Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

%hs missing problem again


  • This topic is locked This topic is locked
3 replies to this topic

#1 spbcooperator

spbcooperator

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 01 April 2012 - 03:04 AM

I know that this problem has solved for other people. I am another who cannot get my laptop to start since I
last used anti-virus software.
FRST info follows and thanks in advance

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 01-04-2012 08:02:36
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [356 2012-03-31] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273528 2011-11-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2215768 2011-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [RadioRage Search Scope Monitor] "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jsrchmn.exe" /m=2 /w /h [42536 2012-03-10] (MindSpark)
HKLM-x32\...\Run: [RadioRage_4j Browser Plugin Loader] C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon.exe [30096 2012-03-10] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [660504 2012-03-31] (Webroot)
HKU\Steve\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\Steve\...\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\Steve\...\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h [x]
HKU\Steve\...\Run: [UJ7J2I3X9GVF8U5ET] C:\sooi832.bin\CA0A49826D2.exe /q [165376 2011-11-16] ()
HKU\Steve\...\Run: [Update] C:\Users\Steve\AppData\Roaming\ch8l0.exe [x]
HKU\Steve\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Steve\...\Policies\system: [DisableCMD] 0
HKU\Steve\...\Policies\system: [DisableRegistryTools] 0
HKU\Steve\...\Policies\system: [DisableTaskMgr] 0
HKU\Steve\...\Policies\system: [NoDispAppearancePage] 0
HKU\Steve\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Steve\...\Policies\system: [NoDispSettingsPage] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-31] (Adobe Systems Incorporated)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 pdcomp; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 pdcomp; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 QBCFMonitorService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [45056 2012-02-27] (Intuit)
3 QBFCService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2009-07-23] (Intuit Inc.)
2 RadioRage_4jService; C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbarsvc.exe [42504 2012-03-10] (COMPANYVERS_NAME)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [660504 2012-03-31] (Webroot)
3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [116752 2010-09-24] (ATI Technologies, Inc.)
3 JME; C:\Windows\System32\Drivers\JME.sys [131552 2010-10-11] (JMicron Technology Corp.)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
0 lullaby; C:\Windows\System32\Drivers\lullaby.sys [15928 2009-06-18] (Windows ® Win 7 DDK provider)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1806400 2009-06-05] ()
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [112104 2012-03-31] (Webroot)
4 BaEASCuS; C:\Windows\System32\drivers\BaEASCuS.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: EPSON_EB_RPCV4_01
NETSVC: beatjamupnpmusicserver
NETSVC: WcesComm
NETSVC: pdcomp

