Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects


  • This topic is locked This topic is locked
16 replies to this topic

#1 Shadowchaser1138

Shadowchaser1138

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 20 May 2012 - 12:43 PM

Hello. I've been experiencing Google redirects off and on for the last few days. Have scanned with my antivirus (McAfee), Malwarebytes, and Spybot Search and Destroy, each multiple times. All of the scans have either had no effect at all, or only seemed to stop the redirects for a day or two before they started again. Most of the scans find nothing - occasionally one has found Trojan.Happili.

I have both Internet Explorer and Google Chrome installed. Initially I only saw the redirects in Explorer, but now I see them in Chrome as well. Since I don't use Chrome that much, and the problem has always been random and intermittant, I don't know if that's an actual change or I just didn't use Chrome long enough previously to see the problem. The infection does not try to block any scans or other software that I have noticed.

DDS log is below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by John at 12:07:05 on 2012-05-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.5883 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120425140334.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [CrashRpt] rundll32.exe "C:\Users\John\AppData\Local\Deployment\CrashRpt\zresadsc.dll",DllRegisterServer
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4CC65345-6556-4AFE-A81E-D1A454389512} : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{64C4ABA0-9825-4916-B07E-8749A488B066} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120425140334.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-27 13336]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-28 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-28 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-7-27 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-7-27 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-7-27 162192]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-27 673088]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-3-9 92592]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-28 249936]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 DraftSight API Service;DraftSight API Service;C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-1-24 78336]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-28 249936]
.
=============== Created Last 30 ================
.
2012-05-20 04:18:52 -------- d-----w- C:\Users\John\AppData\Local\{667A95F8-56EE-43B3-A2A7-C36350498630}
2012-05-20 04:18:36 -------- d-----w- C:\Users\John\AppData\Local\{17940A31-2B52-4D9B-96EB-3218088738EA}
2012-05-20 01:40:18 -------- d-----w- C:\Users\John\AppData\Local\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0}
2012-05-20 01:40:07 -------- d-----w- C:\Users\John\AppData\Local\{28ECB912-FB56-4A68-9716-5AD1C750FD74}
2012-05-19 18:47:36 -------- d-----w- C:\Users\John\AppData\Local\{A66F0417-A07A-467E-84AB-D2B8867F6F6E}
2012-05-19 18:47:25 -------- d-----w- C:\Users\John\AppData\Local\{2FC21730-80E0-4161-A690-AE21443D5979}
2012-05-19 18:42:57 -------- d-----w- C:\Users\John\AppData\Local\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7}
2012-05-19 18:42:37 -------- d-----w- C:\Users\John\AppData\Local\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88}
2012-05-19 03:27:23 -------- d-----w- C:\Users\John\AppData\Local\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6}
2012-05-19 03:27:10 -------- d-----w- C:\Users\John\AppData\Local\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A}
2012-05-19 00:06:53 -------- d-----w- C:\Users\John\AppData\Local\{C00D000A-161B-483B-8240-F9221B76DA1A}
2012-05-19 00:06:42 -------- d-----w- C:\Users\John\AppData\Local\{B1383185-06AD-4092-9A48-91240C2136BB}
2012-05-18 04:50:00 -------- d-----w- C:\Users\John\AppData\Local\{03762243-F766-4DC3-84A0-44E47E983E86}
2012-05-18 04:49:49 -------- d-----w- C:\Users\John\AppData\Local\{80726E4C-FD13-49DD-9865-A4022AF69E5F}
2012-05-18 04:09:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-18 04:09:13 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-17 23:49:44 -------- d-----w- C:\Users\John\AppData\Local\{C68FAA79-6D18-45B9-8773-D467CE4A7E76}
2012-05-17 23:49:32 -------- d-----w- C:\Users\John\AppData\Local\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1}
2012-05-17 02:03:49 -------- d-----w- C:\Users\John\AppData\Local\Dassault Systemes
2012-05-17 00:06:25 -------- d-----w- C:\Users\John\AppData\Local\{0BE8259B-A998-49EF-9661-95F4E4705254}
2012-05-17 00:06:13 -------- d-----w- C:\Users\John\AppData\Local\{45859203-D03E-4AD1-86D6-F23CC0E595B6}
2012-05-13 15:33:38 -------- d-----w- C:\Users\John\AppData\Local\{FA1A654A-8D23-4789-9D2B-B20631E0F023}
2012-05-13 15:33:15 -------- d-----w- C:\Users\John\AppData\Local\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653}
2012-05-13 15:11:01 -------- d-----w- C:\Users\John\AppData\Local\{8283340F-607E-4916-BC84-DAE0C47EFFDA}
2012-05-13 15:10:49 -------- d-----w- C:\Users\John\AppData\Local\{56244B7F-E5F4-47D0-912B-AECA75216A66}
2012-05-12 18:04:25 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 18:04:24 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 18:04:18 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 18:04:17 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 18:04:17 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 18:04:16 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 18:03:46 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 18:00:51 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 18:00:47 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 18:00:47 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 18:00:46 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 18:00:46 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 17:51:16 -------- d-----w- C:\Users\John\AppData\Local\{B8652C95-5100-4222-8B8D-21AE08984FCC}
