - 0000000 ____D C:\Users\Tim\AppData\Local\{28B6B993-E35D-48B9-9324-56979FC5D31B}
2012-02-08 21:09 - 2012-02-08 21:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{DAD5CCB6-D6B1-478F-ADA5-FCD204087DEC}
2012-02-08 21:08 - 2012-02-08 21:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{1BCA55E3-FF15-4E3C-96D2-25E76B2A0081}
2012-02-08 21:05 - 2012-02-08 21:05 - 0122616 ____A C:\Users\Tim\Desktop\BFE.reg
2012-02-08 21:04 - 2012-02-13 12:17 - 0005300 ____A C:\Users\Tim\Desktop\RegBackup.reg
2012-02-08 21:02 - 2012-02-08 21:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{B0D7AE5C-77F7-4324-A0D1-AE79DEA1A8BC}
2012-02-08 21:01 - 2012-02-08 21:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{A9B49E87-749E-4CEA-87DF-13E97A6B0D17}
2012-02-08 20:50 - 2012-02-08 20:51 - 0000000 ____D C:\Users\Tim\AppData\Local\{8B612A31-416A-4490-8839-EA1CE2D6EF37}
2012-02-08 20:50 - 2012-02-08 20:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{AD4D82F9-875C-4F4B-B973-92F088E658C0}
2012-02-08 20:39 - 2012-02-09 14:03 - 0002458 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-02-08 20:39 - 2012-02-08 20:39 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-02-08 20:39 - 2012-02-08 20:39 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-02-08 20:39 - 2012-02-08 20:39 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-02-08 20:37 - 2012-02-08 20:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{B6B0DC9E-F593-4441-95FC-044453666319}
2012-02-08 20:37 - 2012-02-08 20:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{1C0AB7AE-BA7E-480E-8F0A-7ECA59C47B11}
2012-02-08 20:31 - 2012-02-08 20:31 - 0920384 ____A C:\Users\Tim\Downloads\Norton_Removal_Tool.exe
2012-02-08 20:30 - 2012-02-08 20:32 - 122260984 ____A (Symantec Corporation) C:\Users\Tim\Downloads\N360-ESD-18-6-0-29-EN.exe
2012-02-08 20:26 - 2012-02-26 19:00 - 0000000 ____D C:\Users\Tim\AppData\Local\LogMeIn Rescue Applet
2012-02-08 20:25 - 2012-02-08 20:25 - 1176240 ____A (LogMeIn, Inc.) C:\Users\Tim\Downloads\Support-LogMeInRescue.exe
2012-02-08 19:41 - 2012-02-08 19:41 - 0000000 ____D C:\Users\Tim\AppData\Local\{C0F21AB4-D55E-46DB-A86C-B51A7F81AEC0}
2012-02-08 19:41 - 2012-02-08 19:41 - 0000000 ____D C:\Users\Tim\AppData\Local\{6B3FDFF2-8885-4D8E-B9A0-2A11E006FE05}
2012-02-08 19:39 - 2012-02-08 19:39 - 2804808 ____A (Symantec Corporation) C:\Users\Tim\Downloads\NPE.exe
2012-02-08 19:32 - 2012-02-08 19:32 - 0000000 ____D C:\Users\Tim\AppData\Local\{BB8B2D2F-778F-4F9D-8214-BD77198AC1A1}
2012-02-08 19:32 - 2012-02-08 19:32 - 0000000 ____D C:\Users\Tim\AppData\Local\{9D842716-BDD0-454A-9540-DC4EA6B3747E}
2012-02-08 17:59 - 2012-02-08 17:59 - 0000000 ____D C:\Users\Tim\AppData\Local\{42E98AE5-DF17-47BE-A2EA-2606BA48E781}
2012-02-08 17:58 - 2012-02-08 17:59 - 0000000 ____D C:\Users\Tim\AppData\Local\{59DB98E6-E155-4F75-830D-9E37FE766B8F}
2012-02-08 17:26 - 2012-02-08 17:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{BF1A5437-FF4A-43D1-A883-91B99C0BA03F}
2012-02-08 17:26 - 2012-02-08 17:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{15BBF309-EA77-48FD-B646-FDCD88FFB444}
2012-02-08 14:15 - 2012-02-08 14:15 - 0000000 ____D C:\Users\Tim\AppData\Local\{AEB813EA-FC70-4E88-BD08-F21A346E363C}
2012-02-08 14:15 - 2012-02-08 14:15 - 0000000 ____D C:\Users\Tim\AppData\Local\{05FEEBB6-C8F8-40C8-A038-66B63C33E855}
2012-02-08 06:05 - 2012-02-08 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{78691FDE-6A00-49D6-9A5D-160305B94F46}
2012-02-08 06:05 - 2012-02-08 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{7704DB92-3DE1-40C4-A9EA-599EDA86D270}
2012-02-07 16:11 - 2012-02-07 16:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{C01157F6-70DE-4BF1-92F7-1929ACFE5B64}
2012-02-07 16:11 - 2012-02-07 16:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{AE1BF0D7-03D4-4773-856B-7D01D407CC1F}
2012-02-07 06:07 - 2012-02-07 06:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{C8AF71A7-6612-46B7-8A7A-63659CD31D08}
2012-02-07 06:07 - 2012-02-07 06:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{88716A26-17E3-47AB-8F4F-1CFCC3C3F63D}
2012-02-06 18:42 - 2012-02-06 18:42 - 0000000 ____D C:\Users\Tim\AppData\Local\{89CDA367-C822-46B6-BDE1-486DE8BFAFB7}
2012-02-06 18:42 - 2012-02-06 18:42 - 0000000 ____D C:\Users\Tim\AppData\Local\{77618018-F431-4CD5-93C8-69948268C1D7}
2012-02-06 14:10 - 2012-02-06 14:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{7DE3531A-2CC7-4E6D-A605-228EA4AC8637}
2012-02-06 14:10 - 2012-02-06 14:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{1FD842BD-3414-4781-BB8C-51AF8B22FBD1}
2012-02-06 06:02 - 2012-02-06 06:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{D036A572-A7AA-485C-8051-9EE1B2702CCC}
2012-02-06 06:02 - 2012-02-06 06:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{CAD0098B-2351-44B9-9B66-6852FD08AE3C}
2012-02-05 11:46 - 2012-02-05 11:46 - 0000000 ____D C:\Users\Tim\AppData\Local\{FF603550-2B16-4851-B821-57F395355A4A}
2012-02-05 11:46 - 2012-02-05 11:46 - 0000000 ____D C:\Users\Tim\AppData\Local\{462279F7-B652-41C9-9D97-FBDCEB0D5BB4}
2012-02-05 06:13 - 2012-02-14 14:19 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-05 05:09 - 2012-02-05 05:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{33910A9B-8B0F-4F5F-AF57-F79253CE0B55}
2012-02-05 05:09 - 2012-02-05 05:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{1FC645A1-03D3-4942-A4A2-95A79A1F9DE5}
2012-02-04 18:39 - 2012-02-04 18:39 - 0000000 ____D C:\Users\Tim\AppData\Local\{833F0A84-F17C-43CD-B987-62BC98ECA3E2}
2012-02-04 18:39 - 2012-02-04 18:39 - 0000000 ____D C:\Users\Tim\AppData\Local\{6B786AFF-3517-460F-BAB0-2795B2086821}
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At38.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At36.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At34.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At32.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At30.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At28.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At26.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At24.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At22.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At20.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At18.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000348 ____A C:\Windows\Tasks\At16.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At37.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At35.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At33.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At31.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At29.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At27.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At25.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At23.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At21.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At19.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At17.job
2012-02-04 06:50 - 2012-02-27 18:15 - 0000346 ____A C:\Windows\Tasks\At15.job
2012-02-04 06:50 - 2012-02-27 06:08 - 0000348 ____A C:\Windows\Tasks\At14.job
2012-02-04 06:50 - 2012-02-27 06:08 - 0000346 ____A C:\Windows\Tasks\At13.job
2012-02-04 06:50 - 2012-02-27 06:01 - 0000348 ____A C:\Windows\Tasks\At8.job
2012-02-04 06:50 - 2012-02-27 06:01 - 0000348 ____A C:\Windows\Tasks\At6.job
2012-02-04 06:50 - 2012-02-27 06:01 - 0000348 ____A C:\Windows\Tasks\At4.job
2012-02-04 06:50 - 2012-02-27 06:01 - 0000348 ____A C:\Windows\Tasks\At12.job
2012-02-04 06:50 - 2012-02-27 06:01 - 0000348 ____A C:\Windows\Tasks\At10.job
2012-02-04 06:50 - 2012-02-27 06:01 - 0000346 ____A C:\Windows\Tasks\At9.job
2012-02-04 06:50 - 2012-02-27 06:01 - 0000346 ____A C:\Windows\Tasks\At7.job
2012-02-04 06:50 - 2012-02-27 06:01 - 0000346 ____A C:\Windows\Tasks\At5.job
2012-02-04 06:50 - 2012-02-27 06:01 - 0000346 ____A C:\Windows\Tasks\At3.job
2012-02-04 06:50 - 2012-02-27 06:01 - 0000346 ____A C:\Windows\Tasks\At11.job
2012-02-04 06:50 - 2012-02-27 00:08 - 0000348 ____A C:\Windows\Tasks\At2.job
2012-02-04 06:50 - 2012-02-27 00:08 - 0000346 ____A C:\Windows\Tasks\At1.job
2012-02-04 06:50 - 2012-02-26 23:08 - 0000348 ____A C:\Windows\Tasks\At48.job
2012-02-04 06:50 - 2012-02-26 23:08 - 0000346 ____A C:\Windows\Tasks\At47.job
2012-02-04 06:50 - 2012-02-26 22:08 - 0000348 ____A C:\Windows\Tasks\At46.job
2012-02-04 06:50 - 2012-02-26 22:08 - 0000346 ____A C:\Windows\Tasks\At45.job
2012-02-04 06:50 - 2012-02-26 21:08 - 0000348 ____A C:\Windows\Tasks\At44.job
2012-02-04 06:50 - 2012-02-26 21:08 - 0000346 ____A C:\Windows\Tasks\At43.job
2012-02-04 06:50 - 2012-02-26 20:08 - 0000348 ____A C:\Windows\Tasks\At42.job
2012-02-04 06:50 - 2012-02-26 20:08 - 0000346 ____A C:\Windows\Tasks\At41.job
2012-02-04 06:50 - 2012-02-26 19:08 - 0000348 ____A C:\Windows\Tasks\At40.job
2012-02-04 06:50 - 2012-02-26 19:08 - 0000346 ____A C:\Windows\Tasks\At39.job
2012-02-04 06:50 - 2012-02-04 06:50 - 0000000 ____A C:\ProgramData\K2Ds85.dat
2012-02-04 06:41 - 2012-02-04 06:41 - 0000000 ____D C:\Users\Tim\AppData\Local\{AA0FDEA3-7DC8-41CE-AE29-F5816FFC823E}
2012-02-04 06:41 - 2012-02-04 06:41 - 0000000 ____D C:\Users\Tim\AppData\Local\{636B91D4-B04C-4FF8-8353-4FEB440C8030}
2012-02-03 20:50 - 2012-02-03 20:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{DDE2CA5C-0CC5-4D0A-90A1-18A51FBAA3A7}
2012-02-03 20:49 - 2012-02-03 20:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{61DEFBCF-AA0C-447C-94A9-D424F92C8099}
2012-02-03 16:00 - 2012-02-03 16:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{D31477EF-C9A7-43ED-9A82-3D7FFD404D96}
2012-02-03 16:00 - 2012-02-03 16:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{454729B1-5F43-493A-9CC5-15E228084060}
2012-02-03 06:18 - 2012-02-03 06:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{D097CCB4-8708-4410-9463-3E64D87E1B4B}
2012-02-03 06:18 - 2012-02-03 06:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{29B62D5E-C69F-402D-BC9E-B9D7D5569DAC}
2012-02-02 18:26 - 2012-02-02 18:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{D957CBC4-C9F5-4B71-9021-426972CDAC47}
2012-02-02 18:25 - 2012-02-02 18:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{620BF49F-5B26-4AB3-9F1A-23BAAA6BBC3F}
2012-02-02 18:23 - 2012-02-09 18:01 - 0000000 ____D C:\NBRT
2012-02-02 18:15 - 2012-02-02 18:15 - 0000000 ____D C:\Users\Tim\AppData\Local\{EFA24E6B-51FF-4F3D-92F6-664D8B87BC23}
2012-02-02 18:15 - 2012-02-02 18:15 - 0000000 ____D C:\Users\Tim\AppData\Local\{6AA0C1D7-5E52-4A9B-AA99-79F773BA14BB}
2012-02-02 18:08 - 2012-02-02 18:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{DF64AB63-DCD3-48FF-B0F5-1B9BACB7C5E7}
2012-02-02 18:08 - 2012-02-02 18:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{468F3536-01AA-4569-9AB1-BBB3F86F35E2}
2012-02-02 17:56 - 2012-02-02 17:56 - 0001499 ____A C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
2012-02-02 17:56 - 2009-05-17 23:47 - 0034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-02-02 17:55 - 2012-02-09 16:01 - 0000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-02-02 17:55 - 2012-02-09 15:48 - 0000000 ____D C:\Windows\System32\Drivers\NBRTWizardx64
2012-02-02 17:53 - 2012-02-09 16:06 - 0001380 ____A C:\Users\Tim\Desktop\Norton Installation Files.lnk
2012-02-02 17:52 - 2012-02-02 17:52 - 0815312 ____A (Symantec Corporation) C:\Users\Tim\Downloads\NBRT-Retail-Downloader.exe
2012-02-02 17:52 - 2011-11-16 23:17 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-02-02 17:52 - 2011-11-16 23:17 - 0095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-02-02 17:52 - 2011-11-16 23:15 - 0460296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-02-02 17:52 - 2011-11-16 23:12 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-02-02 17:52 - 2011-11-16 23:11 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-02-02 17:52 - 2011-11-16 23:11 - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-02-02 17:52 - 2011-11-16 23:11 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-02-02 17:52 - 2011-11-16 23:10 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-02-02 17:52 - 2011-11-16 23:08 - 1446912 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-02-02 17:52 - 2011-11-16 23:05 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-02-02 17:52 - 2011-11-16 21:39 - 0314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-02-02 17:52 - 2011-11-16 21:39 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-02-02 17:52 - 2011-11-16 21:39 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-02-02 17:52 - 2011-11-16 21:35 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-02-02 17:48 - 2012-02-02 17:48 - 0000000 ____D C:\Users\Tim\AppData\Local\{45BF4C77-E8B7-420F-964C-B8832C70B9A1}
2012-02-02 15:58 - 2012-02-02 15:58 - 0000000 ____D C:\Users\Tim\AppData\Local\{67B4C802-7976-4223-9B2E-4E9701FD27E2}
2012-02-02 15:58 - 2012-02-02 15:58 - 0000000 ____D C:\Users\Tim\AppData\Local\{58CC7520-04F0-43F1-985F-E03305C82FB7}
2012-02-02 15:52 - 2012-02-02 15:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{F6F17627-281A-4767-BFA1-FE7AB6A8A80E}
2012-02-02 15:52 - 2012-02-02 15:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{1D578613-21E7-467C-9796-5F646958F202}
2012-02-02 06:04 - 2012-02-02 06:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{61D5DB75-2D9E-4F58-A713-76359D299A25}
2012-02-02 06:04 - 2012-02-02 06:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{4911BF57-7A59-409A-AA6D-F6B7248EA486}
2012-02-01 22:30 - 2012-02-01 22:30 - 0000000 ____D C:\Users\Tim\AppData\Local\{A12DA924-CCDE-4732-AA4A-51763A61CB29}
2012-02-01 22:30 - 2012-02-01 22:30 - 0000000 ____D C:\Users\Tim\AppData\Local\{463E5D51-E467-4206-9C73-63F88A2CCE7B}
2012-02-01 22:05 - 2012-02-01 22:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{40C02339-088D-49C8-9EA5-647568E81D96}
2012-02-01 22:05 - 2012-02-01 22:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{36F64E95-915D-4ABF-BFA6-BDBE64C00277}
2012-02-01 16:35 - 2012-02-01 16:35 - 0000000 ____D C:\Users\Tim\AppData\Local\{C14BCE6D-224F-42E8-9184-5FEEB8DD2D34}
2012-02-01 16:35 - 2012-02-01 16:35 - 0000000 ____D C:\Users\Tim\AppData\Local\{3BCEC4B0-2BB9-4D9A-8112-42D9522E4EF3}
2012-02-01 16:23 - 2012-02-09 18:29 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-01 16:22 - 2012-02-01 16:22 - 0000000 ____D C:\Users\Tim\AppData\Local\{FADB93C3-7904-4BEB-9E1A-2C5728D19B91}
2012-02-01 16:22 - 2012-02-01 16:22 - 0000000 ____D C:\Users\Tim\AppData\Local\{ECCE1818-9A7B-4126-89D7-0FFBADBF542C}
2012-02-01 16:18 - 2012-02-01 16:18 - 0000000 ____D C:\Users\Tim\AppData\Roaming\Malwarebytes
2012-02-01 16:18 - 2012-02-01 16:18 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-01 16:17 - 2012-02-01 16:23 - 0000312 ____A C:\rkill.log
2012-02-01 14:11 - 2012-02-01 14:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{B28F67A1-8699-461B-B949-39DDCDCCA01C}
2012-02-01 14:11 - 2012-02-01 14:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{89EAF84F-0435-40D1-A809-A719B540127E}
2012-02-01 06:06 - 2012-02-01 06:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{C3752545-A4E7-45A1-9F37-6D64A1577817}
2012-02-01 06:06 - 2012-02-01 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{AB2E020F-EB7A-4C5C-8ED9-E34D9E41BA0F}
2012-01-31 15:48 - 2012-01-31 15:48 - 0000000 ____D C:\Users\Tim\AppData\Local\{38BC50E7-0E60-4F7A-881C-408A14B6E9B4}
2012-01-31 15:48 - 2012-01-31 15:48 - 0000000 ____D C:\Users\Tim\AppData\Local\{30055816-C01C-4329-99F2-DD4E2AD0A863}
2012-01-31 06:03 - 2012-01-31 06:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{BE1D3A72-58E3-4874-B686-A917BAB39E43}
2012-01-31 06:03 - 2012-01-31 06:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{63993435-0FD0-4C98-A4E4-3F62658A9195}
2012-01-30 19:37 - 2012-01-30 19:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{94BFAB18-6440-46F4-A2EB-CD8DA4917651}
2012-01-30 19:37 - 2012-01-30 19:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{2AC9A069-BE15-4300-9CCC-1EC33D7840FD}
2012-01-30 13:49 - 2012-01-30 13:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{0FF6DF27-D0C0-4190-96A2-31DCE16C33EC}
2012-01-30 13:49 - 2012-01-30 13:49 - 0000000 ____D C:\Users\Tim\AppData\Local\{D39CEB46-DE4C-479F-B802-B925612E1721}
2012-01-30 06:04 - 2012-01-30 06:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{6D12C352-BE58-456D-B37D-76A9BD3A21B6}
2012-01-30 06:04 - 2012-01-30 06:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{510905E7-D7AF-4DC3-86A0-4FA9F34E5E04}
2012-01-29 23:11 - 2012-01-29 23:11 - 0013315 ____A C:\Users\Tim\Downloads\Board Meeting 1-21.docx
2012-01-29 16:25 - 2012-01-29 16:28 - 205959446 ____A C:\Users\Tim\Downloads\2012_01_29TalonROWoE.mp4
2012-01-29 16:20 - 2012-01-29 16:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{AE98C8F5-5C54-4052-8407-0B4EE44CAC2C}
2012-01-29 16:20 - 2012-01-29 16:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{0181306F-9B15-45DA-BB56-B946A38BE804}
2012-01-29 06:38 - 2012-01-29 06:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{9A2749BE-78AE-4865-8F6B-FA397215F921}
2012-01-29 06:38 - 2012-01-29 06:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{927BD391-4363-4791-9BCA-4301874ADD44}
2012-01-28 17:42 - 2012-01-28 17:42 - 0000000 ____D C:\Users\Tim\AppData\Local\{C6819C31-D37F-4CF1-9924-2FC6F05F311B}
2012-01-28 04:05 - 2012-01-28 04:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{1E8A607A-8928-463E-8556-3F568169D461}