============ One Month Created Files and Folders ==============

2012-04-01 08:02 - 2012-04-01 08:02 - 0000000 ____D C:\FRST
2012-03-31 20:56 - 2012-03-31 21:00 - 0000000 ____D C:\Users\All Users\WRData
2012-03-31 20:56 - 2012-03-31 21:00 - 0000000 ____D C:\ProgramData\WRData
2012-03-31 20:56 - 2012-03-31 20:56 - 0146040 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2012-03-31 20:56 - 2012-03-31 20:56 - 0112104 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-03-31 20:56 - 2012-03-31 20:56 - 0098160 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-03-31 20:56 - 2012-03-31 20:56 - 0000000 ____D C:\Users\Steve\AppData\Local\lptmp3693
2012-03-31 20:56 - 2012-03-31 20:56 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 20:51 - 2012-03-31 20:55 - 0660504 ____A (Webroot) C:\Users\Steve\Downloads\wsainstall.exe
2012-03-31 19:46 - 2012-03-31 19:46 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{016888b8-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
2012-03-31 14:05 - 2012-03-31 14:05 - 0001260 ____A C:\Users\Steve\Desktop\Spybot - Search & Destroy.lnk
2012-03-31 14:04 - 2012-03-31 20:02 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-31 14:04 - 2012-03-31 20:02 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-31 14:04 - 2012-03-31 14:05 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-31 14:02 - 2012-03-31 14:02 - 16409960 ____A (Safer Networking Limited ) C:\Users\Steve\Downloads\spybotsd162.exe
2012-03-31 13:48 - 2012-03-31 13:48 - 0000000 ____D C:\Users\Steve\AppData\Local\ElevatedDiagnostics
2012-03-31 13:44 - 2012-03-31 20:56 - 0345042 ____A C:\Windows\ntbtlog.txt
2012-03-31 04:27 - 2012-03-31 04:27 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-31 03:40 - 2012-03-31 19:46 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-31 03:40 - 2012-03-31 04:27 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-31 01:40 - 2012-03-31 01:40 - 0072192 ____A C:\Users\Steve\Documents\Spreadsheet Tips From An Excel Addict Newsletter - March 28 2012.msg
2012-03-30 04:50 - 2012-03-31 19:20 - 0000346 ____A C:\Windows\Tasks\At10.job
2012-03-30 04:50 - 2012-03-31 19:20 - 0000344 ____A C:\Windows\Tasks\At9.job
2012-03-30 04:50 - 2012-03-31 19:10 - 0000346 ____A C:\Windows\Tasks\At8.job
2012-03-30 04:50 - 2012-03-31 19:10 - 0000346 ____A C:\Windows\Tasks\At6.job
2012-03-30 04:50 - 2012-03-31 19:10 - 0000346 ____A C:\Windows\Tasks\At4.job
2012-03-30 04:50 - 2012-03-31 19:10 - 0000344 ____A C:\Windows\Tasks\At7.job
2012-03-30 04:50 - 2012-03-31 19:10 - 0000344 ____A C:\Windows\Tasks\At5.job
2012-03-30 04:50 - 2012-03-31 19:10 - 0000344 ____A C:\Windows\Tasks\At3.job
2012-03-30 04:50 - 2012-03-31 14:20 - 0000346 ____A C:\Windows\Tasks\At48.job
2012-03-30 04:50 - 2012-03-31 14:20 - 0000344 ____A C:\Windows\Tasks\At47.job
2012-03-30 04:50 - 2012-03-31 10:26 - 0000346 ____A C:\Windows\Tasks\At40.job
2012-03-30 04:50 - 2012-03-31 10:26 - 0000344 ____A C:\Windows\Tasks\At39.job
2012-03-30 04:50 - 2012-03-31 09:20 - 0000346 ____A C:\Windows\Tasks\At38.job
2012-03-30 04:50 - 2012-03-31 09:20 - 0000344 ____A C:\Windows\Tasks\At37.job
2012-03-30 04:50 - 2012-03-31 08:20 - 0000346 ____A C:\Windows\Tasks\At36.job
2012-03-30 04:50 - 2012-03-31 08:20 - 0000344 ____A C:\Windows\Tasks\At35.job
2012-03-30 04:50 - 2012-03-31 07:20 - 0000346 ____A C:\Windows\Tasks\At34.job
2012-03-30 04:50 - 2012-03-31 07:20 - 0000344 ____A C:\Windows\Tasks\At33.job
2012-03-30 04:50 - 2012-03-31 06:20 - 0000346 ____A C:\Windows\Tasks\At32.job
2012-03-30 04:50 - 2012-03-31 06:20 - 0000344 ____A C:\Windows\Tasks\At31.job
2012-03-30 04:50 - 2012-03-31 05:20 - 0000346 ____A C:\Windows\Tasks\At30.job
2012-03-30 04:50 - 2012-03-31 05:20 - 0000344 ____A C:\Windows\Tasks\At29.job
2012-03-30 04:50 - 2012-03-31 04:20 - 0000346 ____A C:\Windows\Tasks\At28.job
2012-03-30 04:50 - 2012-03-31 04:20 - 0000344 ____A C:\Windows\Tasks\At27.job
2012-03-30 04:50 - 2012-03-31 03:28 - 0000346 ____A C:\Windows\Tasks\At26.job
2012-03-30 04:50 - 2012-03-31 03:28 - 0000346 ____A C:\Windows\Tasks\At24.job
2012-03-30 04:50 - 2012-03-31 03:28 - 0000344 ____A C:\Windows\Tasks\At25.job
2012-03-30 04:50 - 2012-03-31 03:28 - 0000344 ____A C:\Windows\Tasks\At23.job
2012-03-30 04:50 - 2012-03-31 01:20 - 0000346 ____A C:\Windows\Tasks\At22.job
2012-03-30 04:50 - 2012-03-31 01:20 - 0000344 ____A C:\Windows\Tasks\At21.job
2012-03-30 04:50 - 2012-03-31 00:20 - 0000346 ____A C:\Windows\Tasks\At20.job
2012-03-30 04:50 - 2012-03-31 00:20 - 0000344 ____A C:\Windows\Tasks\At19.job
2012-03-30 04:50 - 2012-03-30 23:20 - 0000346 ____A C:\Windows\Tasks\At18.job
2012-03-30 04:50 - 2012-03-30 23:20 - 0000344 ____A C:\Windows\Tasks\At17.job
2012-03-30 04:50 - 2012-03-30 23:17 - 0000346 ____A C:\Windows\Tasks\At16.job
2012-03-30 04:50 - 2012-03-30 23:17 - 0000346 ____A C:\Windows\Tasks\At14.job
2012-03-30 04:50 - 2012-03-30 23:17 - 0000346 ____A C:\Windows\Tasks\At12.job
2012-03-30 04:50 - 2012-03-30 23:17 - 0000344 ____A C:\Windows\Tasks\At15.job
2012-03-30 04:50 - 2012-03-30 23:17 - 0000344 ____A C:\Windows\Tasks\At13.job
2012-03-30 04:50 - 2012-03-30 23:17 - 0000344 ____A C:\Windows\Tasks\At11.job
2012-03-30 04:50 - 2012-03-30 13:20 - 0000346 ____A C:\Windows\Tasks\At46.job