2012-05-12 17:51:03 -------- d-----w- C:\Users\John\AppData\Local\{545CE56D-2264-4F7B-A520-1791A4E6AA35}
2012-05-12 17:36:55 -------- d-----w- C:\Users\John\AppData\Local\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A}
2012-05-12 17:36:43 -------- d-----w- C:\Users\John\AppData\Local\{5A642EBA-7033-4317-9703-AB899BC755C0}
2012-05-12 15:50:06 -------- d-----w- C:\Users\John\AppData\Local\{FD4D17D3-9926-4340-ADB0-AF176F36C584}
2012-05-12 15:49:54 -------- d-----w- C:\Users\John\AppData\Local\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1}
2012-05-12 15:44:31 -------- d-----w- C:\Users\John\AppData\Local\{4271411E-90D7-4646-BCA8-0A92AA25FA22}
2012-05-12 15:44:19 -------- d-----w- C:\Users\John\AppData\Local\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB}
2012-05-11 18:22:51 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 23:50:23 -------- d-----w- C:\Users\John\AppData\Local\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA}
2012-05-10 23:50:12 -------- d-----w- C:\Users\John\AppData\Local\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5}
2012-05-10 04:00:34 -------- d-----w- C:\Users\John\AppData\Local\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F}
2012-05-10 04:00:23 -------- d-----w- C:\Users\John\AppData\Local\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE}
2012-05-10 03:55:46 -------- d-----w- C:\Users\John\AppData\Local\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D}
2012-05-10 03:55:34 -------- d-----w- C:\Users\John\AppData\Local\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F}
2012-05-10 01:07:24 -------- d-----w- C:\Users\John\AppData\Local\{EC2B073B-5149-46B5-AF37-02E735B480D1}
2012-05-10 01:07:13 -------- d-----w- C:\Users\John\AppData\Local\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED}
2012-05-10 00:24:45 -------- d-----w- C:\Users\John\AppData\Local\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F}
2012-05-10 00:24:33 -------- d-----w- C:\Users\John\AppData\Local\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A}
2012-05-06 18:40:17 -------- d-----w- C:\Users\John\AppData\Local\{E89C2A08-1C02-4C0C-9811-368F3898BF7D}
2012-05-06 18:40:05 -------- d-----w- C:\Users\John\AppData\Local\{DE6EA7A2-B2F2-422C-82EE-32115FC40775}
2012-05-05 05:41:04 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 23:35:05 -------- d-----w- C:\Users\John\AppData\Local\{FE2AE774-B62F-44AE-8C2F-585843BFAF38}
2012-05-04 23:34:42 -------- d-----w- C:\Users\John\AppData\Local\{F6276667-BE0E-4728-9101-6BEDE53ADF7A}
2012-05-03 23:57:44 -------- d-----w- C:\Users\John\AppData\Local\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E}
2012-05-03 23:57:32 -------- d-----w- C:\Users\John\AppData\Local\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA}
2012-04-29 18:17:23 -------- d-----w- C:\Users\John\AppData\Local\{573D777F-383A-4DF0-8458-D893B74A6186}
2012-04-29 18:17:12 -------- d-----w- C:\Users\John\AppData\Local\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77}
2012-04-28 20:44:47 -------- d-----w- C:\Users\John\AppData\Local\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1}
2012-04-28 20:44:36 -------- d-----w- C:\Users\John\AppData\Local\{B42144E3-CECD-43EE-BFD7-05C26F227CD2}
2012-04-27 23:19:27 -------- d-----w- C:\Users\John\AppData\Local\{422CF318-A541-4001-B41C-A21669145589}
2012-04-27 23:19:05 -------- d-----w- C:\Users\John\AppData\Local\{D194DAC8-0029-4A7C-B25E-4079DC927C5E}
2012-04-26 23:27:36 -------- d-----w- C:\Users\John\AppData\Local\{457B37D3-3B77-4FA6-8111-315940875F71}
2012-04-26 23:27:25 -------- d-----w- C:\Users\John\AppData\Local\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD}
2012-04-25 00:03:03 -------- d-----w- C:\Users\John\AppData\Local\{425F7893-E933-4D1F-AFEE-E40F1A594C43}
2012-04-25 00:02:51 -------- d-----w- C:\Users\John\AppData\Local\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6}
2012-04-24 00:22:22 -------- d-----w- C:\Users\John\AppData\Local\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16}
2012-04-24 00:22:11 -------- d-----w- C:\Users\John\AppData\Local\{26BF71AD-94B4-4B28-B48A-8682FC29640C}
2012-04-21 16:02:30 -------- d-----w- C:\Users\John\AppData\Local\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D}
2012-04-21 16:02:18 -------- d-----w- C:\Users\John\AppData\Local\{7A42EC75-DD5F-4A51-8E98-15998884D128}
2012-04-21 00:03:52 -------- d-----w- C:\Users\John\AppData\Local\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660}
2012-04-21 00:03:41 -------- d-----w- C:\Users\John\AppData\Local\{94CFE4D8-C048-48C8-92DD-478ACE0370F6}
.
==================== Find3M ====================
.
2012-05-12 18:41:32 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-12 18:41:32 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-11 23:15:30 47616 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-22 18:29:46 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-02-22 18:29:46 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-02-22 18:29:46 647208 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-02-22 18:29:46 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-02-22 18:29:46 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-02-22 18:29:46 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-02-22 18:29:46 160792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-02-22 18:29:46 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-02-22 18:29:46 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
.
============= FINISH: 12:13:20.60 ===============