============ 3 Months Modified Files and Folders =============

2012-02-27 18:52 - 2012-02-27 18:52 - 0000000 ____D C:\FRST
2012-02-27 18:46 - 2011-05-21 13:23 - 0000000 ____D C:\Users\Tim\AppData\Roaming\Skype
2012-02-27 18:46 - 2010-07-21 05:15 - 1186141 ____A C:\Windows\WindowsUpdate.log
2012-02-27 18:24 - 2012-01-02 16:40 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-27 18:20 - 2012-02-27 18:20 - 1382485 ____A C:\Users\Tim\Downloads\FRST64.exe
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At38.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At36.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At34.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At32.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At30.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At28.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At26.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At24.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At22.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At20.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At18.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At16.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At37.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At35.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At33.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At31.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At29.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At27.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At25.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At23.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At21.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At19.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At17.job
2012-02-27 18:15 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At15.job
2012-02-27 18:15 - 2012-01-02 16:40 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-27 06:08 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At14.job
2012-02-27 06:08 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At13.job
2012-02-27 06:01 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At8.job
2012-02-27 06:01 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At6.job
2012-02-27 06:01 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At4.job
2012-02-27 06:01 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At12.job
2012-02-27 06:01 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At10.job
2012-02-27 06:01 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At9.job
2012-02-27 06:01 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At7.job
2012-02-27 06:01 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At5.job
2012-02-27 06:01 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At3.job
2012-02-27 06:01 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At11.job
2012-02-27 00:08 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At2.job
2012-02-27 00:08 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At1.job
2012-02-27 00:03 - 2012-02-13 21:46 - 0009484 ____A C:\Users\Tim\Desktop\Meg Plan.xlsx
2012-02-26 23:08 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At48.job
2012-02-26 23:08 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At47.job
2012-02-26 22:08 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At46.job
2012-02-26 22:08 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At45.job
2012-02-26 21:08 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At44.job
2012-02-26 21:08 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At43.job
2012-02-26 20:08 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At42.job
2012-02-26 20:08 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At41.job
2012-02-26 19:34 - 2010-10-19 20:26 - 0008722 ____A C:\Users\Tim\Desktop\confirmation numbers.txt
2012-02-26 19:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-26 19:08 - 2012-02-04 06:50 - 0000348 ____A C:\Windows\Tasks\At40.job
2012-02-26 19:08 - 2012-02-04 06:50 - 0000346 ____A C:\Windows\Tasks\At39.job
2012-02-26 19:00 - 2012-02-08 20:26 - 0000000 ____D C:\Users\Tim\AppData\Local\LogMeIn Rescue Applet
2012-02-26 16:47 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-26 16:47 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-26 16:05 - 2012-02-26 16:05 - 1176240 ____A (LogMeIn, Inc.) C:\Users\Tim\Downloads\Support-LogMeInRescue (3).exe
2012-02-26 13:48 - 2012-02-26 13:48 - 0048716 ____A C:\Users\Tim\Desktop\DDS.txt
2012-02-26 13:48 - 2012-02-26 13:48 - 0012110 ____A C:\Users\Tim\Desktop\Attach.txt
2012-02-25 22:20 - 2012-02-25 21:33 - 0000000 ____D C:\sh4ldr
2012-02-25 22:20 - 2012-02-25 21:32 - 0000000 ____D C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-02-25 21:46 - 2012-02-25 21:46 - 0045568 __ASH C:\Users\Tim\AppData\Thumbs.db
2012-02-25 21:33 - 2012-02-25 21:33 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-02-25 21:31 - 2012-02-25 21:31 - 0725408 ____A (Enigma Software Group USA, LLC.) C:\Users\Tim\Downloads\SpyHunter-Installer.exe
2012-02-25 16:52 - 2010-10-08 14:28 - 0000324 ____A C:\Windows\Tasks\HPCeeScheduleForTim.job
2012-02-25 16:52 - 2010-10-02 20:29 - 0000000 ____D C:\users\Tim
2012-02-25 16:51 - 2010-07-21 05:15 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-02-25 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-02-25 16:44 - 2012-02-25 16:44 - 0002141 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-02-25 16:44 - 2010-07-21 05:14 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-02-25 16:42 - 2012-02-25 16:42 - 0000000 ____D C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-25 07:48 - 2012-02-25 07:48 - 0106263 ____A C:\Users\Tim\Downloads\harvestingliabilityenglish (1).pdf
2012-02-25 03:03 - 2009-07-13 21:13 - 0739906 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-25 03:02 - 2012-01-02 16:40 - 0002306 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-02-24 17:41 - 2010-10-08 14:13 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-02-24 17:39 - 2010-10-08 14:12 - 0000000 ____D C:\Users\Tim\AppData\Roaming\HP Support Assistant
2012-02-24 17:39 - 2010-10-03 22:11 - 0000000 ____D C:\Users\Tim\AppData\Roaming\HpUpdate
2012-02-24 17:30 - 2012-02-24 17:29 - 0000000 ____D C:\Users\Tim\AppData\Local\{DB7DA2B4-C37E-494B-A7D9-ADE320BD6FC7}
2012-02-24 17:29 - 2012-02-24 17:29 - 0000000 ____D C:\Users\Tim\AppData\Local\{B6E84EC4-3F39-44A2-8527-17AA8B60A005}
2012-02-24 17:29 - 2010-10-11 03:07 - 0000000 ____D C:\Users\Tim\Tracing
2012-02-24 17:28 - 2010-12-02 19:08 - 0000000 ____D C:\Users\Tim\AppData\Local\CrashDumps
2012-02-24 17:28 - 2010-07-22 22:43 - 3013521408 __ASH C:\hiberfil.sys
2012-02-24 17:28 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-24 17:28 - 2009-07-13 20:51 - 0102645 ____A C:\Windows\setupact.log
2012-02-24 17:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-24 17:26 - 2010-10-14 18:16 - 0000000 ____D C:\Users\Tim\AppData\Roaming\Elluminate
2012-02-24 17:26 - 2010-07-21 05:47 - 0000000 ____D C:\ProgramData\Norton
2012-02-24 17:26 - 2010-07-21 05:28 - 0000000 ____D C:\ProgramData\CinemaNow
2012-02-24 17:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-02-23 18:56 - 2012-02-23 18:56 - 0000000 ____D C:\Users\Tim\AppData\Local\{789F178D-0C5F-472F-A7F6-A85C8EA44B20}
2012-02-23 18:56 - 2012-02-23 18:56 - 0000000 ____D C:\Users\Tim\AppData\Local\{1B22F9BC-DC85-4EE9-BB07-8350A10315E3}
2012-02-23 06:20 - 2012-02-23 06:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{A7CD2689-CD19-4C5D-8112-850E7D460E46}
2012-02-23 06:20 - 2012-02-23 06:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{3A15DFDF-CDE2-49B4-99FC-36C3362216D5}
2012-02-22 21:32 - 2012-02-22 21:31 - 0000000 ____D C:\Users\Tim\AppData\Local\{5A2B8DCE-930E-41D9-970A-54584204D82E}
2012-02-22 21:31 - 2012-02-22 21:31 - 0000000 ____D C:\Users\Tim\AppData\Local\{CFA6FFCB-7693-4A73-B062-F9513AB4751F}
2012-02-22 19:35 - 2012-02-22 19:35 - 0002288 ____A C:\{5C90411C-9440-4098-B363-926538B5452D}
2012-02-22 19:33 - 2012-02-22 19:33 - 0002184 ____A C:\{1513FEC1-E25C-447E-9E6D-E2FFFE3D484E}
2012-02-22 19:22 - 2012-02-22 19:22 - 0002128 ____A C:\{2E9C6B62-BA58-4D23-9891-A5A8A1130B3E}
2012-02-22 19:20 - 2012-02-22 19:20 - 0002128 ____A C:\{E8DF7BFC-8211-4C2B-8AA7-52727F73DFAC}
2012-02-22 14:19 - 2012-02-22 14:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{E63F3F48-FCE9-47D2-8279-412D291499A8}
2012-02-22 14:19 - 2012-02-22 14:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{DDCCEB8F-E8FE-468F-A79E-50DB22613F05}
2012-02-22 06:14 - 2012-02-22 06:14 - 0000000 ____D C:\Users\Tim\AppData\Local\{71FF0CF3-ED6C-4FAF-9FDB-96BEE95865C1}
2012-02-22 06:14 - 2012-02-22 06:14 - 0000000 ____D C:\Users\Tim\AppData\Local\{12F95552-4250-4A9B-AB9B-724CF0AE9822}
2012-02-21 18:54 - 2012-02-21 18:54 - 0000000 ____D C:\Users\Tim\AppData\Local\{FE50779F-A6E8-40D2-A9B5-3DB31F1B7109}
2012-02-21 18:54 - 2012-02-21 18:54 - 0000000 ____D C:\Users\Tim\AppData\Local\{A89F6B1A-EF4C-480E-9372-6762757783FE}
2012-02-21 14:26 - 2012-02-21 14:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{562B600C-1D69-413D-8CC5-1A99FF5FCFED}
2012-02-21 14:10 - 2012-02-21 14:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{01A5A941-2A7F-4603-9F9A-A40F0F32DD3F}
2012-02-21 06:13 - 2012-02-21 06:13 - 0000000 ____D C:\Users\Tim\AppData\Local\{D3CCD9E7-B6A1-4395-AA1A-5E7C54C03CD1}
2012-02-21 06:13 - 2012-02-21 06:13 - 0000000 ____D C:\Users\Tim\AppData\Local\{36FDE84D-2258-476A-82E4-C405023A2C51}
2012-02-20 22:57 - 2012-02-20 22:57 - 0000000 ____D C:\Users\Tim\AppData\Local\{892F9CE4-AFB2-4A0C-86F4-74FFEAB9AFE6}
2012-02-20 22:57 - 2012-02-20 22:56 - 0000000 ____D C:\Users\Tim\AppData\Local\{B3FD1726-E115-44C6-8403-FE900F0BD8F1}
2012-02-20 22:43 - 2010-07-22 23:41 - 0000000 ___HD C:\ProgramData\Recovery
2012-02-20 21:42 - 2012-02-20 21:42 - 0002776 ____A C:\{053783FF-A8CE-4243-B19D-8676D95FC1CB}
2012-02-20 21:34 - 2012-02-20 21:34 - 0002368 ____A C:\{F09126DD-1B2A-42A7-AF0E-90F2848AAEA3}
2012-02-20 07:28 - 2012-02-20 07:28 - 0000000 ____D C:\Users\Tim\AppData\Local\{0E8DBE07-5A2E-4C47-9464-CA129C4FA691}
2012-02-20 07:28 - 2012-02-20 07:28 - 0000000 ____D C:\Users\Tim\AppData\Local\{09E7F3D0-D295-471A-A89C-DA8F4362BAC5}
2012-02-19 16:54 - 2012-02-19 16:53 - 0000000 ____D C:\Users\Tim\AppData\Local\{E0768CC4-B08B-486C-9F83-B1AC4857C450}
2012-02-19 16:53 - 2012-02-19 16:53 - 0000000 ____D C:\Users\Tim\AppData\Local\{7568EF21-C6D4-4D93-8E06-EB6BF8DDF6D8}
2012-02-19 08:13 - 2012-02-19 08:13 - 0000000 ____D C:\Users\Tim\AppData\Local\{8CFF0642-14D7-4398-8DA4-4A1F1D3556D4}
2012-02-19 08:12 - 2012-02-19 08:12 - 0000000 ____D C:\Users\Tim\AppData\Local\{359BA579-5B3A-4BD3-AE67-04B66FB85487}
2012-02-18 18:38 - 2012-02-18 18:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{DBEB3248-ED72-4E84-A379-12229D1689EA}
2012-02-18 18:37 - 2012-02-18 18:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{08BA95C3-6E27-4E31-9746-D7CC7D220C8A}
2012-02-18 07:38 - 2012-02-18 07:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{DFD36E02-002E-4C47-A99E-264CF2E84AC0}
2012-02-18 07:38 - 2012-02-18 07:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{1015BC92-EFD4-49C7-9AD8-40738D724F74}
2012-02-17 18:26 - 2012-02-17 18:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{74942E2A-B210-46BB-BE6A-4EB58F3352CD}
2012-02-17 18:26 - 2012-02-17 18:25 - 0000000 ____D C:\Users\Tim\AppData\Local\{44EBB315-45AD-4F95-B20E-790865639B36}
2012-02-17 14:42 - 2012-02-17 14:42 - 0000000 ____D C:\Users\Tim\AppData\Local\{8E4D762B-6129-4D87-86D5-38D1F0188FAD}
2012-02-17 14:42 - 2012-02-17 14:42 - 0000000 ____D C:\Users\Tim\AppData\Local\{404D91CF-4944-464B-AA74-6CE3C90E53A4}
2012-02-17 06:06 - 2012-02-17 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{EEB1BB26-01F8-47A0-BE74-1A91ED123E71}
2012-02-17 06:05 - 2012-02-17 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{CD3F959D-15E4-436E-8ADA-CF4B7A30A537}
2012-02-16 20:29 - 2012-02-16 20:29 - 0000000 ____D C:\Users\Tim\AppData\Local\{B9B447F0-610A-40EB-99BE-5E90F4577816}
2012-02-16 20:29 - 2012-02-16 20:29 - 0000000 ____D C:\Users\Tim\AppData\Local\{680E7411-A15C-466C-B2B0-CC82B348F708}