2012-03-30 04:50 - 2012-03-30 13:20 - 0000344 ____A C:\Windows\Tasks\At45.job
2012-03-30 04:50 - 2012-03-30 12:56 - 0000346 ____A C:\Windows\Tasks\At44.job
2012-03-30 04:50 - 2012-03-30 12:56 - 0000346 ____A C:\Windows\Tasks\At42.job
2012-03-30 04:50 - 2012-03-30 12:56 - 0000344 ____A C:\Windows\Tasks\At43.job
2012-03-30 04:50 - 2012-03-30 12:56 - 0000344 ____A C:\Windows\Tasks\At41.job
2012-03-30 04:49 - 2012-03-31 15:20 - 0000346 ____A C:\Windows\Tasks\At2.job
2012-03-30 04:49 - 2012-03-31 15:20 - 0000344 ____A C:\Windows\Tasks\At1.job
2012-03-30 04:49 - 2012-03-30 04:49 - 0046080 ____A C:\Windows\SysWOW64\HF3QX.com
2012-03-30 03:09 - 2012-03-31 20:37 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-30 03:08 - 2012-03-30 03:08 - 0000000 ____D C:\Windows\system64
2012-03-29 02:50 - 2012-03-29 02:50 - 0056832 ____A C:\Users\Steve\Downloads\Internet payment template (22-3-'12).xls
2012-03-24 10:13 - 2012-03-24 10:13 - 0000000 ____D C:\Users\Steve\Desktop\My Shared Folder
2012-03-24 10:13 - 2012-03-24 10:13 - 0000000 ____D C:\Users\Steve\AppData\Local\Ares
2012-03-24 10:10 - 2012-03-24 10:10 - 2873125 ____A (Ares ) C:\Users\Steve\Downloads\Ares_Installer.exe
2012-03-21 09:00 - 2012-03-21 09:00 - 0026624 ____A C:\Users\Steve\Documents\flier stab 1a.doc
2012-03-20 09:02 - 2012-03-20 09:02 - 0150251 ____A C:\Users\Steve\Desktop\some rec thing for ecil.xlsx
2012-03-20 08:32 - 2012-03-20 08:32 - 0055296 ____A C:\Users\Steve\Desktop\Copy of Internet payment template (15-3-'12).xls
2012-03-20 08:01 - 2012-03-20 08:01 - 0000000 ____D C:\Users\Steve\AppData\Local\{53DF3910-5A02-4526-8601-3B55F032692F}
2012-03-19 00:13 - 2012-03-19 10:28 - 0019273 ____A C:\Users\Steve\Desktop\ebs be analysis march 12.xlsx
2012-03-15 10:33 - 2012-03-15 10:33 - 0060928 ____A C:\Users\Steve\Desktop\Copy of Copy of ecil draft budget 12-13 b this one.xls
2012-03-15 08:35 - 2012-03-15 08:35 - 0050688 ____A C:\Users\Steve\Desktop\ECIL TEMP INVOICE TEMPLATE.doc
2012-03-15 00:16 - 2012-03-15 00:16 - 0000000 ____D C:\Users\Steve\AppData\Local\{9D427272-2D91-4ED2-8DEA-6FA795EBF29C}
2012-03-14 08:50 - 2012-03-14 08:50 - 0000000 ____D C:\Users\Steve\AppData\Local\{A97DD603-D54E-4564-A11C-B7EB83DE1E5B}
2012-03-14 08:50 - 2012-03-14 08:50 - 0000000 ____D C:\Users\Steve\AppData\Local\{0C835A51-5A8E-4DA9-BF97-9B9FBCFDD6EE}
2012-03-14 02:17 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 02:17 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 02:17 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-14 00:39 - 2012-03-14 00:39 - 0047104 ____A C:\Users\Steve\Desktop\Copy of Shopmobility Y2Financerevised figures.xls
2012-03-13 21:39 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 21:39 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 21:39 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 21:37 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 21:37 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 21:37 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-13 21:36 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 21:36 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 21:36 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 21:36 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 01:33 - 2012-03-13 01:33 - 0000000 ____D C:\Users\Steve\AppData\Local\{EBA8F5F7-C88C-4221-87DD-40882C479839}
2012-03-10 09:48 - 2012-03-10 09:48 - 0000000 ____D C:\Users\Steve\AppData\Local\{28BDCB0B-2D93-4752-888A-67B94F22E565}
2012-03-10 06:14 - 2012-03-10 06:14 - 0000000 ____D C:\Program Files (x86)\RadioRage_4j
2012-03-07 00:37 - 2012-03-07 00:39 - 0000000 ____D C:\Users\Steve\AppData\Roaming\WinRAR
2012-03-07 00:37 - 2012-03-07 00:38 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-03-07 00:33 - 2012-03-07 00:33 - 1506653 ____A C:\Users\Steve\Downloads\wrar411.exe
2012-03-07 00:17 - 2012-03-07 00:29 - 106167199 ____A C:\Users\Steve\Downloads\camslvpack.rar
2012-03-06 04:23 - 2012-03-06 04:23 - 0000000 ____D C:\Users\Steve\AppData\Local\{24D72151-1838-45B7-8C79-99D3563FE0F9}
2012-03-02 19:04 - 2012-03-02 19:04 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-02 19:04 - 2012-03-02 19:04 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-02 19:04 - 2012-03-02 19:04 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-02 19:04 - 2012-03-02 19:04 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-02 19:04 - 2012-03-02 19:04 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-02 19:04 - 2012-03-02 19:04 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-02 19:04 - 2012-03-02 19:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-02 19:04 - 2012-03-02 19:04 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-02 19:04 - 2012-03-02 19:04 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-02 19:04 - 2012-03-02 19:04 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-02 19:04 - 2012-03-02 19:04 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-02 19:04 - 2012-03-02 19:04 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-02 19:04 - 2012-03-02 19:04 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-02 19:01 - 2012-03-02 19:05 - 0003397 ____A C:\Windows\IE9_main.log