Thanks in advance for the help, this has been a very frustrating problem.

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 20 May 2012 - 06:48 PM

Hi,

Please do the following:


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 20 May 2012 - 07:53 PM

Thanks for getting back to me so quickly - posting on a Sunday, I wasn't really expecting any response until at least tomorrow.

Scanned using Farbar as instructed, log is below.

Scan result of Farbar Recovery Scan Tool Version: 19-05-2012
Ran by SYSTEM at 20-05-2012 19:42:26
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2306448 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\John\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\John\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\John\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-03-09] (TomTom)
HKU\John\...\Run: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-04] (Google Inc.)
HKU\John\...\Run: [CrashRpt] rundll32.exe "C:\Users\John\AppData\Local\Deployment\CrashRpt\zresadsc.dll",DllRegisterServer [472808 2012-05-19] (Sun Microsystems, Inc.)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-01-24] (Dassault Systèmes)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2009-10-02] (Intel Corporation)
2 LVPrcS64; "C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe" [197976 2010-05-07] (Logitech Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502032 2012-03-22] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-03-09] (TomTom)
3 RoxMediaDB10; "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [x]
2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
3 stllssvr; "c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 HCW85BDA; C:\Windows\System32\Drivers\HCW85BDA.sys [1705600 2009-09-11] (Hauppauge Computer Works)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 Point64; C:\Windows\System32\Drivers\Point64.sys [45456 2010-07-21] (Microsoft Corporation)
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
3 s125bus; C:\Windows\System32\Drivers\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
3 s125mdfl; C:\Windows\System32\Drivers\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation)
3 s125mdm; C:\Windows\System32\Drivers\s125mdm.sys [144648 2007-04-24] (MCCI Corporation)
3 s125mgmt; C:\Windows\System32\Drivers\s125mgmt.sys [126216 2007-04-24] (MCCI Corporation)
3 s125obex; C:\Windows\System32\Drivers\s125obex.sys [123656 2007-04-24] (MCCI Corporation)
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-20 19:42 - 2012-05-20 19:42 - 0000000 ____D C:\FRST
2012-05-20 19:34 - 2012-05-20 19:34 - 1393595 ____A C:\Users\John\Desktop\FRST64.exe
2012-05-20 18:57 - 2012-05-20 18:58 - 0002066 ____A C:\Users\John\Desktop\Instructions.txt
2012-05-20 12:16 - 2012-05-20 12:16 - 0008440 ____A C:\Users\John\Desktop\Attach.txt
2012-05-20 12:15 - 2012-05-20 12:15 - 0030036 ____A C:\Users\John\Desktop\DDS.txt
2012-05-20 12:05 - 2012-05-20 12:05 - 0607260 ____R (Swearware) C:\Users\John\Desktop\dds.scr
2012-05-19 23:26 - 2012-05-19 23:27 - 0129108 ____A C:\TDSSKiller.2.7.35.0_19.05.2012_23.26.39_log.txt
2012-05-19 23:25 - 2012-05-19 23:25 - 0003646 ____A C:\TDSSKiller.2.7.35.0_19.05.2012_23.25.39_log.txt
2012-05-19 23:23 - 2012-05-19 23:25 - 0129108 ____A C:\TDSSKiller.2.7.35.0_19.05.2012_23.23.40_log.txt
2012-05-19 23:18 - 2012-05-19 23:19 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{667A95F8-56EE-43B3-A2A7-C36350498630}
2012-05-19 23:18 - 2012-05-19 23:19 - 0000000 ____D C:\Users\John\Local Settings\{667A95F8-56EE-43B3-A2A7-C36350498630}
2012-05-19 23:18 - 2012-05-19 23:19 - 0000000 ____D C:\Users\John\AppData\Local\{667A95F8-56EE-43B3-A2A7-C36350498630}
2012-05-19 23:18 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{17940A31-2B52-4D9B-96EB-3218088738EA}
2012-05-19 23:18 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\Local Settings\{17940A31-2B52-4D9B-96EB-3218088738EA}
2012-05-19 23:18 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\AppData\Local\{17940A31-2B52-4D9B-96EB-3218088738EA}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{28ECB912-FB56-4A68-9716-5AD1C750FD74}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\{28ECB912-FB56-4A68-9716-5AD1C750FD74}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\AppData\Local\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\AppData\Local\{28ECB912-FB56-4A68-9716-5AD1C750FD74}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A66F0417-A07A-467E-84AB-D2B8867F6F6E}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{2FC21730-80E0-4161-A690-AE21443D5979}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\{A66F0417-A07A-467E-84AB-D2B8867F6F6E}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\{2FC21730-80E0-4161-A690-AE21443D5979}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\AppData\Local\{A66F0417-A07A-467E-84AB-D2B8867F6F6E}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\AppData\Local\{2FC21730-80E0-4161-A690-AE21443D5979}