2012-02-16 14:10 - 2012-02-16 14:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{FDB5A71D-D679-4A6D-AF50-F802DE61060B}
2012-02-16 14:10 - 2012-02-16 14:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{95D7ED74-AB98-44F2-B32B-346A06696214}
2012-02-16 06:03 - 2012-02-16 06:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{B22A9ABE-9745-4E87-AFB7-E928AC83A019}
2012-02-16 06:03 - 2012-02-16 06:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{4EC48EAD-9B4A-4309-B5E4-EBAD7940DAE0}
2012-02-16 06:01 - 2010-07-21 05:43 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 18:33 - 2012-02-15 18:33 - 0106263 ____A C:\Users\Tim\Downloads\harvestingliabilityenglish.pdf
2012-02-15 16:40 - 2012-02-15 16:40 - 0000000 ____D C:\Users\Tim\AppData\Local\{8A356AE5-29B3-4036-9004-224A8406234F}
2012-02-15 16:40 - 2012-02-15 16:39 - 0000000 ____D C:\Users\Tim\AppData\Local\{5E826CD9-04D6-4853-A052-0BB7B203C6BB}
2012-02-15 15:02 - 2012-02-15 15:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{CD940A22-0DDD-465B-B8BA-F0BA46D0FE94}
2012-02-15 15:02 - 2012-02-15 15:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{A5231564-964E-4484-BEAE-53A945F40B76}
2012-02-15 06:04 - 2012-02-15 06:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{B6EF34FF-F7F5-4AD7-90B9-570F70593C4E}
2012-02-15 06:04 - 2012-02-15 06:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{903892A1-36EF-4B4A-974D-A33EC28CD77D}
2012-02-15 06:03 - 2010-10-02 20:29 - 0000174 ___SH C:\Users\Tim\Start Menu\Programs\Startup\desktop.ini
2012-02-15 06:03 - 2010-10-02 20:29 - 0000174 ___SH C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-14 20:36 - 2010-10-19 20:26 - 0001423 ____A C:\Users\Tim\Desktop\confirmation tienda.txt
2012-02-14 20:23 - 2012-02-14 20:23 - 0000000 ____D C:\Users\Tim\AppData\Local\{D4DBDF1D-3D4B-4E3C-AA88-4DE50C15ADA6}
2012-02-14 20:23 - 2012-02-14 20:22 - 0000000 ____D C:\Users\Tim\AppData\Local\{4BE73084-641A-49B0-868E-3AFCBEB26442}
2012-02-14 20:20 - 2009-07-13 20:45 - 0433784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-14 17:41 - 2009-07-13 21:08 - 0032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-14 17:38 - 2010-10-21 16:24 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-14 14:19 - 2012-02-14 14:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{395F7EA8-26C2-4643-AA71-5FA04B905AF2}
2012-02-14 14:19 - 2012-02-14 14:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{64B2FD85-7FCF-42B6-9A4E-5D6CF1A0C4EB}
2012-02-14 14:19 - 2012-02-05 06:13 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-14 06:02 - 2012-02-14 06:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{F3C7A1C7-95AA-434C-BB48-FC236FC9722A}
2012-02-14 06:02 - 2012-02-14 06:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{277E9DB5-DF88-4EDC-835C-F9CB736F049F}
2012-02-14 06:01 - 2010-07-22 22:43 - 0517682 ____A C:\Windows\PFRO.log
2012-02-13 12:37 - 2012-02-13 12:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{58884724-C4C6-4EB3-86A0-07135725F993}
2012-02-13 12:37 - 2012-02-13 12:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{0B667B58-7C1F-4017-8650-1092B0467DE4}
2012-02-13 12:17 - 2012-02-08 21:04 - 0005300 ____A C:\Users\Tim\Desktop\RegBackup.reg
2012-02-13 11:43 - 2012-02-13 11:43 - 1176240 ____A (LogMeIn, Inc.) C:\Users\Tim\Downloads\Support-LogMeInRescue (2).exe
2012-02-13 07:19 - 2012-02-13 07:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{EA549D6C-448E-4A4D-B84A-7E27D410ED7E}
2012-02-13 07:19 - 2012-02-13 07:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{9E6C7EC3-E3DB-40E0-A381-3795FCF94646}
2012-02-12 22:16 - 2012-02-12 22:16 - 0000000 ____D C:\Users\Tim\AppData\Local\{FE5CF8D4-0660-40E2-97CF-FA8EDAAB9152}
2012-02-12 22:16 - 2012-02-12 22:16 - 0000000 ____D C:\Users\Tim\AppData\Local\{365BDBFE-7A07-4956-9D05-F0E1CD04273A}
2012-02-12 22:14 - 2012-02-12 22:14 - 1198734029 ____A C:\Windows\MEMORY.DMP
2012-02-12 22:14 - 2012-02-12 22:14 - 0274768 ____A C:\Windows\Minidump\021212-24538-01.dmp
2012-02-12 22:14 - 2012-02-12 22:14 - 0000000 ____D C:\Windows\Minidump
2012-02-12 14:33 - 2012-02-12 14:33 - 0000000 ____D C:\Users\Tim\AppData\Local\{44DE5467-08AA-441B-8490-878A5E86F00A}
2012-02-12 14:33 - 2012-02-12 14:32 - 0000000 ____D C:\Users\Tim\AppData\Local\{AA00BB99-8BA1-4557-8D04-A9C57FDEBDB6}
2012-02-12 07:11 - 2012-02-12 07:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{71630943-ECB8-484B-98EC-C758F1D98681}
2012-02-12 07:10 - 2012-02-12 07:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{604226BA-DF85-4E4E-A3CD-D4E26EE408F4}
2012-02-11 23:57 - 2012-02-11 22:27 - 3993042 ____A C:\Windows\ntbtlog.txt
2012-02-11 22:24 - 2012-02-11 22:24 - 0000000 ____D C:\Users\Tim\AppData\Local\{A3D46A6F-7CAD-45B3-99DF-F6AC4E1DB4A5}
2012-02-11 18:07 - 2012-02-11 18:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{3B06855F-5B66-40BA-8974-322C3E0F9CDC}
2012-02-11 18:06 - 2012-02-11 18:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{36210DD4-D09D-48F8-B9AE-55B4E5E8D140}
2012-02-11 08:00 - 2012-02-11 08:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{B36669B7-DA73-4355-8937-AF2E9CB0AF9A}
2012-02-11 08:00 - 2012-02-11 08:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{3E16EAC5-5D54-45C0-94DA-5D006CFF6094}
2012-02-10 22:04 - 2011-12-10 12:47 - 0000000 ____D C:\Program Files (x86)\raidcall
2012-02-10 21:52 - 2012-02-10 21:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{DF5EAFAA-E537-4840-B83F-3D921312C001}
2012-02-10 21:52 - 2012-02-10 21:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{9AE07710-91F7-4CE7-B4DB-942BAC99F8AE}
2012-02-10 14:35 - 2012-02-10 14:35 - 0000000 ____D C:\Users\Tim\AppData\Local\{1CA1077F-03FF-4BC9-9015-9ED11E85AFE4}
2012-02-10 14:35 - 2012-02-10 14:35 - 0000000 ____D C:\Users\Tim\AppData\Local\{08B416C8-3906-4E34-817F-49E600FA3535}
2012-02-10 06:06 - 2012-02-10 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{5EB52FFE-AB9F-49F2-B4B5-4C8575D52774}
2012-02-10 06:06 - 2012-02-10 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{C37F462A-D034-4647-96CE-745BF5BF59D8}
2012-02-09 18:29 - 2012-02-09 18:29 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-1.60.1.1000.exe
2012-02-09 18:29 - 2012-02-09 18:29 - 0001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-09 18:29 - 2012-02-09 18:29 - 0000000 ____D C:\Users\Tim\AppData\Local\{8B9BCB06-13B8-433E-838A-C64BEA62BBC4}
2012-02-09 18:29 - 2012-02-01 16:23 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-09 18:14 - 2012-02-09 18:14 - 0001167 ____A C:\Users\Tim\Desktop\TalonPatch.exe - Shortcut.lnk
2012-02-09 18:04 - 2012-02-09 18:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{7E7F1672-1265-4FFB-817A-24FA3E98FCFA}
2012-02-09 18:04 - 2012-02-09 18:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{494CECE2-87AF-4BF6-90EB-B910C16F68C5}
2012-02-09 18:01 - 2012-02-02 18:23 - 0000000 ____D C:\NBRT
2012-02-09 16:06 - 2012-02-02 17:53 - 0001380 ____A C:\Users\Tim\Desktop\Norton Installation Files.lnk
2012-02-09 16:05 - 2012-02-09 16:05 - 0815312 ____A (Symantec Corporation) C:\Users\Tim\Downloads\NBRT-Retail-Downloader (1).exe
2012-02-09 16:04 - 2012-02-09 16:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{15443512-9A66-4A89-B033-2A73582754A3}
2012-02-09 16:04 - 2012-02-09 16:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{1FF57F01-3696-464B-B6ED-D07CDB200A59}
2012-02-09 16:01 - 2012-02-02 17:55 - 0000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-02-09 16:01 - 2010-12-29 22:23 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-02-09 16:00 - 2011-04-15 14:13 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-02-09 16:00 - 2010-12-29 22:22 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2012-02-09 16:00 - 2010-10-02 20:29 - 0000000 ____D C:\Users\Tim\AppData\LocalLow
2012-02-09 15:52 - 2012-02-09 15:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{8EC3F627-BED6-45E5-A9E7-A882EC0A9CD1}
2012-02-09 15:52 - 2012-02-09 15:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{47521F42-24F3-4493-B3A4-659B53E71C34}
2012-02-09 15:48 - 2012-02-02 17:55 - 0000000 ____D C:\Windows\System32\Drivers\NBRTWizardx64
2012-02-09 15:21 - 2012-01-27 09:43 - 0000000 ____D C:\Users\Tim\AppData\Local\NPE
2012-02-09 15:19 - 2012-02-09 15:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{AAC90BFC-B105-442D-88CA-1E98855BE1E2}
2012-02-09 15:05 - 2012-02-09 15:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{B68DEFDD-CAA6-4151-BBCE-E886D84F000A}
2012-02-09 15:04 - 2012-02-09 15:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{EF40922E-ECB0-4232-B26D-4B49AC6BFFA4}
2012-02-09 14:58 - 2012-02-09 14:58 - 2804808 ____A (Symantec Corporation) C:\Users\Tim\Downloads\NPE (1).exe
2012-02-09 14:53 - 2012-02-09 14:52 - 1766312 ____A (Symantec Corporation) C:\Users\Tim\Desktop\FixZeroAccess.exe
2012-02-09 14:52 - 2012-02-09 14:52 - 1766312 ____A (Symantec Corporation) C:\Users\Tim\Downloads\FixZeroAccess.exe
2012-02-09 14:45 - 2012-02-09 14:45 - 1176240 ____A (LogMeIn, Inc.) C:\Users\Tim\Downloads\Support-LogMeInRescue (1).exe
2012-02-09 14:32 - 2012-02-09 14:31 - 0000000 ____D C:\Users\Tim\AppData\Local\{61DDD23D-BB45-4417-9112-DA43E0C0E93F}
2012-02-09 14:31 - 2012-02-09 14:31 - 0000000 ____D C:\Users\Tim\AppData\Local\{A2DCF338-711A-430F-9A55-1612DEB5E9B0}
2012-02-09 14:29 - 2012-02-09 14:29 - 1932256 ____A (Symantec Corporation) C:\Users\Tim\Downloads\FixTDSS (1).exe
2012-02-09 14:29 - 2012-02-09 14:29 - 0027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-02-09 14:29 - 2012-02-09 14:29 - 0000000 ____D C:\Users\Tim\AppData\Roaming\FixTDSS
2012-02-09 14:19 - 2012-02-09 14:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{55303AA8-525D-4704-B65E-F73279CD60AA}
2012-02-09 14:19 - 2012-02-09 14:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{3BDADF61-83BE-4E89-8C7C-4A0A56CDDF86}
2012-02-09 14:07 - 2012-02-09 14:07 - 1932256 ____A (Symantec Corporation) C:\Users\Tim\Downloads\FixTDSS.exe
2012-02-09 14:04 - 2012-02-09 14:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{537CDB81-C188-49BF-8B90-8F1EB43BE94C}
2012-02-09 14:04 - 2012-02-09 14:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{0D826F21-5402-49E3-9453-048B94094FAB}
2012-02-09 14:03 - 2012-02-08 20:39 - 0002458 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-02-09 06:06 - 2012-02-09 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{94FA6DBC-0FD4-4CD5-B0FD-C542BFFA8AA7}
2012-02-09 06:06 - 2012-02-09 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{32FFA726-FAA6-483B-B6FB-8A2AFAE4A5BF}
2012-02-08 21:21 - 2010-10-02 21:45 - 0000000 ____D C:\Users\Tim\Desktop\Timmy
2012-02-08 21:13 - 2012-02-08 21:13 - 0000000 ____D C:\Users\Tim\AppData\Local\{7A3CCC59-CA6A-4429-9574-BDB7329C1EF3}
2012-02-08 21:13 - 2012-02-08 21:12 - 0000000 ____D C:\Users\Tim\AppData\Local\{28B6B993-E35D-48B9-9324-56979FC5D31B}
2012-02-08 21:09 - 2012-02-08 21:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{DAD5CCB6-D6B1-478F-ADA5-FCD204087DEC}
2012-02-08 21:09 - 2012-02-08 21:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{1BCA55E3-FF15-4E3C-96D2-25E76B2A0081}
2012-02-08 21:05 - 2012-02-08 21:05 - 0122616 ____A C:\Users\Tim\Desktop\BFE.reg
2012-02-08 21:02 - 2012-02-08 21:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{B0D7AE5C-77F7-4324-A0D1-AE79DEA1A8BC}
2012-02-08 21:02 - 2012-02-08 21:01 - 0000000 ____D C:\Users\Tim\AppData\Local\{A9B49E87-749E-4CEA-87DF-13E97A6B0D17}
2012-02-08 20:51 - 2012-02-08 20:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{8B612A31-416A-4490-8839-EA1CE2D6EF37}
2012-02-08 20:50 - 2012-02-08 20:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{AD4D82F9-875C-4F4B-B973-92F088E658C0}
2012-02-08 20:39 - 2012-02-08 20:39 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-02-08 20:39 - 2012-02-08 20:39 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-02-08 20:39 - 2012-02-08 20:39 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-02-08 20:39 - 2010-12-29 22:23 - 0000000 ____D C:\Program Files\Symantec
2012-02-08 20:38 - 2010-07-21 05:47 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-02-08 20:37 - 2012-02-08 20:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{B6B0DC9E-F593-4441-95FC-044453666319}