============ 3 Months Modified Files and Folders =============

2012-04-01 08:02 - 2012-04-01 08:02 - 0000000 ____D C:\FRST
2012-03-31 22:57 - 2011-11-05 21:08 - 2212737024 __ASH C:\hiberfil.sys
2012-03-31 21:01 - 2011-04-17 06:09 - 0146516 ____A C:\Windows\PFRO.log
2012-03-31 21:00 - 2012-03-31 20:56 - 0000000 ____D C:\Users\All Users\WRData
2012-03-31 21:00 - 2012-03-31 20:56 - 0000000 ____D C:\ProgramData\WRData
2012-03-31 20:56 - 2012-03-31 20:56 - 0146040 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2012-03-31 20:56 - 2012-03-31 20:56 - 0112104 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-03-31 20:56 - 2012-03-31 20:56 - 0098160 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-03-31 20:56 - 2012-03-31 20:56 - 0000000 ____D C:\Users\Steve\AppData\Local\lptmp3693
2012-03-31 20:56 - 2012-03-31 20:56 - 0000000 ____D C:\Program Files\Webroot
2012-03-31 20:56 - 2012-03-31 13:44 - 0345042 ____A C:\Windows\ntbtlog.txt
2012-03-31 20:55 - 2012-03-31 20:51 - 0660504 ____A (Webroot) C:\Users\Steve\Downloads\wsainstall.exe
2012-03-31 20:38 - 2011-04-17 05:03 - 1817216 ____A C:\Windows\WindowsUpdate.log
2012-03-31 20:37 - 2012-03-30 03:09 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-31 20:33 - 2011-04-17 05:36 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-31 20:30 - 2012-01-05 10:14 - 0000000 ____D C:\Users\Steve\AppData\Roaming\Skype
2012-03-31 20:29 - 2011-04-17 05:35 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-31 20:29 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-31 20:29 - 2009-07-13 20:51 - 0054425 ____A C:\Windows\setupact.log
2012-03-31 20:12 - 2011-11-11 02:40 - 0000000 ____D C:\Users\Steve\Documents\Outlook Files
2012-03-31 20:10 - 2009-07-13 21:08 - 0032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-31 20:02 - 2012-03-31 14:04 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-31 20:02 - 2012-03-31 14:04 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-31 19:46 - 2012-03-31 19:46 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{016888b8-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
2012-03-31 19:46 - 2012-03-31 03:40 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-31 19:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At10.job
2012-03-31 19:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At9.job
2012-03-31 19:10 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At8.job
2012-03-31 19:10 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At6.job
2012-03-31 19:10 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At4.job
2012-03-31 19:10 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At7.job
2012-03-31 19:10 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At5.job
2012-03-31 19:10 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At3.job
2012-03-31 15:20 - 2012-03-30 04:49 - 0000346 ____A C:\Windows\Tasks\At2.job
2012-03-31 15:20 - 2012-03-30 04:49 - 0000344 ____A C:\Windows\Tasks\At1.job
2012-03-31 14:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At48.job
2012-03-31 14:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At47.job
2012-03-31 14:05 - 2012-03-31 14:05 - 0001260 ____A C:\Users\Steve\Desktop\Spybot - Search & Destroy.lnk
2012-03-31 14:05 - 2012-03-31 14:04 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-31 14:02 - 2012-03-31 14:02 - 16409960 ____A (Safer Networking Limited ) C:\Users\Steve\Downloads\spybotsd162.exe
2012-03-31 13:57 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-31 13:57 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-31 13:52 - 2011-04-17 06:22 - 0002288 ____A C:\Windows\System32\AutoRunFilter.ini
2012-03-31 13:48 - 2012-03-31 13:48 - 0000000 ____D C:\Users\Steve\AppData\Local\ElevatedDiagnostics
2012-03-31 13:26 - 2011-04-17 06:22 - 0001244 ____A C:\Windows\System32\ServiceFilter.ini
2012-03-31 10:26 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At40.job
2012-03-31 10:26 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At39.job
2012-03-31 09:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At38.job
2012-03-31 09:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At37.job
2012-03-31 08:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At36.job
2012-03-31 08:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At35.job
2012-03-31 07:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At34.job
2012-03-31 07:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At33.job
2012-03-31 06:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At32.job
2012-03-31 06:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At31.job
2012-03-31 05:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At30.job
2012-03-31 05:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At29.job
2012-03-31 04:27 - 2012-03-31 04:27 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-31 04:27 - 2012-03-31 03:40 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-31 04:27 - 2011-12-19 15:34 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-31 04:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At28.job
2012-03-31 04:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At27.job
2012-03-31 03:28 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At26.job
2012-03-31 03:28 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At24.job
2012-03-31 03:28 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At25.job
2012-03-31 03:28 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At23.job
2012-03-31 01:40 - 2012-03-31 01:40 - 0072192 ____A C:\Users\Steve\Documents\Spreadsheet Tips From An Excel Addict Newsletter - March 28 2012.msg
2012-03-31 01:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At22.job