2012-05-19 13:42 - 2012-05-19 13:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7}
2012-05-19 13:42 - 2012-05-19 13:43 - 0000000 ____D C:\Users\John\Local Settings\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7}
2012-05-19 13:42 - 2012-05-19 13:43 - 0000000 ____D C:\Users\John\AppData\Local\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7}
2012-05-19 13:42 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88}
2012-05-19 13:42 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\Local Settings\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88}
2012-05-19 13:42 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\AppData\Local\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\AppData\Local\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\AppData\Local\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A}
2012-05-18 19:06 - 2012-05-18 19:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C00D000A-161B-483B-8240-F9221B76DA1A}
2012-05-18 19:06 - 2012-05-18 19:07 - 0000000 ____D C:\Users\John\Local Settings\{C00D000A-161B-483B-8240-F9221B76DA1A}
2012-05-18 19:06 - 2012-05-18 19:07 - 0000000 ____D C:\Users\John\AppData\Local\{C00D000A-161B-483B-8240-F9221B76DA1A}
2012-05-18 19:06 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B1383185-06AD-4092-9A48-91240C2136BB}
2012-05-18 19:06 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\Local Settings\{B1383185-06AD-4092-9A48-91240C2136BB}
2012-05-18 19:06 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\AppData\Local\{B1383185-06AD-4092-9A48-91240C2136BB}
2012-05-17 23:50 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{03762243-F766-4DC3-84A0-44E47E983E86}
2012-05-17 23:50 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\Local Settings\{03762243-F766-4DC3-84A0-44E47E983E86}
2012-05-17 23:50 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\AppData\Local\{03762243-F766-4DC3-84A0-44E47E983E86}
2012-05-17 23:49 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{80726E4C-FD13-49DD-9865-A4022AF69E5F}
2012-05-17 23:49 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\Local Settings\{80726E4C-FD13-49DD-9865-A4022AF69E5F}
2012-05-17 23:49 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\AppData\Local\{80726E4C-FD13-49DD-9865-A4022AF69E5F}
2012-05-17 23:09 - 2012-05-17 23:31 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-17 23:09 - 2012-05-17 23:31 - 0000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-05-17 23:09 - 2012-05-17 23:31 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-17 23:09 - 2012-05-17 23:10 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-17 23:09 - 2012-05-17 23:09 - 0001264 ____A C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
2012-05-17 22:34 - 2012-05-17 22:38 - 0129108 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_22.34.25_log.txt
2012-05-17 22:25 - 2012-05-17 22:28 - 0129108 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_22.25.13_log.txt
2012-05-17 22:13 - 2012-05-17 22:19 - 0129108 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_22.13.29_log.txt
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C68FAA79-6D18-45B9-8773-D467CE4A7E76}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\{C68FAA79-6D18-45B9-8773-D467CE4A7E76}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\AppData\Local\{C68FAA79-6D18-45B9-8773-D467CE4A7E76}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\AppData\Local\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1}
2012-05-16 22:11 - 2012-05-18 22:26 - 0000000 ____D C:\Users\John\AppData\Local\Apps\Apple
2012-05-16 21:03 - 2012-05-16 21:03 - 0000000 ____D C:\Users\John\Local Settings\Dassault Systemes
2012-05-16 21:03 - 2012-05-16 21:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\Dassault Systemes
2012-05-16 21:03 - 2012-05-16 21:03 - 0000000 ____D C:\Users\John\AppData\Local\Dassault Systemes