2012-02-08 20:37 - 2012-02-08 20:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{1C0AB7AE-BA7E-480E-8F0A-7ECA59C47B11}
2012-02-08 20:32 - 2012-02-08 20:30 - 122260984 ____A (Symantec Corporation) C:\Users\Tim\Downloads\N360-ESD-18-6-0-29-EN.exe
2012-02-08 20:32 - 2010-12-29 22:22 - 0000000 ____D C:\Program Files (x86)\Norton 360
2012-02-08 20:31 - 2012-02-08 20:31 - 0920384 ____A C:\Users\Tim\Downloads\Norton_Removal_Tool.exe
2012-02-08 20:25 - 2012-02-08 20:25 - 1176240 ____A (LogMeIn, Inc.) C:\Users\Tim\Downloads\Support-LogMeInRescue.exe
2012-02-08 19:41 - 2012-02-08 19:41 - 0000000 ____D C:\Users\Tim\AppData\Local\{C0F21AB4-D55E-46DB-A86C-B51A7F81AEC0}
2012-02-08 19:41 - 2012-02-08 19:41 - 0000000 ____D C:\Users\Tim\AppData\Local\{6B3FDFF2-8885-4D8E-B9A0-2A11E006FE05}
2012-02-08 19:39 - 2012-02-08 19:39 - 2804808 ____A (Symantec Corporation) C:\Users\Tim\Downloads\NPE.exe
2012-02-08 19:32 - 2012-02-08 19:32 - 0000000 ____D C:\Users\Tim\AppData\Local\{BB8B2D2F-778F-4F9D-8214-BD77198AC1A1}
2012-02-08 19:32 - 2012-02-08 19:32 - 0000000 ____D C:\Users\Tim\AppData\Local\{9D842716-BDD0-454A-9540-DC4EA6B3747E}
2012-02-08 17:59 - 2012-02-08 17:59 - 0000000 ____D C:\Users\Tim\AppData\Local\{42E98AE5-DF17-47BE-A2EA-2606BA48E781}
2012-02-08 17:59 - 2012-02-08 17:58 - 0000000 ____D C:\Users\Tim\AppData\Local\{59DB98E6-E155-4F75-830D-9E37FE766B8F}
2012-02-08 17:26 - 2012-02-08 17:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{BF1A5437-FF4A-43D1-A883-91B99C0BA03F}
2012-02-08 17:26 - 2012-02-08 17:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{15BBF309-EA77-48FD-B646-FDCD88FFB444}
2012-02-08 14:15 - 2012-02-08 14:15 - 0000000 ____D C:\Users\Tim\AppData\Local\{AEB813EA-FC70-4E88-BD08-F21A346E363C}
2012-02-08 14:15 - 2012-02-08 14:15 - 0000000 ____D C:\Users\Tim\AppData\Local\{05FEEBB6-C8F8-40C8-A038-66B63C33E855}
2012-02-08 06:05 - 2012-02-08 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{78691FDE-6A00-49D6-9A5D-160305B94F46}
2012-02-08 06:05 - 2012-02-08 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{7704DB92-3DE1-40C4-A9EA-599EDA86D270}
2012-02-07 16:11 - 2012-02-07 16:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{C01157F6-70DE-4BF1-92F7-1929ACFE5B64}
2012-02-07 16:11 - 2012-02-07 16:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{AE1BF0D7-03D4-4773-856B-7D01D407CC1F}
2012-02-07 06:08 - 2012-02-07 06:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{C8AF71A7-6612-46B7-8A7A-63659CD31D08}
2012-02-07 06:07 - 2012-02-07 06:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{88716A26-17E3-47AB-8F4F-1CFCC3C3F63D}
2012-02-06 18:42 - 2012-02-06 18:42 - 0000000 ____D C:\Users\Tim\AppData\Local\{89CDA367-C822-46B6-BDE1-486DE8BFAFB7}
2012-02-06 18:42 - 2012-02-06 18:42 - 0000000 ____D C:\Users\Tim\AppData\Local\{77618018-F431-4CD5-93C8-69948268C1D7}
2012-02-06 14:10 - 2012-02-06 14:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{7DE3531A-2CC7-4E6D-A605-228EA4AC8637}
2012-02-06 14:10 - 2012-02-06 14:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{1FD842BD-3414-4781-BB8C-51AF8B22FBD1}
2012-02-06 06:02 - 2012-02-06 06:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{D036A572-A7AA-485C-8051-9EE1B2702CCC}
2012-02-06 06:02 - 2012-02-06 06:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{CAD0098B-2351-44B9-9B66-6852FD08AE3C}
2012-02-05 11:46 - 2012-02-05 11:46 - 0000000 ____D C:\Users\Tim\AppData\Local\{FF603550-2B16-4851-B821-57F395355A4A}
2012-02-05 11:46 - 2012-02-05 11:46 - 0000000 ____D C:\Users\Tim\AppData\Local\{462279F7-B652-41C9-9D97-FBDCEB0D5BB4}
2012-02-05 05:09 - 2012-02-05 05:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{33910A9B-8B0F-4F5F-AF57-F79253CE0B55}
2012-02-05 05:09 - 2012-02-05 05:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{1FC645A1-03D3-4942-A4A2-95A79A1F9DE5}
2012-02-04 18:39 - 2012-02-04 18:39 - 0000000 ____D C:\Users\Tim\AppData\Local\{833F0A84-F17C-43CD-B987-62BC98ECA3E2}
2012-02-04 18:39 - 2012-02-04 18:39 - 0000000 ____D C:\Users\Tim\AppData\Local\{6B786AFF-3517-460F-BAB0-2795B2086821}
2012-02-04 06:50 - 2012-02-04 06:50 - 0000000 ____A C:\ProgramData\K2Ds85.dat
2012-02-04 06:41 - 2012-02-04 06:41 - 0000000 ____D C:\Users\Tim\AppData\Local\{AA0FDEA3-7DC8-41CE-AE29-F5816FFC823E}
2012-02-04 06:41 - 2012-02-04 06:41 - 0000000 ____D C:\Users\Tim\AppData\Local\{636B91D4-B04C-4FF8-8353-4FEB440C8030}
2012-02-03 20:50 - 2012-02-03 20:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{DDE2CA5C-0CC5-4D0A-90A1-18A51FBAA3A7}
2012-02-03 20:50 - 2012-02-03 20:49 - 0000000 ____D C:\Users\Tim\AppData\Local\{61DEFBCF-AA0C-447C-94A9-D424F92C8099}
2012-02-03 16:10 - 2011-11-18 17:12 - 0000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-02-03 16:00 - 2012-02-03 16:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{D31477EF-C9A7-43ED-9A82-3D7FFD404D96}
2012-02-03 16:00 - 2012-02-03 16:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{454729B1-5F43-493A-9CC5-15E228084060}
2012-02-03 06:18 - 2012-02-03 06:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{D097CCB4-8708-4410-9463-3E64D87E1B4B}
2012-02-03 06:18 - 2012-02-03 06:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{29B62D5E-C69F-402D-BC9E-B9D7D5569DAC}
2012-02-02 18:26 - 2012-02-02 18:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{D957CBC4-C9F5-4B71-9021-426972CDAC47}
2012-02-02 18:26 - 2012-02-02 18:25 - 0000000 ____D C:\Users\Tim\AppData\Local\{620BF49F-5B26-4AB3-9F1A-23BAAA6BBC3F}
2012-02-02 18:15 - 2012-02-02 18:15 - 0000000 ____D C:\Users\Tim\AppData\Local\{EFA24E6B-51FF-4F3D-92F6-664D8B87BC23}
2012-02-02 18:15 - 2012-02-02 18:15 - 0000000 ____D C:\Users\Tim\AppData\Local\{6AA0C1D7-5E52-4A9B-AA99-79F773BA14BB}
2012-02-02 18:08 - 2012-02-02 18:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{DF64AB63-DCD3-48FF-B0F5-1B9BACB7C5E7}
2012-02-02 18:08 - 2012-02-02 18:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{468F3536-01AA-4569-9AB1-BBB3F86F35E2}
2012-02-02 17:56 - 2012-02-02 17:56 - 0001499 ____A C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
2012-02-02 17:53 - 2012-01-27 09:34 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-02-02 17:52 - 2012-02-02 17:52 - 0815312 ____A (Symantec Corporation) C:\Users\Tim\Downloads\NBRT-Retail-Downloader.exe
2012-02-02 17:48 - 2012-02-02 17:48 - 0000000 ____D C:\Users\Tim\AppData\Local\{45BF4C77-E8B7-420F-964C-B8832C70B9A1}
2012-02-02 17:45 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-02-02 15:58 - 2012-02-02 15:58 - 0000000 ____D C:\Users\Tim\AppData\Local\{67B4C802-7976-4223-9B2E-4E9701FD27E2}
2012-02-02 15:58 - 2012-02-02 15:58 - 0000000 ____D C:\Users\Tim\AppData\Local\{58CC7520-04F0-43F1-985F-E03305C82FB7}
2012-02-02 15:52 - 2012-02-02 15:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{F6F17627-281A-4767-BFA1-FE7AB6A8A80E}
2012-02-02 15:52 - 2012-02-02 15:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{1D578613-21E7-467C-9796-5F646958F202}
2012-02-02 06:04 - 2012-02-02 06:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{61D5DB75-2D9E-4F58-A713-76359D299A25}
2012-02-02 06:04 - 2012-02-02 06:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{4911BF57-7A59-409A-AA6D-F6B7248EA486}
2012-02-01 22:30 - 2012-02-01 22:30 - 0000000 ____D C:\Users\Tim\AppData\Local\{A12DA924-CCDE-4732-AA4A-51763A61CB29}
2012-02-01 22:30 - 2012-02-01 22:30 - 0000000 ____D C:\Users\Tim\AppData\Local\{463E5D51-E467-4206-9C73-63F88A2CCE7B}
2012-02-01 22:06 - 2012-02-01 22:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{40C02339-088D-49C8-9EA5-647568E81D96}
2012-02-01 22:05 - 2012-02-01 22:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{36F64E95-915D-4ABF-BFA6-BDBE64C00277}
2012-02-01 16:35 - 2012-02-01 16:35 - 0000000 ____D C:\Users\Tim\AppData\Local\{C14BCE6D-224F-42E8-9184-5FEEB8DD2D34}
2012-02-01 16:35 - 2012-02-01 16:35 - 0000000 ____D C:\Users\Tim\AppData\Local\{3BCEC4B0-2BB9-4D9A-8112-42D9522E4EF3}
2012-02-01 16:23 - 2012-02-01 16:17 - 0000312 ____A C:\rkill.log
2012-02-01 16:22 - 2012-02-01 16:22 - 0000000 ____D C:\Users\Tim\AppData\Local\{FADB93C3-7904-4BEB-9E1A-2C5728D19B91}
2012-02-01 16:22 - 2012-02-01 16:22 - 0000000 ____D C:\Users\Tim\AppData\Local\{ECCE1818-9A7B-4126-89D7-0FFBADBF542C}
2012-02-01 16:18 - 2012-02-01 16:18 - 0000000 ____D C:\Users\Tim\AppData\Roaming\Malwarebytes
2012-02-01 16:18 - 2012-02-01 16:18 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-01 14:11 - 2012-02-01 14:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{B28F67A1-8699-461B-B949-39DDCDCCA01C}
2012-02-01 14:11 - 2012-02-01 14:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{89EAF84F-0435-40D1-A809-A719B540127E}
2012-02-01 06:07 - 2012-02-01 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{C3752545-A4E7-45A1-9F37-6D64A1577817}
2012-02-01 06:06 - 2012-02-01 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{AB2E020F-EB7A-4C5C-8ED9-E34D9E41BA0F}
2012-01-31 15:48 - 2012-01-31 15:48 - 0000000 ____D C:\Users\Tim\AppData\Local\{38BC50E7-0E60-4F7A-881C-408A14B6E9B4}
2012-01-31 15:48 - 2012-01-31 15:48 - 0000000 ____D C:\Users\Tim\AppData\Local\{30055816-C01C-4329-99F2-DD4E2AD0A863}
2012-01-31 06:03 - 2012-01-31 06:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{BE1D3A72-58E3-4874-B686-A917BAB39E43}
2012-01-31 06:03 - 2012-01-31 06:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{63993435-0FD0-4C98-A4E4-3F62658A9195}
2012-01-30 19:37 - 2012-01-30 19:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{94BFAB18-6440-46F4-A2EB-CD8DA4917651}
2012-01-30 19:37 - 2012-01-30 19:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{2AC9A069-BE15-4300-9CCC-1EC33D7840FD}
2012-01-30 13:50 - 2012-01-30 13:49 - 0000000 ____D C:\Users\Tim\AppData\Local\{0FF6DF27-D0C0-4190-96A2-31DCE16C33EC}
2012-01-30 13:49 - 2012-01-30 13:49 - 0000000 ____D C:\Users\Tim\AppData\Local\{D39CEB46-DE4C-479F-B802-B925612E1721}
2012-01-30 06:04 - 2012-01-30 06:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{6D12C352-BE58-456D-B37D-76A9BD3A21B6}
2012-01-30 06:04 - 2012-01-30 06:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{510905E7-D7AF-4DC3-86A0-4FA9F34E5E04}
2012-01-29 23:11 - 2012-01-29 23:11 - 0013315 ____A C:\Users\Tim\Downloads\Board Meeting 1-21.docx
2012-01-29 16:28 - 2012-01-29 16:25 - 205959446 ____A C:\Users\Tim\Downloads\2012_01_29TalonROWoE.mp4
2012-01-29 16:20 - 2012-01-29 16:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{AE98C8F5-5C54-4052-8407-0B4EE44CAC2C}
2012-01-29 16:20 - 2012-01-29 16:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{0181306F-9B15-45DA-BB56-B946A38BE804}
2012-01-29 06:38 - 2012-01-29 06:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{9A2749BE-78AE-4865-8F6B-FA397215F921}
2012-01-29 06:38 - 2012-01-29 06:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{927BD391-4363-4791-9BCA-4301874ADD44}
2012-01-28 17:42 - 2012-01-28 17:42 - 0000000 ____D C:\Users\Tim\AppData\Local\{C6819C31-D37F-4CF1-9924-2FC6F05F311B}
2012-01-28 04:05 - 2012-01-28 04:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{1E8A607A-8928-463E-8556-3F568169D461}
2012-01-27 19:18 - 2012-01-27 19:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{69F09EEF-13C5-4366-9D0F-AC9783E0E0BB}
2012-01-27 19:18 - 2012-01-27 19:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{2DE39127-5903-496D-BD8D-A54F24A856E2}
2012-01-27 19:12 - 2012-01-27 19:12 - 0000000 ____D C:\Users\Tim\AppData\Local\{FAEF2B35-9571-49E0-8249-D258E37F2283}
2012-01-27 19:12 - 2012-01-27 19:12 - 0000000 ____D C:\Users\Tim\AppData\Local\{AE257FB0-9FFB-48DE-B23F-815EEAA162C0}
2012-01-27 19:09 - 2010-05-06 14:31 - 0000000 ___HD C:\SYSTEM.SAV
2012-01-27 19:08 - 2011-04-17 18:51 - 0000000 ____D C:\Users\Tim\Desktop\Hinh Graduation anh Thao
2012-01-27 19:08 - 2011-04-07 14:37 - 0000000 ____D C:\Users\Tim\AppData\Roaming\Azureus
2012-01-27 19:08 - 2011-04-07 14:36 - 0000000 ____D C:\Users\Tim\AppData\Local\Conduit
2012-01-27 19:08 - 2011-03-13 17:37 - 0000000 ____D C:\2Wire_DSL_Setup_Tool
2012-01-27 19:08 - 2011-01-19 22:29 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-01-27 19:08 - 2011-01-16 22:08 - 0000000 ____D C:\Users\Tim\AppData\Roaming\teamspeak2