2012-03-31 01:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At21.job
2012-03-31 00:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At20.job
2012-03-31 00:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At19.job
2012-03-30 23:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At18.job
2012-03-30 23:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At17.job
2012-03-30 23:17 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At16.job
2012-03-30 23:17 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At14.job
2012-03-30 23:17 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At12.job
2012-03-30 23:17 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At15.job
2012-03-30 23:17 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At13.job
2012-03-30 23:17 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At11.job
2012-03-30 13:20 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At46.job
2012-03-30 13:20 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At45.job
2012-03-30 12:56 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At44.job
2012-03-30 12:56 - 2012-03-30 04:50 - 0000346 ____A C:\Windows\Tasks\At42.job
2012-03-30 12:56 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At43.job
2012-03-30 12:56 - 2012-03-30 04:50 - 0000344 ____A C:\Windows\Tasks\At41.job
2012-03-30 04:49 - 2012-03-30 04:49 - 0046080 ____A C:\Windows\SysWOW64\HF3QX.com
2012-03-30 03:08 - 2012-03-30 03:08 - 0000000 ____D C:\Windows\system64
2012-03-29 09:16 - 2012-01-12 06:25 - 0002024 ___AH C:\Users\Steve\Documents\Default.rdp
2012-03-29 02:50 - 2012-03-29 02:50 - 0056832 ____A C:\Users\Steve\Downloads\Internet payment template (22-3-'12).xls
2012-03-27 11:09 - 2009-07-13 21:13 - 0798754 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-25 23:17 - 2011-11-09 23:42 - 0000452 ___AH C:\Windows\Tasks\Norton Security Scan for Steve.job
2012-03-25 18:32 - 2011-11-05 14:32 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-24 10:13 - 2012-03-24 10:13 - 0000000 ____D C:\Users\Steve\Desktop\My Shared Folder
2012-03-24 10:13 - 2012-03-24 10:13 - 0000000 ____D C:\Users\Steve\AppData\Local\Ares
2012-03-24 10:10 - 2012-03-24 10:10 - 2873125 ____A (Ares ) C:\Users\Steve\Downloads\Ares_Installer.exe
2012-03-23 08:05 - 2011-11-06 11:01 - 0001294 ____A C:\Users\Steve\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-03-23 08:05 - 2011-11-06 11:01 - 0001294 ____A C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-03-21 09:00 - 2012-03-21 09:00 - 0026624 ____A C:\Users\Steve\Documents\flier stab 1a.doc
2012-03-20 09:02 - 2012-03-20 09:02 - 0150251 ____A C:\Users\Steve\Desktop\some rec thing for ecil.xlsx
2012-03-20 08:32 - 2012-03-20 08:32 - 0055296 ____A C:\Users\Steve\Desktop\Copy of Internet payment template (15-3-'12).xls
2012-03-20 08:01 - 2012-03-20 08:01 - 0000000 ____D C:\Users\Steve\AppData\Local\{53DF3910-5A02-4526-8601-3B55F032692F}
2012-03-20 04:16 - 2011-11-05 14:13 - 0000000 ____D C:\Users\Steve\AppData\LocalLow
2012-03-20 03:51 - 2012-02-20 06:05 - 0000090 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-03-20 03:49 - 2011-04-17 05:34 - 0000000 ____D C:\Users\All Users\Nuance
2012-03-20 03:49 - 2011-04-17 05:34 - 0000000 ____D C:\ProgramData\Nuance
2012-03-19 10:28 - 2012-03-19 00:13 - 0019273 ____A C:\Users\Steve\Desktop\ebs be analysis march 12.xlsx
2012-03-17 09:48 - 2012-03-01 01:45 - 0022456 ____A C:\Users\Steve\Desktop\Timesheet March 2012.xlsx
2012-03-15 10:33 - 2012-03-15 10:33 - 0060928 ____A C:\Users\Steve\Desktop\Copy of Copy of ecil draft budget 12-13 b this one.xls
2012-03-15 08:35 - 2012-03-15 08:35 - 0050688 ____A C:\Users\Steve\Desktop\ECIL TEMP INVOICE TEMPLATE.doc
2012-03-15 00:16 - 2012-03-15 00:16 - 0000000 ____D C:\Users\Steve\AppData\Local\{9D427272-2D91-4ED2-8DEA-6FA795EBF29C}
2012-03-14 09:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-14 08:50 - 2012-03-14 08:50 - 0000000 ____D C:\Users\Steve\AppData\Local\{A97DD603-D54E-4564-A11C-B7EB83DE1E5B}
2012-03-14 08:50 - 2012-03-14 08:50 - 0000000 ____D C:\Users\Steve\AppData\Local\{0C835A51-5A8E-4DA9-BF97-9B9FBCFDD6EE}
2012-03-14 08:50 - 2011-12-31 11:09 - 0000000 ____D C:\Users\Steve\Desktop\christmas 2011
2012-03-14 02:20 - 2009-07-13 20:45 - 0429400 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 02:13 - 2012-02-26 20:35 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-14 02:12 - 2011-11-05 14:19 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-14 02:12 - 2011-11-05 14:19 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-14 00:39 - 2012-03-14 00:39 - 0047104 ____A C:\Users\Steve\Desktop\Copy of Shopmobility Y2Financerevised figures.xls
2012-03-13 03:42 - 2012-02-20 06:04 - 0784666 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-13 01:33 - 2012-03-13 01:33 - 0000000 ____D C:\Users\Steve\AppData\Local\{EBA8F5F7-C88C-4221-87DD-40882C479839}
2012-03-10 09:48 - 2012-03-10 09:48 - 0000000 ____D C:\Users\Steve\AppData\Local\{28BDCB0B-2D93-4752-888A-67B94F22E565}
2012-03-10 06:14 - 2012-03-10 06:14 - 0000000 ____D C:\Program Files (x86)\RadioRage_4j
2012-03-07 00:39 - 2012-03-07 00:37 - 0000000 ____D C:\Users\Steve\AppData\Roaming\WinRAR
2012-03-07 00:38 - 2012-03-07 00:37 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-03-07 00:33 - 2012-03-07 00:33 - 1506653 ____A C:\Users\Steve\Downloads\wrar411.exe
2012-03-07 00:29 - 2012-03-07 00:17 - 106167199 ____A C:\Users\Steve\Downloads\camslvpack.rar
2012-03-06 04:23 - 2012-03-06 04:23 - 0000000 ____D C:\Users\Steve\AppData\Local\{24D72151-1838-45B7-8C79-99D3563FE0F9}
2012-03-02 19:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-02 19:05 - 2012-03-02 19:01 - 0003397 ____A C:\Windows\IE9_main.log