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{45859203-D03E-4AD1-86D6-F23CC0E595B6}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0BE8259B-A998-49EF-9661-95F4E4705254}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\{45859203-D03E-4AD1-86D6-F23CC0E595B6}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\{0BE8259B-A998-49EF-9661-95F4E4705254}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\AppData\Local\{45859203-D03E-4AD1-86D6-F23CC0E595B6}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\AppData\Local\{0BE8259B-A998-49EF-9661-95F4E4705254}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FA1A654A-8D23-4789-9D2B-B20631E0F023}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\{FA1A654A-8D23-4789-9D2B-B20631E0F023}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\AppData\Local\{FA1A654A-8D23-4789-9D2B-B20631E0F023}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\AppData\Local\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653}
2012-05-13 10:11 - 2012-05-13 10:11 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8283340F-607E-4916-BC84-DAE0C47EFFDA}
2012-05-13 10:11 - 2012-05-13 10:11 - 0000000 ____D C:\Users\John\Local Settings\{8283340F-607E-4916-BC84-DAE0C47EFFDA}
2012-05-13 10:11 - 2012-05-13 10:11 - 0000000 ____D C:\Users\John\AppData\Local\{8283340F-607E-4916-BC84-DAE0C47EFFDA}
2012-05-13 10:10 - 2012-05-13 10:10 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{56244B7F-E5F4-47D0-912B-AECA75216A66}
2012-05-13 10:10 - 2012-05-13 10:10 - 0000000 ____D C:\Users\John\Local Settings\{56244B7F-E5F4-47D0-912B-AECA75216A66}
2012-05-13 10:10 - 2012-05-13 10:10 - 0000000 ____D C:\Users\John\AppData\Local\{56244B7F-E5F4-47D0-912B-AECA75216A66}
2012-05-12 13:04 - 2012-03-31 01:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 13:04 - 2012-03-30 23:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-12 13:04 - 2012-03-30 23:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-12 13:04 - 2012-03-30 22:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 13:04 - 2012-03-03 01:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 13:04 - 2012-03-03 00:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-12 13:03 - 2012-03-17 02:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-12 13:00 - 2012-03-30 06:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-12 12:58 - 2012-05-12 12:58 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B8652C95-5100-4222-8B8D-21AE08984FCC}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{545CE56D-2264-4F7B-A520-1791A4E6AA35}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\{B8652C95-5100-4222-8B8D-21AE08984FCC}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\{545CE56D-2264-4F7B-A520-1791A4E6AA35}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\AppData\Local\{B8652C95-5100-4222-8B8D-21AE08984FCC}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\AppData\Local\{545CE56D-2264-4F7B-A520-1791A4E6AA35}
2012-05-12 12:36 - 2012-05-12 12:37 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A}
2012-05-12 12:36 - 2012-05-12 12:37 - 0000000 ____D C:\Users\John\Local Settings\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A}
2012-05-12 12:36 - 2012-05-12 12:37 - 0000000 ____D C:\Users\John\AppData\Local\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A}
2012-05-12 12:36 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{5A642EBA-7033-4317-9703-AB899BC755C0}
2012-05-12 12:36 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\Local Settings\{5A642EBA-7033-4317-9703-AB899BC755C0}
2012-05-12 12:36 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\AppData\Local\{5A642EBA-7033-4317-9703-AB899BC755C0}
2012-05-12 10:50 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FD4D17D3-9926-4340-ADB0-AF176F36C584}
2012-05-12 10:50 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\Local Settings\{FD4D17D3-9926-4340-ADB0-AF176F36C584}
2012-05-12 10:50 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\AppData\Local\{FD4D17D3-9926-4340-ADB0-AF176F36C584}
2012-05-12 10:49 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1}
2012-05-12 10:49 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\Local Settings\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1}