2012-01-27 19:08 - 2010-11-14 11:38 - 0000000 ____D C:\Users\Tim\AppData\Roaming\GetRightToGo
2012-01-27 19:08 - 2010-10-14 03:55 - 0000000 ____D C:\pRO
2012-01-27 19:08 - 2010-10-07 20:23 - 0000000 ____D C:\Users\Tim\AppData\Roaming\Ventrilo
2012-01-27 19:08 - 2010-10-06 15:10 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-01-27 19:08 - 2010-10-06 15:09 - 0000000 ____D C:\ProgramData\Yahoo!
2012-01-27 19:08 - 2010-10-02 21:30 - 0000000 ____D C:\Users\Tim\AppData\Local\Hewlett-Packard
2012-01-27 19:08 - 2010-10-02 20:30 - 0000000 ____D C:\Users\Tim\AppData\Roaming\PictureMover
2012-01-27 19:08 - 2010-10-02 20:29 - 0000000 ____D C:\Users\Tim\AppData\Local\HuluDesktop
2012-01-27 19:08 - 2010-07-21 05:33 - 0000000 ____D C:\ProgramData\WildTangent
2012-01-27 19:08 - 2010-07-21 05:21 - 0000000 ____D C:\Program Files (x86)\Hp
2012-01-27 19:08 - 2010-07-21 05:15 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2012-01-27 19:08 - 2010-04-16 19:30 - 0000000 RASHD C:\HP
2012-01-27 19:04 - 2011-01-10 16:32 - 0000000 ____D C:\Users\Tim\AppData\Local\Microsoft Games
2012-01-27 19:04 - 2010-11-26 21:52 - 0000000 ____D C:\Users\Tim\AppData\Roaming\ElementalsTheMagicKey
2012-01-27 19:04 - 2010-10-07 19:30 - 0000000 ____D C:\Users\Tim\AppData\Local\Adobe
2012-01-27 19:04 - 2010-10-06 15:10 - 0000000 ____D C:\Users\Tim\AppData\Roaming\Yahoo!
2012-01-27 19:04 - 2010-10-05 21:14 - 0000000 ____D C:\Users\Tim\AppData\Roaming\Mozilla
2012-01-27 19:04 - 2010-10-05 21:14 - 0000000 ____D C:\Users\Tim\AppData\Local\Mozilla
2012-01-27 19:04 - 2010-10-02 21:39 - 0000000 ____D C:\Users\Tim\AppData\Roaming\Adobe
2012-01-27 19:04 - 2010-10-02 20:29 - 0000000 ____D C:\Users\Tim\AppData\Local\VirtualStore
2012-01-27 19:04 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-01-27 19:03 - 2009-07-24 17:45 - 0000000 ___AD C:\swsetup
2012-01-27 19:02 - 2011-05-21 13:22 - 0000000 ____D C:\ProgramData\Skype
2012-01-27 19:02 - 2010-07-21 05:47 - 0000000 ____D C:\ProgramData\NortonInstaller
2012-01-27 19:02 - 2010-07-21 05:33 - 0000000 ____D C:\ProgramData\PictureMover
2012-01-27 19:02 - 2010-07-21 05:28 - 0000000 ____D C:\ProgramData\Uninstall
2012-01-27 19:02 - 2010-07-21 05:20 - 0000000 ____D C:\ProgramData\PC-Doctor for Windows
2012-01-27 19:02 - 2010-07-21 05:18 - 0000000 ____D C:\ProgramData\Ralink Driver
2012-01-27 19:01 - 2011-01-02 00:10 - 0000000 ____D C:\ProgramData\Apple Computer
2012-01-27 19:01 - 2011-01-02 00:09 - 0000000 ____D C:\ProgramData\Apple
2012-01-27 19:01 - 2010-10-07 19:35 - 0000000 ____D C:\ProgramData\Adobe
2012-01-27 19:01 - 2010-07-21 05:28 - 0000000 ____D C:\ProgramData\Macrovision
2012-01-27 19:01 - 2010-07-21 05:27 - 0000000 ____D C:\ProgramData\CyberLink
2012-01-27 12:58 - 2012-01-27 12:57 - 0000000 ____D C:\Users\Tim\AppData\Local\{49707957-F89F-4DF5-889C-DB25D599909B}
2012-01-27 12:57 - 2012-01-27 12:57 - 0000000 ____D C:\Users\Tim\AppData\Local\{AE03C398-FD96-45D4-842C-95481761E1EF}
2012-01-27 09:31 - 2012-01-27 09:31 - 0000000 ____D C:\Users\Tim\AppData\Local\{03896E97-05F1-48A2-972C-C1AF86CF004A}
2012-01-27 09:31 - 2012-01-27 09:28 - 0000000 ____D C:\Users\Tim\AppData\Local\{DB6286EB-2842-42B7-A6CB-15D5D657A1B2}
2012-01-27 09:21 - 2012-01-27 09:21 - 0000000 ____D C:\ProgramData\NortonRnR
2012-01-27 09:07 - 2012-01-27 09:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{F29CFFC6-05AC-490B-90F9-8030184269FB}
2012-01-27 09:07 - 2012-01-27 09:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{E9651A1A-5BBF-4B41-865C-65A8841C34F7}
2012-01-27 09:00 - 2012-01-27 09:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{B0FBDCAB-F70B-4137-9EA9-F660AA6536B5}
2012-01-27 09:00 - 2012-01-27 09:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{0E979BEC-E374-4BD9-BC33-A783A27B55AD}
2012-01-27 08:57 - 2012-01-27 08:57 - 4282529 ____A C:\Users\Tim\Downloads\RMS 08-23-2010.rar
2012-01-27 08:53 - 2012-01-27 08:53 - 0000000 ____D C:\Users\Tim\AppData\Local\{D7E1B513-62D5-462B-A01E-43FC37C8AB4D}
2012-01-27 08:53 - 2012-01-27 08:53 - 0000000 ____D C:\Users\Tim\AppData\Local\{0167413F-A468-485B-8ABC-74C03B3E5ED5}
2012-01-27 08:06 - 2012-01-27 08:06 - 0000000 ____D C:\Users\Tim\Documents\Symantec
2012-01-27 08:05 - 2012-01-27 08:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{A0C8E51E-68BE-49D9-81EF-001CC1C6B950}
2012-01-27 08:05 - 2012-01-27 08:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{4B3F50AE-E747-45D9-9EFD-680D21A7B088}
2012-01-26 23:35 - 2012-01-26 23:35 - 0000000 ____D C:\Users\Tim\AppData\Roaming\Tific
2012-01-26 23:35 - 2012-01-26 23:35 - 0000000 ____D C:\Users\Tim\AppData\Local\Symantec
2012-01-26 23:25 - 2012-01-26 23:25 - 0000000 ____D C:\Users\Tim\AppData\Local\{1FC88773-EFF9-4FD6-8D99-F3D038D4C823}
2012-01-26 23:25 - 2012-01-26 23:25 - 0000000 ____D C:\Users\Tim\AppData\Local\{19B09430-5F26-425A-B9B1-30CF1735E8CB}
2012-01-26 22:48 - 2012-01-26 22:45 - 0000440 ___AH C:\ProgramData\ig5Mrh5XHl0khX
2012-01-26 22:46 - 2012-01-26 22:46 - 0000280 ___AH C:\ProgramData\~ig5Mrh5XHl0khX
2012-01-26 22:46 - 2012-01-26 22:46 - 0000192 ___AH C:\ProgramData\~ig5Mrh5XHl0khXr
2012-01-26 20:50 - 2012-01-26 20:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{C6C63A37-21D1-47A6-A0DC-FA6EB1125AB5}
2012-01-26 20:50 - 2012-01-26 20:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{1B4E6C0D-887F-4DB3-AFF1-BDAB54CB274E}
2012-01-26 11:24 - 2012-01-26 11:24 - 0000000 ____D C:\Users\Tim\AppData\Local\{47C0EAEC-706F-4114-862B-D34D7F5BC706}
2012-01-26 11:24 - 2012-01-26 11:24 - 0000000 ____D C:\Users\Tim\AppData\Local\{1C652CA0-3863-44A4-9B98-02504476ED6C}
2012-01-26 06:41 - 2012-01-26 06:41 - 0000000 ____D C:\Users\Tim\AppData\Local\{E28D1806-992B-4F6F-98EB-D1713A86E004}
2012-01-26 06:41 - 2012-01-26 06:41 - 0000000 ____D C:\Users\Tim\AppData\Local\{54203624-13FE-44DA-9CB9-2AFD3D445906}
2012-01-25 12:39 - 2012-01-25 12:39 - 0000000 ____D C:\Users\Tim\AppData\Local\{EE04133D-5B07-43EB-A386-D7A6B34580F3}
2012-01-25 12:39 - 2012-01-25 12:39 - 0000000 ____D C:\Users\Tim\AppData\Local\{619DDF02-3A78-4E6E-8D50-519A40584639}
2012-01-25 06:05 - 2012-01-25 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{F27463BD-61B0-4571-966B-F6D498E6BC96}
2012-01-25 06:05 - 2012-01-25 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{93E3C80F-FA63-4F88-BDE3-E75722502DE1}
2012-01-24 14:18 - 2012-01-24 14:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{D0809E1D-A0A1-438C-AF4F-E45868A47003}
2012-01-24 14:18 - 2012-01-24 14:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{20A0EE7A-FB11-45E6-9F7D-8D4E15992174}
2012-01-24 06:12 - 2012-01-24 06:12 - 0000000 ____D C:\Users\Tim\AppData\Local\{4B2D2865-21E9-42F7-914D-C81AB361AB7A}
2012-01-24 06:12 - 2012-01-24 06:12 - 0000000 ____D C:\Users\Tim\AppData\Local\{14DE3744-A4EC-4BDA-9B79-80EEBF758125}
2012-01-23 14:03 - 2012-01-23 14:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{7DDA0B5F-A20A-4B5C-9537-C4729AD2DC06}
2012-01-23 14:03 - 2012-01-23 14:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{05714E4D-2FA4-4E50-B846-72208FB71027}
2012-01-23 06:15 - 2012-01-23 06:15 - 0000000 ____D C:\Users\Tim\AppData\Local\{C9645236-CD62-4C02-B1D1-875F59DBF3E6}
2012-01-23 06:15 - 2012-01-23 06:14 - 0000000 ____D C:\Users\Tim\AppData\Local\{A68FA0DB-CF30-437C-96F0-D833E8158C93}
2012-01-22 11:00 - 2012-01-22 10:59 - 0000000 ____D C:\Users\Tim\AppData\Local\{4A1361C7-5A84-48B0-9448-402627C4A5DB}
2012-01-22 10:59 - 2012-01-22 10:59 - 0000000 ____D C:\Users\Tim\AppData\Local\{C987B906-DDDA-4AF1-8DA6-6BE8A10610F6}
2012-01-22 07:39 - 2012-01-22 07:39 - 0000000 ____D C:\Users\Tim\AppData\Local\{B443D730-93CE-4BF7-95A3-4A8244A2999C}
2012-01-22 07:39 - 2012-01-22 07:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{A108AAA6-3722-4FED-A472-53043BF1A1EB}
2012-01-21 14:11 - 2012-01-21 14:11 - 0000000 ____D C:\Windows\system64
2012-01-21 14:11 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-01-21 09:07 - 2012-01-21 09:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{59C38F28-3E37-4322-BEAE-96093CF781CB}
2012-01-21 09:07 - 2012-01-21 09:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{19BCD870-4AFD-457E-8D93-FAF38A92AEA8}
2012-01-20 20:11 - 2012-01-20 20:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{B5F6AFB5-A3C4-416F-95DE-01A9BD11A8D8}
2012-01-20 20:11 - 2012-01-20 20:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{0817F94B-36E2-443F-AA8C-438BD21F2FDA}
2012-01-20 14:07 - 2012-01-20 14:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{F9C0E90A-0D64-4EE0-8EFF-9B325215A472}
2012-01-20 14:07 - 2012-01-20 14:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{F7B14AA8-094F-44F5-935E-8024BF6F6322}
2012-01-20 06:06 - 2012-01-20 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{935EEF3B-ACFA-499A-95EF-3226DBEF159C}
2012-01-20 06:06 - 2012-01-20 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{6A64ECBB-38A6-4666-A313-423A8BF8C8A4}
2012-01-19 17:06 - 2012-01-18 21:11 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-01-19 14:09 - 2012-01-19 14:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{E1331648-7D59-429E-BCE9-B5E6D5C2D65E}
2012-01-19 14:09 - 2012-01-19 14:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{75DC2B9D-FC0D-4802-8DED-44BE6FC61E6C}
2012-01-19 05:58 - 2012-01-19 05:58 - 0000000 ____D C:\Users\Tim\AppData\Local\{BD0FB3CC-101A-4890-A938-D94472F62D0A}
2012-01-19 05:58 - 2012-01-19 05:58 - 0000000 ____D C:\Users\Tim\AppData\Local\{B6AE3428-41F9-46DE-B286-D24C45E16A1A}
2012-01-18 21:11 - 2012-01-18 21:11 - 0000000 ____D C:\Windows\System32\Macromed
2012-01-18 17:55 - 2012-01-18 17:55 - 0000000 ____D C:\Users\Tim\AppData\Local\{B6A50EBA-1B06-493C-9FE0-7A22EAF507C3}
2012-01-18 17:55 - 2012-01-18 17:55 - 0000000 ____D C:\Users\Tim\AppData\Local\{1D2D245E-0208-4454-AB40-16EC0F56B045}
2012-01-18 06:10 - 2012-01-18 06:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{4B3D22AA-2EC7-477D-833D-4FE3BFE5D492}
2012-01-18 06:10 - 2012-01-18 06:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{2122D6FA-18F5-421C-9295-BA30EEC197A8}
2012-01-17 19:04 - 2012-01-17 19:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{C488B12F-75DB-48D7-A74F-C59DAFD0883D}
2012-01-17 19:04 - 2012-01-17 19:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{36F22D12-4AAA-48CA-A6A3-CDEF56A66F7F}
2012-01-17 14:52 - 2012-01-17 14:51 - 0000000 ____D C:\Users\Tim\AppData\Local\{449689CB-5C34-472C-B1E4-3C96B4FD91BE}
2012-01-17 14:51 - 2012-01-17 14:51 - 0000000 ____D C:\Users\Tim\AppData\Local\{B44C8DC9-506F-4525-AFB3-B38A946C9B4D}
2012-01-17 06:10 - 2012-01-17 06:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{ECE6442C-5D75-4682-ACC2-BD36396F668B}
2012-01-17 06:10 - 2012-01-17 06:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{5EA09BDA-481F-44F4-A6B5-AD76FCFDCD37}
2012-01-16 07:50 - 2012-01-16 07:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{ADEF5EFD-2073-46DB-B2C3-B036846D73CA}
2012-01-16 07:50 - 2012-01-16 07:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{55539AD2-2ACF-4217-B84E-5B7847F2EA75}
2012-01-15 07:38 - 2012-01-15 07:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{9C5DE63C-EC0D-42E1-8263-A51E40543107}
2012-01-15 07:38 - 2012-01-15 07:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{67AC25A5-C063-4E76-9B9E-385ECF1DFE07}
2012-01-14 17:44 - 2012-01-14 17:44 - 0000000 ____D C:\Users\Tim\AppData\Local\{F7D7900C-5095-47BB-AFE5-F7E08CA441C9}
2012-01-14 17:44 - 2012-01-14 17:44 - 0000000 ____D C:\Users\Tim\AppData\Local\{D6C3DA04-63B3-410D-905B-0717FC53F0D6}
2012-01-14 08:21 - 2011-04-07 14:36 - 0000000 ____D C:\Program Files (x86)\Vuze_Remote
2012-01-14 08:12 - 2012-01-14 08:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{A2AB6EB3-A7F8-4F73-820C-D58F3BA26277}
2012-01-14 08:11 - 2012-01-14 08:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{C4443F8C-2138-42FF-9F1F-F5A515DC1276}
2012-01-13 20:02 - 2012-02-14 14:26 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-13 15:28 - 2012-01-13 15:28 - 0000000 ____D C:\Users\Tim\AppData\Local\{21D86485-F5EB-4FCE-B3E4-83A03F0CFC34}
2012-01-13 15:28 - 2012-01-13 15:28 - 0000000 ____D C:\Users\Tim\AppData\Local\{04F636F1-F9DA-4270-BABA-84CE11F30F5E}
2012-01-13 05:56 - 2012-01-13 05:56 - 0000000 ____D C:\Users\Tim\AppData\Local\{D4A3FF9E-8614-4E7A-BA4D-1DF754C3DBA5}