2012-03-02 19:04 - 2012-03-02 19:04 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-02 19:04 - 2012-03-02 19:04 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-02 19:04 - 2012-03-02 19:04 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-02 19:04 - 2012-03-02 19:04 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-02 19:04 - 2012-03-02 19:04 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-02 19:04 - 2012-03-02 19:04 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-02 19:04 - 2012-03-02 19:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-02 19:04 - 2012-03-02 19:04 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-02 19:04 - 2012-03-02 19:04 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-02 19:04 - 2012-03-02 19:04 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-02 19:04 - 2012-03-02 19:04 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-02 19:04 - 2012-03-02 19:04 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-02 19:04 - 2012-03-02 19:04 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-29 10:00 - 2012-02-29 09:29 - 0012647 ____A C:\Users\Steve\Documents\counselling budget.xlsx
2012-02-29 03:33 - 2012-02-20 03:55 - 0018702 ____A C:\Users\Steve\Documents\synergy revised budgets.xlsx
2012-02-28 10:15 - 2012-02-27 07:46 - 0011320 ____A C:\Users\Steve\Documents\ecil opening bank rec.xlsx
2012-02-26 22:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-26 21:31 - 2011-11-05 14:15 - 0000174 ___SH C:\Users\Steve\Start Menu\Programs\Startup\desktop.ini
2012-02-26 21:31 - 2011-11-05 14:15 - 0000174 ___SH C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-26 21:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-26 21:14 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-02-26 21:14 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-02-26 21:14 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-02-26 21:14 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-02-26 21:14 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-02-26 21:14 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-02-26 21:14 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-02-26 21:14 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-02-26 21:14 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-02-26 21:14 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-02-26 21:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-02-26 21:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-02-26 21:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-02-26 21:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-02-26 21:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-02-26 21:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-02-26 21:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-02-26 21:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-02-26 21:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-02-26 21:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-02-26 21:03 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-02-26 21:03 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-02-26 20:40 - 2012-02-26 20:40 - 0000000 ____D C:\Windows\System32\SPReview
2012-02-26 20:38 - 2012-02-26 20:38 - 0000000 ____D C:\Windows\System32\EventProviders
2012-02-25 05:47 - 2012-02-25 05:47 - 0776232 ____A (Adobe Systems Incorporated) C:\Users\Steve\Downloads\install_flashplayer11x64_mssa_aih.exe
2012-02-25 05:44 - 2012-02-25 05:44 - 0380583 ____A C:\Users\Steve\Downloads\CupGame.swf
2012-02-23 02:23 - 2012-01-12 09:47 - 0010015 ____A C:\Users\Steve\Documents\jo new pay.xlsx
2012-02-22 10:07 - 2012-02-20 06:05 - 0000000 ____D C:\Users\All Users\SQL Anywhere 11
2012-02-22 10:07 - 2012-02-20 06:05 - 0000000 ____D C:\ProgramData\SQL Anywhere 11
2012-02-21 05:10 - 2012-02-21 05:10 - 0000000 ____D C:\Program Files\Common Files\Intuit
2012-02-20 07:15 - 2012-02-20 06:05 - 0000000 ____D C:\Users\All Users\Intuit
2012-02-20 07:15 - 2012-02-20 06:05 - 0000000 ____D C:\ProgramData\Intuit
2012-02-20 06:12 - 2011-11-05 14:15 - 0113208 ____A C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-20 06:09 - 2012-02-20 06:09 - 0002436 ____A C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
2012-02-20 06:09 - 2012-02-20 06:09 - 0002113 ____A C:\Users\Public\Desktop\QuickBooks Pro 2012.lnk
2012-02-20 06:09 - 2012-02-20 06:09 - 0002032 ____A C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
2012-02-20 06:09 - 2012-02-20 06:09 - 0001384 ____A C:\Users\Public\Desktop\Payroll for QuickBooks.lnk
2012-02-20 06:09 - 2012-02-20 06:09 - 0001276 ____A C:\Users\Public\Desktop\Support for QuickBooks.lnk
2012-02-20 06:09 - 2012-02-20 06:09 - 0000000 ____D C:\Users\Steve\AppData\Local\Intuit
2012-02-20 06:05 - 2012-02-20 06:05 - 0000000 ____D C:\Users\Public\Documents\Intuit
2012-02-20 06:05 - 2012-02-20 06:05 - 0000000 ____D C:\Program Files (x86)\Intuit
2012-02-20 05:58 - 2012-02-20 05:58 - 0000000 ____D C:\Windows\Intuit
2012-02-20 05:57 - 2012-02-20 05:54 - 552453120 ____A (Intuit, Inc. ) C:\Users\Steve\Downloads\QuickBooksUK2012.exe
2012-02-19 13:37 - 2012-02-19 13:37 - 0000000 ____D C:\Users\Steve\Documents\My Received Files
2012-02-18 10:46 - 2012-02-18 10:45 - 0000000 ____D C:\Program Files (x86)\Ask.com
2012-02-18 10:45 - 2012-02-18 10:45 - 0000000 ____D C:\Users\Steve\AppData\Local\APN
2012-02-18 10:43 - 2012-02-18 10:42 - 23649688 ____A C:\Users\Steve\Downloads\pal_install_a105_r1125(1).exe
2012-02-18 10:41 - 2012-02-18 10:40 - 23649688 ____A C:\Users\Steve\Downloads\pal_install_a105_r1125.exe