2012-05-12 10:49 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\AppData\Local\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{4271411E-90D7-4646-BCA8-0A92AA25FA22}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\{4271411E-90D7-4646-BCA8-0A92AA25FA22}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\AppData\Local\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\AppData\Local\{4271411E-90D7-4646-BCA8-0A92AA25FA22}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\AppData\Local\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\AppData\Local\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\AppData\Local\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\AppData\Local\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\AppData\Local\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\AppData\Local\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D}
2012-05-09 21:18 - 2012-05-09 21:18 - 0010990 ____A C:\Users\John\My Documents\Route Comparison - Work to Home.xlsx
2012-05-09 21:18 - 2012-05-09 21:18 - 0010990 ____A C:\Users\John\Documents\Route Comparison - Work to Home.xlsx
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EC2B073B-5149-46B5-AF37-02E735B480D1}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\{EC2B073B-5149-46B5-AF37-02E735B480D1}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\AppData\Local\{EC2B073B-5149-46B5-AF37-02E735B480D1}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\AppData\Local\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED}
2012-05-09 19:24 - 2012-05-09 19:25 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F}
2012-05-09 19:24 - 2012-05-09 19:25 - 0000000 ____D C:\Users\John\Local Settings\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F}
2012-05-09 19:24 - 2012-05-09 19:25 - 0000000 ____D C:\Users\John\AppData\Local\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F}
2012-05-09 19:24 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A}
2012-05-09 19:24 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\Local Settings\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A}
2012-05-09 19:24 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\AppData\Local\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E89C2A08-1C02-4C0C-9811-368F3898BF7D}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{DE6EA7A2-B2F2-422C-82EE-32115FC40775}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\{E89C2A08-1C02-4C0C-9811-368F3898BF7D}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\{DE6EA7A2-B2F2-422C-82EE-32115FC40775}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\AppData\Local\{E89C2A08-1C02-4C0C-9811-368F3898BF7D}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\AppData\Local\{DE6EA7A2-B2F2-422C-82EE-32115FC40775}
2012-05-05 00:41 - 2012-05-12 13:41 - 8769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 18:35 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FE2AE774-B62F-44AE-8C2F-585843BFAF38}
2012-05-04 18:35 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\Local Settings\{FE2AE774-B62F-44AE-8C2F-585843BFAF38}
2012-05-04 18:35 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\AppData\Local\{FE2AE774-B62F-44AE-8C2F-585843BFAF38}
2012-05-04 18:34 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F6276667-BE0E-4728-9101-6BEDE53ADF7A}
2012-05-04 18:34 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\Local Settings\{F6276667-BE0E-4728-9101-6BEDE53ADF7A}
2012-05-04 18:34 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\AppData\Local\{F6276667-BE0E-4728-9101-6BEDE53ADF7A}
2012-05-03 18:57 - 2012-05-03 18:58 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E}
2012-05-03 18:57 - 2012-05-03 18:58 - 0000000 ____D C:\Users\John\Local Settings\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E}
2012-05-03 18:57 - 2012-05-03 18:58 - 0000000 ____D C:\Users\John\AppData\Local\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E}
2012-05-03 18:57 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA}
2012-05-03 18:57 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\Local Settings\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA}
2012-05-03 18:57 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\AppData\Local\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{573D777F-383A-4DF0-8458-D893B74A6186}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\{573D777F-383A-4DF0-8458-D893B74A6186}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\AppData\Local\{573D777F-383A-4DF0-8458-D893B74A6186}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\AppData\Local\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B42144E3-CECD-43EE-BFD7-05C26F227CD2}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\{B42144E3-CECD-43EE-BFD7-05C26F227CD2}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\AppData\Local\{B42144E3-CECD-43EE-BFD7-05C26F227CD2}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\AppData\Local\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1}