2012-01-13 05:56 - 2012-01-13 05:56 - 0000000 ____D C:\Users\Tim\AppData\Local\{9BC6AB09-1FC4-4810-BD80-B1228376FF37}
2012-01-12 16:20 - 2012-01-12 16:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{8360DE0D-2BBB-4D03-AEA9-AEDB500884F6}
2012-01-12 16:20 - 2012-01-12 16:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{1D741E1B-FA75-4EAC-8D00-B935442BC3C5}
2012-01-12 06:08 - 2012-01-12 06:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{7BDDF1FC-0416-420B-AD11-3FBDC4D63030}
2012-01-12 06:08 - 2012-01-12 06:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{45FF4ADF-5A6D-43FC-9AA0-4668AAFF544D}
2012-01-11 16:54 - 2012-01-11 16:53 - 0000000 ____D C:\Users\Tim\AppData\Local\{E6E0C3C6-2232-4AB4-ADEB-CC9E035977CF}
2012-01-11 16:53 - 2012-01-11 16:53 - 0000000 ____D C:\Users\Tim\AppData\Local\{966F78D4-73F2-4AAB-9167-01D4F7EC1C0E}
2012-01-11 06:05 - 2012-01-11 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{E4E08936-BC71-47F8-A82C-744F07159515}
2012-01-11 06:05 - 2012-01-11 06:05 - 0000000 ____D C:\Users\Tim\AppData\Local\{5E208E5C-0408-4AFC-889B-507E14F8BA94}
2012-01-10 14:21 - 2012-01-10 14:21 - 0000000 ____D C:\Users\Tim\AppData\Local\{4044D697-43DA-4029-AE20-C87A62232C80}
2012-01-10 14:21 - 2012-01-10 14:21 - 0000000 ____D C:\Users\Tim\AppData\Local\{2DB46B62-DD9C-4719-BE47-27F103A6644F}
2012-01-10 06:01 - 2012-01-10 06:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{A2F79E07-7458-4447-85E3-E82F8F34E335}
2012-01-10 06:00 - 2012-01-10 06:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{1277809D-C66A-4C20-91E5-66AAE8E4B454}
2012-01-09 17:34 - 2012-01-09 17:34 - 0000000 ____D C:\Users\Tim\AppData\Local\{2A1FC597-6F36-43F4-9A8A-A4401067B173}
2012-01-09 17:34 - 2012-01-09 17:34 - 0000000 ____D C:\Users\Tim\AppData\Local\{27E7AF75-36D7-4B45-A594-1ECA65BE4FFD}
2012-01-09 06:01 - 2012-01-09 06:01 - 0000000 ____D C:\Users\Tim\AppData\Local\{91FCCE9A-2DC7-4699-A58F-0DF394C14C66}
2012-01-09 06:01 - 2012-01-09 06:01 - 0000000 ____D C:\Users\Tim\AppData\Local\{7C43813F-5BEE-4E26-B7A4-95515A8C1214}
2012-01-08 19:18 - 2012-01-08 19:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{8E0AC7AC-29F3-4DFA-98B6-308D66C3E7DB}
2012-01-08 19:18 - 2012-01-08 19:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{5D991865-AD88-4660-A66D-9FEA8AEEA289}
2012-01-08 13:20 - 2012-01-08 13:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{CC8CFE45-ACDB-4013-A6CF-4AF38F950052}
2012-01-08 13:20 - 2012-01-08 13:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{645DC099-C9DE-4586-B1BE-50E99E99F28E}
2012-01-08 07:32 - 2012-01-08 07:32 - 0000000 ____D C:\Users\Tim\AppData\Local\{7D68DD4F-E741-4DFD-A7F4-503942A85325}
2012-01-08 07:32 - 2012-01-08 07:32 - 0000000 ____D C:\Users\Tim\AppData\Local\{20C87FF6-47D1-48EA-A33B-AE2F9B0088CF}
2012-01-07 21:12 - 2012-01-07 21:12 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-01-07 21:03 - 2012-01-07 21:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{52AC72ED-2207-42CB-A2B6-CB66F77CE304}
2012-01-07 21:03 - 2012-01-07 21:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{06D1EF0F-D5AE-43C7-9729-E32CCE2F9426}
2012-01-07 08:19 - 2012-01-07 08:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{A8927792-4BA0-4A51-9A85-E3EA79D191B2}
2012-01-07 08:19 - 2012-01-07 08:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{AE8B3998-FA09-416B-B756-6B49DD84F0CE}
2012-01-06 09:11 - 2012-01-06 09:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{EEBE72DD-2F71-417F-91EB-13725A0A5B40}
2012-01-06 09:10 - 2012-01-06 09:10 - 0000000 ____D C:\Users\Tim\AppData\Local\{EA3C8026-D4D6-4627-82A7-9A21B085C46B}
2012-01-05 15:57 - 2012-01-05 15:57 - 0000000 ____D C:\Users\Tim\AppData\Local\{9F5B24F2-6465-4072-A518-B18E59570F65}
2012-01-05 15:57 - 2012-01-05 15:57 - 0000000 ____D C:\Users\Tim\AppData\Local\{0C46C6BE-F1F4-49A7-AFFB-324EEC5F0D67}
2012-01-05 07:33 - 2012-01-05 07:33 - 0000000 ____D C:\Users\Tim\AppData\Local\{EFA4507D-2013-48CD-A1A8-A10B58E6B59A}
2012-01-05 07:33 - 2012-01-05 07:33 - 0000000 ____D C:\Users\Tim\AppData\Local\{0D63F1D7-3F1D-4661-A1B4-5605CBD8ABDF}
2012-01-04 05:40 - 2012-01-04 05:40 - 0000000 ____D C:\Users\Tim\AppData\Local\{1D5D513D-6076-41A2-B909-5889A751FB90}
2012-01-04 05:40 - 2012-01-04 05:40 - 0000000 ____D C:\Users\Tim\AppData\Local\{0F0B87B7-50D4-4172-8D77-53762451FCA6}
2012-01-04 01:59 - 2012-02-14 14:26 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 01:58 - 2012-02-14 14:26 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 01:03 - 2012-02-14 14:26 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 01:03 - 2012-02-14 14:26 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-03 19:54 - 2012-01-03 19:54 - 0000000 ____D C:\Users\Tim\AppData\Local\{552F944F-0EC0-4624-B1B0-53D5245F4FE4}
2012-01-03 19:54 - 2012-01-03 19:54 - 0000000 ____D C:\Users\Tim\AppData\Local\{37EF543E-E34A-4FFC-891E-CC9FCD41C13B}
2012-01-03 05:44 - 2012-01-03 05:43 - 0000000 ____D C:\Users\Tim\AppData\Local\{96A8D6F1-1132-448A-B51A-7E5413020250}
2012-01-03 05:43 - 2012-01-03 05:43 - 0000000 ____D C:\Users\Tim\AppData\Local\{54968668-A3D1-415A-B6F9-328D0E74F537}
2012-01-02 22:24 - 2012-02-14 14:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-01-02 21:44 - 2012-02-14 14:26 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-01-02 16:40 - 2012-01-02 16:40 - 0000000 ____D C:\Users\Tim\AppData\Local\Google
2012-01-02 16:40 - 2012-01-02 16:40 - 0000000 ____D C:\Program Files (x86)\Google
2012-01-02 16:39 - 2012-01-02 16:39 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-01-02 16:39 - 2010-07-21 05:14 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-01-02 16:39 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-01-02 09:56 - 2012-01-02 09:56 - 0000000 ____D C:\Users\Tim\AppData\Local\{F0614DD7-A3BD-4649-95A0-416413E57953}
2012-01-02 09:56 - 2012-01-02 09:56 - 0000000 ____D C:\Users\Tim\AppData\Local\{DD3969CB-9124-41CC-A7F2-578E3EBE1665}
2012-01-01 17:57 - 2012-01-01 17:57 - 0000000 ____D C:\Users\Tim\AppData\Local\{D5C1E731-C38F-49C0-A1EF-54B4642F7B2D}
2012-01-01 17:57 - 2012-01-01 17:57 - 0000000 ____D C:\Users\Tim\AppData\Local\{6EA43310-D82C-4997-A0C1-AEB5D110FA3B}
2012-01-01 06:21 - 2012-01-01 06:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{0D68F517-175E-4760-85E6-7FC2D4C5FE28}
2012-01-01 06:20 - 2012-01-01 06:20 - 0000000 ____D C:\Users\Tim\AppData\Local\{67D42171-0831-49D4-A06F-6940BFF0180B}
2011-12-31 06:49 - 2011-12-31 06:48 - 0000000 ____D C:\Users\Tim\AppData\Local\{BC50D02E-6532-48BF-B991-78DA5ADFA561}
2011-12-31 06:48 - 2011-12-31 06:48 - 0000000 ____D C:\Users\Tim\AppData\Local\{1FD09109-D84C-48B5-B952-9EEB170B5907}
2011-12-30 20:45 - 2011-05-18 14:22 - 0001940 ____A C:\Users\Tim\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2011-12-30 05:16 - 2011-12-30 05:16 - 0000000 ____D C:\Users\Tim\AppData\Local\{62CA56CD-A196-48B0-90BB-37976B56E884}
2011-12-30 05:16 - 2011-12-30 05:16 - 0000000 ____D C:\Users\Tim\AppData\Local\{1969F5B1-47DC-4C04-964B-A37BAF6A7AEC}
2011-12-29 19:38 - 2011-12-29 19:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{D38237B2-97BF-4F80-9DDA-A41CBC4FE668}
2011-12-29 19:37 - 2011-12-29 19:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{FED0C1AE-7AEA-4FD3-B7FF-E2C966E51F9A}
2011-12-29 07:00 - 2011-12-29 07:00 - 0000000 ____D C:\Users\Tim\AppData\Local\{31A4BEA4-D222-487F-B8FC-D7F5FED40137}
2011-12-29 06:59 - 2011-12-29 06:59 - 0000000 ____D C:\Users\Tim\AppData\Local\{BF135E4D-54B3-498A-9878-E284F9054FEE}
2011-12-28 05:35 - 2011-12-28 05:34 - 0000000 ____D C:\Users\Tim\AppData\Local\{E22EA46A-AD4D-4F12-919D-9A109ABE2825}
2011-12-28 05:34 - 2011-12-28 05:34 - 0000000 ____D C:\Users\Tim\AppData\Local\{6BF1BE38-04FF-4288-A527-31F900564079}
2011-12-27 19:59 - 2012-02-14 14:26 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-27 08:47 - 2011-12-27 08:47 - 0000000 ____D C:\Program Files (x86)\AhnLab
2011-12-27 07:47 - 2011-12-27 07:46 - 0000000 ____D C:\Users\Tim\AppData\Local\{46E1D9BA-370A-4C1E-932B-0ABCC99EB8F2}
2011-12-27 07:46 - 2011-12-27 07:46 - 0000000 ____D C:\Users\Tim\AppData\Local\{445B50C2-AF97-47AB-9353-545FBB05EFB2}
2011-12-26 22:42 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-12-26 13:39 - 2011-12-26 13:39 - 0000000 ____D C:\Users\Tim\AppData\Local\{B4D50002-B234-48CB-9838-6244C87BFA43}
2011-12-26 13:39 - 2011-12-26 13:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{AEE17A9B-CF8B-41C5-8664-45226F98EC55}
2011-12-26 07:55 - 2011-12-26 07:55 - 0000000 ____D C:\Users\Tim\AppData\Local\{7B4DEE1E-3C09-4777-A4E8-CF2781A2BCA4}
2011-12-26 07:55 - 2011-12-26 07:55 - 0000000 ____D C:\Users\Tim\AppData\Local\{1A2E3697-0451-4A54-8BBB-C82C7D94DC9B}
2011-12-25 15:40 - 2011-12-25 15:40 - 0000000 ____D C:\Users\Tim\AppData\Local\{89F4B874-3A2E-4696-BCBA-6198725EFECD}
2011-12-25 15:40 - 2011-12-25 15:40 - 0000000 ____D C:\Users\Tim\AppData\Local\{80C90828-E713-4612-856C-4373F5A48205}
2011-12-25 07:51 - 2011-12-25 07:51 - 0000000 ____D C:\Users\Tim\AppData\Local\{F5EA1E83-D8D0-4D12-AE8E-1B159ABFD5A0}
2011-12-25 07:51 - 2011-12-25 07:51 - 0000000 ____D C:\Users\Tim\AppData\Local\{186719E4-DD99-457C-B4D7-74455352A83F}
2011-12-24 11:26 - 2011-12-24 11:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{9E345056-1527-4C2B-A9B4-0058C292CC2F}
2011-12-24 11:26 - 2011-12-24 11:25 - 0000000 ____D C:\Users\Tim\AppData\Local\{354EEAE0-A178-4117-BB7B-9553848CFCD2}
2011-12-23 16:38 - 2011-12-23 16:38 - 0000000 ____D C:\Users\Tim\AppData\Local\{B28EED09-8271-444F-B959-8AF819A1597B}
2011-12-23 06:10 - 2011-12-23 06:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{96D97288-AAD4-4D84-A044-03202BA1F9CA}
2011-12-23 06:09 - 2011-12-23 06:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{8DD9B265-AA80-4982-8857-0589E7602071}
2011-12-22 16:12 - 2011-12-22 16:12 - 0000000 ____D C:\Users\Tim\AppData\Local\{F2CE53B6-B31C-4838-A648-5828C6B886CF}
2011-12-22 05:54 - 2011-12-22 05:54 - 0000000 ____D C:\Users\Tim\AppData\Local\{670DA12E-4F4B-45C4-8BD3-2BECE6608870}
2011-12-22 05:54 - 2011-12-22 05:54 - 0000000 ____D C:\Users\Tim\AppData\Local\{5CD69570-3AE6-40FC-B393-EB7DEC745E32}
2011-12-21 14:01 - 2011-12-21 14:01 - 0000000 ____D C:\Users\Tim\AppData\Local\{2A1674D0-E0B8-4BB5-9340-E9708CBD204C}
2011-12-21 00:49 - 2010-10-05 21:14 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-12-21 00:21 - 2011-12-21 00:21 - 0013844 ____A C:\Users\Tim\Desktop\Human Anatomy.docx
2011-12-20 22:51 - 2011-12-20 22:51 - 0000000 ____D C:\Users\Tim\AppData\Local\{26CD381A-4858-4721-9C67-C0C6AD7F0054}
2011-12-20 22:50 - 2011-12-20 22:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{2BA52A86-7598-461F-8546-181BD89E4C77}
2011-12-20 21:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-20 14:03 - 2011-12-20 14:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{1553CE56-415A-4CF4-A7E2-B6976F76FE2D}
2011-12-20 14:02 - 2011-12-20 14:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{151F59A8-A339-488E-A619-3B6E946E0FE6}
2011-12-20 05:52 - 2011-12-20 05:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{ECB54C2B-4144-49EB-A710-AFFFB7057B53}
2011-12-20 05:52 - 2011-12-20 05:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{710A36E3-1F9C-4255-BD32-2311702F9E28}
2011-12-19 16:00 - 2011-12-19 15:59 - 0000000 ____D C:\Users\Tim\AppData\Local\{BE032E73-BDEC-4993-8B0C-1239C1454720}
2011-12-19 15:59 - 2011-12-19 15:59 - 0000000 ____D C:\Users\Tim\AppData\Local\{287BDF14-3B19-4BAD-84B4-B2E31DF9D475}
2011-12-19 06:27 - 2011-12-19 06:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{2495C06C-38EF-4DA8-81C2-56B03BEB3774}
2011-12-19 06:26 - 2011-12-19 06:26 - 0000000 ____D C:\Users\Tim\AppData\Local\{608EDFDE-C979-454D-BD3C-04EB27375EE4}
2011-12-18 21:04 - 2011-12-18 21:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{7F968CF2-96F8-4542-A3CA-10C242BE5321}
2011-12-18 21:04 - 2011-12-18 21:04 - 0000000 ____D C:\Users\Tim\AppData\Local\{2EFCE14A-51A5-4206-91D6-69EA0552F747}
2011-12-18 07:53 - 2011-12-18 07:53 - 0000000 ____D C:\Users\Tim\AppData\Local\{FFFBE3A7-464D-4FF9-9DE2-F1FEB0B8EFAE}
2011-12-18 07:53 - 2011-12-18 07:53 - 0000000 ____D C:\Users\Tim\AppData\Local\{4D83BEF6-1D21-42FE-8138-284F60C6DD1A}