2012-02-17 01:30 - 2012-02-17 01:30 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-17 01:30 - 2012-02-17 01:30 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-17 01:30 - 2012-02-17 01:30 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-17 01:30 - 2012-02-17 01:30 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-17 01:30 - 2012-02-17 01:30 - 0000000 ____D C:\Users\All Users\Sun
2012-02-17 01:30 - 2012-02-17 01:30 - 0000000 ____D C:\ProgramData\Sun
2012-02-17 01:30 - 2012-02-17 01:30 - 0000000 ____D C:\Program Files (x86)\Java
2012-02-16 22:38 - 2012-03-13 21:36 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 21:36 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 21:36 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 21:36 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 10:07 - 2012-02-16 10:07 - 0011757 ____A C:\Users\Steve\Documents\column map.xlsx
2012-02-16 04:53 - 2011-04-17 05:41 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 23:27 - 2012-02-15 10:03 - 0044728 ____A C:\Users\Steve\Documents\summary of project i&e.xlsx
2012-02-15 11:24 - 2012-02-15 11:24 - 0000000 ____D C:\Users\Steve\AppData\Local\{7B265963-8959-4E7C-8E5E-FF13BB2EEDB1}
2012-02-15 06:54 - 2012-02-15 06:54 - 0010403 ____A C:\Users\Steve\Documents\acn takings 2011 2012.xlsx
2012-02-14 15:20 - 2012-02-14 15:20 - 0000000 ____D C:\Users\Steve\AppData\Local\{ECF94C22-0479-4767-BD6C-6B0D1BBBA642}
2012-02-14 15:20 - 2012-02-14 15:20 - 0000000 ____D C:\Users\Steve\AppData\Local\{5E8716DE-5F8D-40CE-B968-BA6BEBBD900C}
2012-02-14 15:20 - 2012-02-14 15:20 - 0000000 ____D C:\Users\Steve\AppData\Local\{5893BA13-6416-4E60-950D-5E76519DF601}
2012-02-14 15:19 - 2012-02-14 15:19 - 0000000 ____D C:\Users\Steve\AppData\Local\{A1C7A5CC-F51C-44C3-ABF8-B87A2A06EAA0}
2012-02-14 15:19 - 2012-02-14 15:19 - 0000000 ____D C:\Users\Steve\AppData\Local\{67C65970-6294-49E7-91DA-2B150EA43914}
2012-02-14 15:15 - 2012-02-14 15:15 - 0000000 ____D C:\Users\Steve\AppData\Local\{4E71C682-4083-4CB7-92CC-201606772B16}
2012-02-14 06:36 - 2012-02-14 06:36 - 0000046 ____A C:\Users\Steve\Documents\webmail login.txt
2012-02-14 04:21 - 2012-02-14 04:21 - 0000000 ____D C:\Users\Steve\AppData\Roaming\TeamViewer
2012-02-14 04:20 - 2012-02-14 04:20 - 3428600 ____A (TeamViewer GmbH) C:\Users\Steve\Downloads\TeamViewerQS.exe
2012-02-14 04:18 - 2011-11-05 14:19 - 0000000 ____D C:\Users\Steve\AppData\Local\Microsoft Help
2012-02-13 11:19 - 2012-02-13 11:18 - 0000000 ____D C:\Users\Steve\AppData\Local\{AE62F944-6312-4892-932B-E6B6358BB98A}
2012-02-10 09:04 - 2012-02-10 09:04 - 0000000 ____D C:\Users\Steve\AppData\Local\{93C456CD-FCC3-4B3F-9C5E-8D9D7118BEBB}
2012-02-10 03:17 - 2012-02-10 03:17 - 0000000 ____D C:\Users\Steve\AppData\Roaming\EeeStorageUploader
2012-02-10 03:17 - 2011-11-05 14:17 - 0000000 ____D C:\Users\Steve\AppData\Roaming\Asus WebStorage
2012-02-09 22:36 - 2012-03-13 21:39 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 21:39 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-08 10:22 - 2012-02-08 10:22 - 0012911 ____A C:\Users\Steve\Documents\0845 6077787.docx
2012-02-03 13:24 - 2012-02-03 13:24 - 0000000 ___HD C:\Users\All Users\.syncID
2012-02-03 13:24 - 2012-02-03 13:24 - 0000000 ___HD C:\Users\All Users\.Syncables
2012-02-03 13:24 - 2012-02-03 13:24 - 0000000 ___HD C:\ProgramData\.syncID
2012-02-03 13:24 - 2012-02-03 13:24 - 0000000 ___HD C:\ProgramData\.Syncables
2012-02-03 08:56 - 2012-02-03 02:59 - 0011006 ____A C:\Users\Steve\Documents\scenario 2.xlsx
2012-02-02 20:34 - 2012-03-13 21:39 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 10:42 - 2012-01-31 10:42 - 0015184 ____A C:\Users\Steve\Documents\EBS COOP can briefing.docx
2012-01-31 05:26 - 2012-01-31 05:26 - 0013456 ____A C:\Users\Steve\Desktop\Timesheet February 2012.xlsx
2012-01-26 09:44 - 2012-01-26 09:44 - 0012700 ____A C:\Users\Steve\Documents\Contact other banks how they do internet banking.docx
2012-01-26 09:44 - 2012-01-26 09:44 - 0000162 ___AH C:\Users\Steve\Documents\~$ntact other banks how they do internet banking.docx
2012-01-26 09:44 - 2012-01-26 08:17 - 0028672 ____A C:\Users\Steve\Documents\ecil finance tasks divisions.doc
2012-01-26 08:17 - 2012-01-26 08:17 - 0000162 ___AH C:\Users\Steve\Documents\~$il finance tasks divisions.doc
2012-01-26 08:16 - 2012-01-26 08:16 - 0000162 ___AH C:\Users\Steve\Documents\~$il finance tasks divisions.docx
2012-01-26 08:00 - 2012-01-26 00:21 - 0033280 ____A C:\Users\Steve\Documents\Ealing Centre for Independent Living Financed Procedures Jan 12.doc
2012-01-26 03:10 - 2012-01-26 03:10 - 0000000 ____D C:\Users\Steve\AppData\Local\{2DBDAF61-7A5F-498C-A9A2-9C31FCB79FBE}
2012-01-26 00:21 - 2012-01-26 00:21 - 0031232 ____H C:\Users\Steve\Documents\~WRL0003.tmp
2012-01-25 09:41 - 2012-01-25 05:51 - 0018017 ____A C:\Users\Steve\Documents\value life projections.xlsx
2012-01-25 02:48 - 2012-01-25 02:47 - 0000000 ____D C:\Users\Steve\AppData\Local\{C72E494D-D380-49B2-B643-BDA19CBFFD6A}
2012-01-24 22:38 - 2012-03-13 21:37 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 21:37 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 21:37 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-19 10:02 - 2012-01-19 10:02 - 0013779 ____A C:\Users\Steve\Documents\ecil finance tasks divisions.docx
2012-01-19 09:55 - 2012-01-19 09:55 - 0013941 ____A C:\Users\Steve\Documents\Ealing Centre for Independent Living too procedural.docx
2012-01-19 07:36 - 2012-01-19 07:36 - 0000000 ____D C:\Users\Steve\AppData\Local\{82CE53F3-7B8D-412A-82AE-BC5BC7488AFE}
2012-01-19 05:25 - 2012-01-19 04:27 - 0026624 ____A C:\Users\Steve\Documents\Ealing Centre for Independent Living finance procedures.doc