2011-12-17 07:09 - 2011-12-17 07:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{C4A5AF08-5BD5-412B-9CF1-EE25220408CB}
2011-12-17 07:09 - 2011-12-17 07:09 - 0000000 ____D C:\Users\Tim\AppData\Local\{BADF785B-761A-4178-BCFD-D4CCB438067B}
2011-12-16 14:50 - 2011-12-16 14:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{A766C5CB-69C3-430D-B071-04978AD42393}
2011-12-16 14:50 - 2011-12-16 14:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{6DB3FAD7-4453-4305-9D4B-5ADC67906355}
2011-12-16 06:06 - 2011-12-16 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{C4061FE0-E580-45A2-8ED0-4F205FFCD047}
2011-12-16 06:06 - 2011-12-16 06:06 - 0000000 ____D C:\Users\Tim\AppData\Local\{2F0C9178-88D2-47F5-9B51-98BF8358FBEB}
2011-12-16 00:45 - 2012-02-14 14:26 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-16 00:45 - 2012-02-14 14:26 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-16 00:45 - 2012-02-14 14:26 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-16 00:42 - 2012-02-14 14:26 - 9335296 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-16 00:42 - 2012-02-14 14:26 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-12-16 00:42 - 2012-02-14 14:26 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-12-16 00:42 - 2012-02-14 14:26 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-16 00:42 - 2012-02-14 14:26 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-16 00:42 - 2012-02-14 14:26 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-12-16 00:41 - 2012-02-14 14:26 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-16 00:41 - 2012-02-14 14:26 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-12-16 00:40 - 2012-02-14 14:26 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-16 00:40 - 2012-02-14 14:26 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-16 00:40 - 2012-02-14 14:26 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-12-16 00:40 - 2012-02-14 14:26 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-12-16 00:40 - 2012-02-14 14:26 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-16 00:38 - 2012-02-14 14:26 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-12-16 00:02 - 2012-02-14 14:26 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-16 00:02 - 2012-02-14 14:26 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-16 00:02 - 2012-02-14 14:26 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-15 23:59 - 2012-02-14 14:26 - 5999104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-15 23:59 - 2012-02-14 14:26 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 23:59 - 2012-02-14 14:26 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-12-15 23:59 - 2012-02-14 14:26 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-12-15 23:59 - 2012-02-14 14:26 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-15 23:59 - 2012-02-14 14:26 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-12-15 23:58 - 2012-02-14 14:26 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-15 23:58 - 2012-02-14 14:26 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-15 23:58 - 2012-02-14 14:26 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-12-15 23:58 - 2012-02-14 14:26 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-12-15 23:58 - 2012-02-14 14:26 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-15 23:58 - 2012-02-14 14:26 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-15 23:58 - 2012-02-14 14:26 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-12-15 23:56 - 2012-02-14 14:26 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-12-15 23:26 - 2012-02-14 14:26 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-12-15 22:49 - 2012-02-14 14:26 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-12-15 22:43 - 2012-02-14 14:26 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-15 22:15 - 2012-02-14 14:26 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-15 15:48 - 2011-12-15 15:48 - 0000000 ____D C:\Users\Tim\AppData\Local\{97D3FA7C-B59A-4CD7-B80D-4A607DC52A8D}
2011-12-15 15:48 - 2011-12-15 15:47 - 0000000 ____D C:\Users\Tim\AppData\Local\{A788B73C-EBE8-472F-B7B5-C9B1C44F94E0}
2011-12-15 06:19 - 2011-12-15 06:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{E6069D1E-60DA-4FFE-A837-D6B25340978C}
2011-12-15 06:19 - 2011-12-15 06:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{58B43AED-FA48-4527-A5DE-0E54441382F3}
2011-12-14 18:35 - 2011-12-14 18:35 - 0000927 ____A C:\Users\Tim\Desktop\Eden Eternal.lnk
2011-12-14 06:08 - 2011-12-14 06:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{DFC6B5D6-E6AC-4C62-9BB7-7CAE127DB31C}
2011-12-14 06:08 - 2011-12-14 06:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{0C8C316E-A05C-4FF0-BF9F-8710D3E5132A}
2011-12-13 14:02 - 2011-12-13 14:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{5AA327A0-9B6E-4574-8942-F710F03DEF5E}
2011-12-13 06:08 - 2011-12-13 06:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{2EC9BF66-75A5-42AB-BC2B-6106BC6E3338}
2011-12-13 06:08 - 2011-12-13 06:08 - 0000000 ____D C:\Users\Tim\AppData\Local\{220BF1D8-37DA-4103-BE8C-959188817806}
2011-12-12 06:20 - 2011-12-12 06:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{BDD74F62-97E2-4913-AD54-D86E2EC16668}
2011-12-12 06:19 - 2011-12-12 06:19 - 0000000 ____D C:\Users\Tim\AppData\Local\{DD293606-C8A1-4351-8968-B409A01AC57B}
2011-12-12 00:40 - 2011-12-12 00:40 - 2328534 ____A C:\Users\Tim\AppData\Local[j0007]-[p03].bmp
2011-12-12 00:40 - 2011-12-12 00:40 - 2328534 ____A C:\Users\Tim\AppData\Local[j0007]-[p02].bmp
2011-12-12 00:40 - 2011-12-12 00:40 - 2328534 ____A C:\Users\Tim\AppData\Local[j0007]-[p01].bmp
2011-12-11 22:09 - 2011-12-10 14:37 - 0260596 ____A C:\Users\Tim\Desktop\Bridges Sample.docx
2011-12-11 09:33 - 2011-12-11 09:33 - 0000047 ____A C:\AUTOEXEC.BAT
2011-12-11 07:44 - 2011-12-11 07:44 - 0000000 ____D C:\Users\Tim\AppData\Local\{D67CFC10-1D33-4E6F-9391-39A6D6CDF276}
2011-12-11 07:44 - 2011-12-11 07:44 - 0000000 ____D C:\Users\Tim\AppData\Local\{B145ABBB-989D-413F-BEA2-54855221C542}
2011-12-10 15:24 - 2012-02-09 18:29 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-10 12:47 - 2011-12-10 12:47 - 0000973 ____A C:\Users\Tim\Desktop\RaidCall.lnk
2011-12-10 08:37 - 2011-12-10 08:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{EE34D626-0B5C-4DCE-A5F4-5528DFA501BE}
2011-12-10 08:37 - 2011-12-10 08:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{BD0399F6-D0D8-4BA4-BB03-5D92980D8877}
2011-12-09 20:35 - 2011-12-09 20:35 - 0015033 ____A C:\Users\Tim\Desktop\Sign Quest.docx
2011-12-09 14:24 - 2011-12-09 14:24 - 0000000 ____D C:\Users\Tim\AppData\Local\{D55772D3-81BE-41A5-9CBD-0A3848F5B073}
2011-12-09 14:24 - 2011-12-09 14:24 - 0000000 ____D C:\Users\Tim\AppData\Local\{83C9A48E-1D9F-4335-8861-0BA8BD895A8F}
2011-12-09 06:18 - 2011-12-09 06:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{94D83353-ACE3-4DB2-BBC6-9E77432D5B85}
2011-12-09 06:18 - 2011-12-09 06:18 - 0000000 ____D C:\Users\Tim\AppData\Local\{3BB3C1EE-C125-4A3F-9F2C-6CBE5B881861}
2011-12-08 16:27 - 2011-12-08 16:27 - 0000000 ____D C:\Users\Tim\AppData\Local\{E6B8A428-52CA-45B3-9312-644BF4420BAF}
2011-12-08 16:27 - 2011-12-08 16:27 - 0000000 ____D C:\Users\Tim\AppData\Local\{E04EF923-CB5D-43E9-860F-48EF8781A7EC}
2011-12-08 06:21 - 2011-12-08 06:21 - 0000000 ____D C:\Users\Tim\AppData\Local\{F5AB2000-B146-42AC-AA77-B6B520978439}
2011-12-08 06:21 - 2011-12-08 06:21 - 0000000 ____D C:\Users\Tim\AppData\Local\{6BADA695-70F7-4F76-AA3C-0CE07C1FFB80}
2011-12-07 17:53 - 2011-12-07 17:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{8227E4F5-2151-41F2-963A-149CA5591B5D}
2011-12-07 17:52 - 2011-12-07 17:52 - 0000000 ____D C:\Users\Tim\AppData\Local\{8EB48219-CE45-463B-A462-C8F1E0DD71DE}
2011-12-07 06:24 - 2011-12-07 06:24 - 0000000 ____D C:\Users\Tim\AppData\Local\{2C3BD105-E81C-49A2-A510-519FA808E3B3}
2011-12-07 06:24 - 2011-12-07 06:23 - 0000000 ____D C:\Users\Tim\AppData\Local\{537751F8-C73F-4B7A-A391-C5FF53B48235}
2011-12-06 14:36 - 2011-12-06 14:35 - 0000000 ____D C:\Users\Tim\AppData\Local\{82A627A3-6E57-4BC7-AE46-60DAFFF8F52C}
2011-12-06 14:35 - 2011-12-06 14:35 - 0000000 ____D C:\Users\Tim\AppData\Local\{A87963B1-EBA1-41E3-AF7F-0805C47F935E}
2011-12-06 06:12 - 2011-12-06 06:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{A36A4EB9-7DA4-4720-B6FE-40EC8D81E95B}
2011-12-06 06:11 - 2011-12-06 06:11 - 0000000 ____D C:\Users\Tim\AppData\Local\{5485FACD-E07F-4633-A1ED-1C6B21DF9D69}
2011-12-05 16:03 - 2011-12-05 16:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{9866E50E-7552-4753-B5F0-E61D1A0207F2}
2011-12-05 16:02 - 2011-12-05 16:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{50CAB164-ACD0-42FB-BE33-8B9CC5E2EFE9}
2011-12-05 05:57 - 2011-12-05 05:57 - 0000000 ____D C:\Users\Tim\AppData\Local\{919BCBB6-EA84-4612-91A8-C4FF21F7C038}
2011-12-05 05:57 - 2011-12-05 05:57 - 0000000 ____D C:\Users\Tim\AppData\Local\{3A494118-C386-47A6-B48A-A7FF714E6D50}
2011-12-04 07:07 - 2011-12-04 07:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{E2DB8EE1-EC57-408C-972C-4E962BBBDEEA}
2011-12-04 07:07 - 2011-12-04 07:07 - 0000000 ____D C:\Users\Tim\AppData\Local\{5FDFE171-2ACD-4A7F-9B31-7999C4E58CE4}
2011-12-03 17:23 - 2011-12-03 17:23 - 0000000 ____D C:\Users\Tim\AppData\Local\{89FD4917-9BC2-431C-8C13-B39FC9CCFF65}
2011-12-03 17:23 - 2011-12-03 17:23 - 0000000 ____D C:\Users\Tim\AppData\Local\{32D13B23-6473-40E7-AB1A-1CF681863C1B}
2011-12-03 07:37 - 2011-12-03 07:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{FDBFD2CE-D85B-4381-955A-81BFB3A003DD}
2011-12-03 07:37 - 2011-12-03 07:37 - 0000000 ____D C:\Users\Tim\AppData\Local\{FD98C25F-81EC-4330-A167-3D6EACAE44D8}
2011-12-02 13:49 - 2011-12-02 13:49 - 0000000 ____D C:\Users\Tim\AppData\Local\{D288FBC6-A13F-491B-BB48-03E41C088E75}
2011-12-02 13:49 - 2011-12-02 13:49 - 0000000 ____D C:\Users\Tim\AppData\Local\{0AF54A5B-6AE9-4510-98E3-3A38EC1F6E17}
2011-12-02 06:02 - 2011-12-02 06:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{A18942FC-D605-40F8-B10B-7F0EB154D22C}
2011-12-02 06:02 - 2011-12-02 06:02 - 0000000 ____D C:\Users\Tim\AppData\Local\{33D12C0F-3B4C-430C-ADAA-2F2CDBB093C5}
2011-12-01 15:51 - 2011-12-01 15:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{D79A197E-6A7D-4ED5-81E0-15609015FCEF}
2011-12-01 15:50 - 2011-12-01 15:50 - 0000000 ____D C:\Users\Tim\AppData\Local\{12178C6A-4A26-4281-A7CF-55AC1C0F65E1}
2011-12-01 06:34 - 2011-12-01 06:34 - 0000000 ____D C:\Users\Tim\AppData\Local\{8B03B583-D603-46DB-AB8D-AD6A3344DC18}
2011-12-01 06:34 - 2011-12-01 06:33 - 0000000 ____D C:\Users\Tim\AppData\Local\{0F517ED6-43E7-4840-BB5D-A50412C89CF0}
2011-11-30 14:03 - 2011-11-30 14:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{9FA83CA4-799D-4D9C-8B35-972D369A0D2B}
2011-11-30 14:03 - 2011-11-30 14:03 - 0000000 ____D C:\Users\Tim\AppData\Local\{94A640BB-202C-42A1-B521-0EC91052EB3E}
2011-11-30 07:53 - 2011-11-30 07:53 - 0000000 ____D C:\Users\Tim\AppData\Local\{50421076-D476-4613-9004-88CF3B438005}
2011-11-30 06:30 - 2011-11-30 06:30 - 0000000 ____D C:\Users\Tim\AppData\Local\{786F548F-2CB5-469F-8B21-B3108A43E0E0}
2011-11-30 06:30 - 2011-11-30 06:29 - 0000000 ____D C:\Users\Tim\AppData\Local\{675F4D88-7499-4F6B-A42A-1F59744E31F3}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2011-04-27 00:05] - [2011-02-25 21:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 3831.89 MB
Available physical RAM: 3017.43 MB
Total Pagefile: 3830.04 MB
Available Pagefile: 2983.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:686.72 GB) (Free:591.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.67 GB) (Free:1.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (AT&T Yahoo!) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
4 Drive g: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 141 MB
Disk 1 Online 3824 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 686 GB 101 MB
Partition 3 Primary 11 GB 686 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 686 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 11 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 24 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3823 MB Healthy