2012-01-19 03:46 - 2012-01-19 03:45 - 0000000 ____D C:\Users\Steve\AppData\Local\{A8D917C9-0593-47BA-9607-48A082963B31}
2012-01-18 11:06 - 2012-01-18 11:06 - 0000000 ____D C:\Users\Steve\AppData\Local\{693F61EC-C602-4826-B444-A72261AD8C75}
2012-01-18 11:05 - 2012-01-18 11:05 - 0000000 ____D C:\Users\Steve\AppData\Local\{B95F4F32-C69A-4B2D-A3DC-7D1819A30110}
2012-01-18 11:04 - 2012-01-18 11:04 - 0000000 ____D C:\Users\Steve\AppData\Local\{01AE411F-8EC2-44BB-B114-A05E7104D28C}
2012-01-15 13:23 - 2012-01-15 13:23 - 0000000 ____D C:\Users\Steve\AppData\Local\{459BA8AE-32AA-4399-9125-6453B666AEBD}
2012-01-15 13:23 - 2011-11-26 06:54 - 0000000 ____D C:\Users\Steve\AppData\Local\Windows Live
2012-01-15 13:22 - 2012-01-15 13:22 - 0000000 ____D C:\Users\Steve\AppData\Local\{A03AB6B8-C1E3-4C03-BCE3-5D60B96CE2AC}
2012-01-15 13:20 - 2012-01-15 13:20 - 0000000 ____D C:\Users\Steve\AppData\Local\{467298E7-C1E5-4B7D-AE55-B5635F22FF39}
2012-01-15 13:20 - 2012-01-15 13:20 - 0000000 ____D C:\Users\Steve\AppData\Local\{169722D9-6358-45C4-A6B5-1665DF2EE91D}
2012-01-15 13:19 - 2012-01-15 13:19 - 0000000 ____D C:\Users\Steve\AppData\Local\{997663B1-998A-4F29-9E6F-F68A43441C67}
2012-01-15 13:19 - 2012-01-15 13:19 - 0000000 ____D C:\Users\Steve\AppData\Local\{26A80EBB-7002-44E1-B33A-18D0CF13259D}
2012-01-15 13:15 - 2012-01-15 13:15 - 0000000 ____D C:\Users\Steve\AppData\Local\{2B504F1D-A532-4114-B43D-CEDD9DDA8429}
2012-01-15 13:12 - 2012-01-15 13:12 - 0000000 ____D C:\Users\Steve\AppData\Local\{E5C1F070-3C3A-43E8-86BE-7C7C06C80C59}
2012-01-15 12:36 - 2012-01-15 12:36 - 0000000 ____D C:\Users\Steve\AppData\Local\{23099B59-E76B-4B85-94B6-D1054BE18280}
2012-01-15 12:32 - 2012-01-15 12:32 - 0000000 ____D C:\Users\Steve\AppData\Local\{9B24EC72-166D-4354-9F31-CF870C22E535}
2012-01-15 12:30 - 2012-01-15 12:30 - 0000000 ____D C:\Users\Steve\AppData\Local\{D982BFB1-B5FF-4B11-A64B-DA3D2354156A}
2012-01-15 12:30 - 2012-01-15 12:30 - 0000000 ____D C:\Users\Steve\AppData\Local\{2603FC75-BB1F-4C8D-9297-575DE35B2F81}
2012-01-15 12:14 - 2012-01-15 12:13 - 0000000 ____D C:\Users\Steve\AppData\Local\{6F879534-B78D-443E-905D-69333687CE22}
2012-01-14 12:29 - 2012-01-14 12:25 - 81024589 ____A (SGWG, Inc. ) C:\Users\Steve\Downloads\setupDemoPoker.exe
2012-01-13 07:32 - 2012-01-13 07:32 - 3172856 ____A C:\Users\Steve\Downloads\advisorinstaller(1).exe
2012-01-13 07:32 - 2012-01-13 07:32 - 0002066 ____A C:\Users\Public\Desktop\Belarc Advisor.lnk
2012-01-13 07:32 - 2012-01-13 07:32 - 0000000 ____D C:\Program Files (x86)\Belarc
2012-01-13 07:31 - 2012-01-13 07:31 - 3172856 ____A C:\Users\Steve\Downloads\advisorinstaller.exe
2012-01-13 07:21 - 2012-01-13 07:21 - 0000000 ____D C:\Users\Steve\AppData\Local\{517A6EE1-98F3-44D4-8265-C10919615544}
2012-01-12 09:56 - 2011-12-28 10:21 - 0015903 ____A C:\Users\Steve\Documents\Ealing Centre for Independent Living toom bookings.docx
2012-01-12 01:47 - 2011-11-24 06:32 - 0065923 ____A C:\Users\Steve\Documents\mencap management structure.xlsx
2012-01-11 05:04 - 2011-11-06 11:01 - 0000000 ____D C:\Users\Steve\Documents\OneNote Notebooks
2012-01-05 10:27 - 2012-01-05 10:27 - 0000000 ____D C:\Users\Steve\AppData\Local\{3FC4AD9B-00D1-44BF-8507-6EFB8E1FD940}
2012-01-05 10:15 - 2012-01-05 10:14 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-01-05 10:14 - 2012-01-05 10:14 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-01-05 10:14 - 2012-01-05 10:14 - 0000000 ____D C:\Users\All Users\Skype
2012-01-05 10:14 - 2012-01-05 10:14 - 0000000 ____D C:\ProgramData\Skype
2012-01-05 10:13 - 2012-01-05 10:13 - 0980104 ____A (Skype Technologies S.A.) C:\Users\Steve\Downloads\SkypeSetup.exe
2012-01-04 02:44 - 2012-02-14 16:35 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-14 16:35 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-14 16:35 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-14 16:35 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2011-11-06 00:38] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation)

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 2813.64 MB
Available physical RAM: 2287.65 MB
Total Pagefile: 2811.79 MB
Available Pagefile: 2267.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:34.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Data) (Fixed) (Total:202.08 GB) (Free:200.05 GB) NTFS
4 Drive f: (USB DISK) (Removable) (Total:1.82 GB) (Free:1.8 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 1866 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 21 GB 31 KB
Partition 2 Primary 74 GB 21 GB
Partition 0 Extended 202 GB 96 GB
Partition 3 Logical 202 GB 96 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 74 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 202 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1862 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB DISK FAT Removable 1862 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-14 09:23

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:45 PM

Posted 01 April 2012 - 05:12 AM

Hello and :welcome: to the BC forums.

Please sit tight and be patient.

I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.

Thank you.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 spbcooperator

spbcooperator
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 01 April 2012 - 06:08 AM

ps

I used Webroot as a virus scanner, and my command prompt shows >X:/

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:45 AM

Posted 01 April 2012 - 11:07 AM

Duplicate post, FRST log moved to MRL, http://www.bleepingcomputer.com/forums/topic448374.html/page__p__2649734__fromsearch__1#entry2649734 .

To prevent confusion, this topic is now closed.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users