==========================================================

Last Boot: 2012-02-20 22:17

======================= End Of Log ==========================

#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:20 PM

Posted 28 February 2012 - 12:47 PM

As suspected, you have the new variant of ZeroAccess.

Please do the following...

•Open Notepad (Start > All Programs > Accessories > Notepad)

•Copy the entire contents of the code box below to Notepad.
•To do this, highlight the contents inside the box, right-click on it, and select: Copy
•Right-click the open Notepad and select: Paste

SubSystems: [Windows] ==> ZeroAccess
2 oracleorahome90agent; C:\Windows\System32\aclient.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\aclient.dll
NETSVC: oracleorahome90agent


In Notepad, go to File > Save as...
Save to: the USB flash drive
In File name use: fixlist.txt
Click: Save

FRST64.exe and fixlist.txt should now be in the flash drive.


•Now, please enter System Recovery Options like you did in Post #2: >>>Restart the computer > select: Command Prompt
•Type g:\frst64.exe, and press: Enter
(Note: Replace the drive letter g with the drive letter of your flash drive!)


•In FRST64, this time press the Fix button.
•The program saves a Fixlog.txt, on the flash drive.
•Click the Command prompt window, type exit, and press: Enter
•Back at the System Recovery Options, press: Restart
•Let the computer boot normally.


Please copy/paste the Fixlog.txt in your reply.

Also, were you able to boot normally to Windows?

[Edited: typo]

Edited by Aaflac, 04 March 2012 - 09:13 PM.

Old duck...


#5 Timmy.

Timmy.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 28 February 2012 - 10:49 PM

Here is the log sir.

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 27-02-2012 01
Ran by SYSTEM at 2012-02-28 19:37:13 R:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
oracleorahome90agent service deleted successfully.
C:\Windows\System32\aclient.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs oracleorahome90agent Deleted successfully.

==== End of Fixlog ====

I'm not sure what you mean by where I can boot Windows normally so I assume you mean when.
For the past week, I couldn't boot normally. It always go to restore and I have to restore then it boots.
However, after I did the steps you just showed, it boots normally.
It's like... MAGIC!

#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:20 PM

Posted 29 February 2012 - 09:21 PM

:thumbup2: Good job!!

Let's press on with the next step to remove other ZeroAccess entries...


Please download an updated version of ComboFix

Save ComboFix.exe to the Desktop!!

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the running of CF.

Note: For information on how to disable protective programs, refer to this link

Windows Seven: Right-click on ComboFix.exe and select 'Run as Administrator'

Click on Yes, to continue scanning for malware.

When finished, CF produces a report.

Please provide a copy of the C:\ComboFix.txt in your reply.


Notes:

1. Please do not mouse-click the ComboFix window while it is running. This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the Internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If ComboFix detects any Rootkit/Bootkit activity it gives a warning and prompts for a reboot. Please allow it to do so.
5. If ComboFix reboots due to a rootkit, the screen may stay black for several minutes on reboot. This is normal.
6. If after running ComboFix you receive any type of warning about Registry keys listed for deletion
when trying to open certain items, reboot the system and this will fix the issue Those items will not be deleted.

Old duck...


#7 Timmy.

Timmy.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 02 March 2012 - 10:32 PM

Here's the log sir.


ComboFix 12-03-02.01 - Tim 03/02/2012 18:55:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3832.2326 [GMT -8:00]
Running from: c:\users\Tim\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\g9fwuhuy.default\extensions\{4aafe4ae-c8f3-4931-8e02-ff36a9cdbd35}
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\g9fwuhuy.default\extensions\{4aafe4ae-c8f3-4931-8e02-ff36a9cdbd35}\chrome.manifest
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\g9fwuhuy.default\extensions\{4aafe4ae-c8f3-4931-8e02-ff36a9cdbd35}\chrome\xulcache.jar
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\g9fwuhuy.default\extensions\{4aafe4ae-c8f3-4931-8e02-ff36a9cdbd35}\defaults\preferences\xulcache.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\g9fwuhuy.default\extensions\{4aafe4ae-c8f3-4931-8e02-ff36a9cdbd35}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 03:22 . 2012-03-03 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 02:52 . 2012-02-28 02:53 -------- d-----w- C:\FRST
2012-02-26 05:33 . 2012-02-26 06:20 -------- d-----w- C:\sh4ldr
2012-02-26 05:33 . 2012-02-26 05:33 -------- d-----w- c:\program files\Enigma Software Group
2012-02-24 03:11 . 2012-02-26 00:56 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-15 01:41 . 2012-02-15 01:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
2012-02-10 02:29 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-09 22:29 . 2012-02-09 22:29 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-09 22:29 . 2012-02-09 22:29 -------- d-----w- c:\users\Tim\AppData\Roaming\FixTDSS
2012-02-09 14:25 . 2012-02-10 00:00 -------- d-----w- c:\windows\system32\drivers\N360x64\0502000.00D
2012-02-09 04:42 . 2012-02-09 04:42 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-02-09 04:39 . 2012-02-09 04:39 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-09 04:26 . 2012-02-28 03:13 -------- d-----w- c:\users\Tim\AppData\Local\LogMeIn Rescue Applet
2012-02-05 14:13 . 2012-02-14 22:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-03 02:23 . 2012-02-10 02:01 -------- d-----w- C:\NBRT
2012-02-03 01:56 . 2009-05-18 07:47 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-03 01:55 . 2012-02-09 23:48 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-02-03 01:55 . 2012-02-10 00:01 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 01:06 . 2012-01-19 05:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-06 05:15 . 2012-01-20 14:10 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5488E4E2-CAA0-4144-BBB4-441C60BC6DBC}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-09-16 4425048]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"RaidCall"="c:\program files (x86)\raidcall\raidcall.exe" [2012-02-11 2080768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
2WireSetup.lnk - c:\program files\2Wire\LaunchSetupWiz.exe [2011-6-17 135168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-03 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 SDRSVC32;Windows Backup ;c:\programdata\iepeers32.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\softnyxGame\GunBoundIS\GameGuard\dump_wmimmc.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-03 136176]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2010-01-19 23536]
R3 sj;sj;c:\users\Tim\Desktop\Timmy\Eden Eternal\EdenEternal\sjcs64.sys [2011-12-15 47224]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-02-07 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120302.002\IDSvia64.sys [2012-02-18 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-16 122880]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-18 517632]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-09 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-03 00:40]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-03 00:40]
.
2012-03-03 c:\windows\Tasks\HPCeeScheduleForTim.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\g9fwuhuy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3940606611-2721368008-2015035362-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**vX]
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4f518d0a
.
[HKEY_USERS\S-1-5-21-3940606611-2721368008-2015035362-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3940606611-2721368008-2015035362-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3940606611-2721368008-2015035362-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):2e,b1,f9,32,35,32,3e,f8,2e,24,e4,50,d0,64,d8,ab,76,cb,eb,d6,e0,
b8,75,5c,15,78,c4,68,ec,9c,9d,ce,0c,d1,ec,0e,bc,a3,44,dd,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3940606611-2721368008-2015035362-1001_Classes\Wow6432Node\CLSID\{d59ae78e-913b-4e51-be0f-dd9f6900698d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000087
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,c3,4d,9e,47,61,a7,8f,c3,d6,83,27,4d,78,40,31,e7,fb,7e,83,b1,a4,90,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-03-02 19:31:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-03 03:31
.
Pre-Run: 637,110,710,272 bytes free
Post-Run: 636,632,518,656 bytes free
.
- - End Of File - - C281D520905FE0B00080DE2843B84D79

#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:20 PM

Posted 02 March 2012 - 11:06 PM

There is an extra report that ComboFix makes.

  • Please press the "Windows key" and the "R" key at the same time.
  • Then, copy/paste the following into the Open box:
C:\Qoobox\Add-Remove Programs.txt
  • Click: OK
Please provide the Add-Remove Programs.txt in your reply.



To get rid of any remnants that other programs may have not picked up, let's run the ESET Online Scanner:

One more time, please disable your AntiVirus program and any AntiSpyware programs while performing the scan. It will preclude conflicts, and
will speed up scan time.

For information on how to disable protective programs, refer to this link:
http://www.bleepingcomputer.com/forums/topic114351.html


Since you are using Windows Seven to perform this scan, go to the Start button, look for the Internet Explorer browser icon, right-click it and select: 'Run as administrator'

In the IE browser address bar, copy paste the following 'http' address (do not copy the word code):
http://www.eset.com/us/online-scanner

Press the ESET Online Scanner button
  • In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
  • Allow the ActiveX to download, and click: 'Install'
  • Click Start
  • Make sure that the option Remove found threats is unticked/unchecked
  • Click: Scan
  • Wait for the scan to finish...it may take a while.
  • If any threats are found, click the 'List of found threats', then click Export to text file....
  • Save the file to your Desktop as: ESET Scan.

Please provide the contents of the ESET Scan in your reply.

Old duck...


#9 Timmy.

Timmy.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 03 March 2012 - 11:04 PM

This is the first log that you requested.


Update for Microsoft Office 2007 (KB2508958)
2Wire Wireless Client
7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player 11.6
AIM 7
Aleks 3.15
AMD USB Filter Driver
Apple Application Support
Apple Software Update
AT&T Yahoo! High Speed Internet Home Networking Installer
AutoHotkey 1.0.48.05
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Blasterball 3
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Download Updater (AOL LLC)
DVD Menu Pack for HP MediaSmart Video
Eden Eternal
Elementals - The Magic Key
Escape Rosecliff Island
Faerie Solitaire
FastStone Capture 6.7
FATE
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
Java Auto Updater
Java™ 6 Update 23
Java™ 6 Update 3
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox (3.6.25)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
Norton 360
Norton Bootable Recovery Tool Wizard
Norton Online Backup
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
RaidCall
RAIDXpert
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype 5.5
swMSM
TalonRO Client 1.0.0
TeamSpeak 2 RC2
TeamViewer 6
TextTwist 2
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Ventrilo Client
Virtual Families
Virtual Villagers - The Secret City
Vuze
Vuze Remote Toolbar
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge

End.

The second one is:

C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\g9fwuhuy.default\extensions\{4aafe4ae-c8f3-4931-8e02-ff36a9cdbd35}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan

#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:20 PM

Posted 03 March 2012 - 11:20 PM

How is the computer running?

Also, please download and run the following:

Download TFC to your Desktop.
  • Save any work in progress!! TFC closes open applications and removes unsaved work!.
  • Right-click TFC.exe and select 'Run as Administrator'
  • If prompted, click "Yes" to reboot.

Last, download Security Check

Save it to the Desktop.
Right-click SecurityCheck.exe and select 'Run as Administrator'
Follow the on-screen instructions (on the black screen)
When done, a Notepad document opens automatically: checkup.txt

Please post the contents of checkup.txt in your reply

Old duck...


#11 Timmy.

Timmy.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 04 March 2012 - 01:41 AM

The computer is running fairly well.
It starts booting normally now.
One exception though: I turned the computer off last night and went to bed.
This morning I found out that it froze on the "Shutting Off" screen...
Aside from that, everything is okay.

Here is the log you requested.

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 23
Java™ 6 Update 3
Out of date Java installed!
Adobe Flash Player ( 10.1.102.64) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:20 PM

Posted 04 March 2012 - 09:32 PM

On the following:

...froze on the "Shutting Off" screen


If you boot into Safe Mode, and then shut down the computer, does it also freeze at the shut down screen?

1.Restart your computer.
2.Tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options menu.
3.Using the arrow keys, select the Safe Mode option.
4.Then press the Enter key to boot into Windows 7 Safe Mode.
5.When Windows starts you will be at a typical logon screen. Logon to your computer and Windows 7 will enter Safe mode.
6.Shut down the computer.

What happened?



Also, the following tasks need attention:

Out of date Java installed!
Please verify the version of Java you have installed:
http://www.java.com/en/download/installed.jsp

If your version of Java is outdated, it needs to be updated to eliminate security vulnerabilities.
When done, uninstall older versions:
http://www.java.com/en/download/uninstall.jsp


Also, Flash Player Out of Date!
Use Adobe's Flash Tester page to see which version is currently being used by your Web browsers
http://www.adobe.com/software/flash/about/

To install the latest version of Flash Player, visit the installation page:
http://www.adobe.com/go/getflashplayer

Old duck...


#13 Timmy.

Timmy.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 07 March 2012 - 01:16 AM

I did the Safe Mode thing and it didn't freeze this time.
I think it was just a one time thing.
Also, I updated my Java and Flash Player.
Is there anything else I should do?

#14 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:20 PM

Posted 07 March 2012 - 10:08 PM

I did the Safe Mode thing and it didn't freeze this time.


It did not freeze when you shut it off from Safe Mode?

...or,

It did not freeze when you shut it off from Normal Windows?

...or both?


Also, will you navigate to the following folders, open each one, and let me know if there are any files in it:

C:\Users\Tim\AppData\Local\{789F178D-0C5F-472F-A7F6-A85C8EA44B20}
C:\Users\Tim\AppData\Local\{1B22F9BC-DC85-4EE9-BB07-8350A10315E3}
C:\Users\Tim\AppData\Local\{3A15DFDF-CDE2-49B4-99FC-36C3362216D5}

Edited by Aaflac, 07 March 2012 - 10:12 PM.

Old duck...


#15 Timmy.

Timmy.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 07 March 2012 - 11:21 PM

It did not freeze at both occasions.
There are no files at the locations.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users