2012-04-28 14:51 - 2012-04-28 15:00 - 202441724 ____A C:\Users\John\Downloads\teen_bleep.wmv
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{D194DAC8-0029-4A7C-B25E-4079DC927C5E}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{422CF318-A541-4001-B41C-A21669145589}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\{D194DAC8-0029-4A7C-B25E-4079DC927C5E}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\{422CF318-A541-4001-B41C-A21669145589}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\AppData\Local\{D194DAC8-0029-4A7C-B25E-4079DC927C5E}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\AppData\Local\{422CF318-A541-4001-B41C-A21669145589}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{457B37D3-3B77-4FA6-8111-315940875F71}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\{457B37D3-3B77-4FA6-8111-315940875F71}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\AppData\Local\{457B37D3-3B77-4FA6-8111-315940875F71}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\AppData\Local\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD}
2012-04-24 19:03 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{425F7893-E933-4D1F-AFEE-E40F1A594C43}
2012-04-24 19:03 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\Local Settings\{425F7893-E933-4D1F-AFEE-E40F1A594C43}
2012-04-24 19:03 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\AppData\Local\{425F7893-E933-4D1F-AFEE-E40F1A594C43}
2012-04-24 19:02 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6}
2012-04-24 19:02 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\Local Settings\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6}
2012-04-24 19:02 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\AppData\Local\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{26BF71AD-94B4-4B28-B48A-8682FC29640C}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\{26BF71AD-94B4-4B28-B48A-8682FC29640C}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\AppData\Local\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\AppData\Local\{26BF71AD-94B4-4B28-B48A-8682FC29640C}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7A42EC75-DD5F-4A51-8E98-15998884D128}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\{7A42EC75-DD5F-4A51-8E98-15998884D128}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\AppData\Local\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\AppData\Local\{7A42EC75-DD5F-4A51-8E98-15998884D128}
2012-04-20 19:03 - 2012-04-20 19:04 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660}
2012-04-20 19:03 - 2012-04-20 19:04 - 0000000 ____D C:\Users\John\Local Settings\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660}
2012-04-20 19:03 - 2012-04-20 19:04 - 0000000 ____D C:\Users\John\AppData\Local\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660}
2012-04-20 19:03 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{94CFE4D8-C048-48C8-92DD-478ACE0370F6}
2012-04-20 19:03 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\Local Settings\{94CFE4D8-C048-48C8-92DD-478ACE0370F6}
2012-04-20 19:03 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\AppData\Local\{94CFE4D8-C048-48C8-92DD-478ACE0370F6}

============ 3 Months Modified Files and Folders =============

2012-05-20 19:42 - 2012-05-20 19:42 - 0000000 ____D C:\FRST
2012-05-20 19:37 - 2009-07-14 00:10 - 1838161 ____A C:\Windows\WindowsUpdate.log
2012-05-20 19:36 - 2009-07-14 00:13 - 0730512 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-20 19:35 - 2009-07-13 23:51 - 0059118 ____A C:\Windows\setupact.log
2012-05-20 19:34 - 2012-05-20 19:34 - 1393595 ____A C:\Users\John\Desktop\FRST64.exe
2012-05-20 19:33 - 2010-08-08 21:07 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-05-20 19:13 - 2012-01-04 21:03 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1406567025-3271937370-2143371598-1000UA.job
2012-05-20 19:13 - 2012-01-04 21:03 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1406567025-3271937370-2143371598-1000Core.job
2012-05-20 18:58 - 2012-05-20 18:57 - 0002066 ____A C:\Users\John\Desktop\Instructions.txt
2012-05-20 18:41 - 2012-04-05 20:34 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-20 15:10 - 2012-04-17 15:03 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-05-20 15:10 - 2010-08-08 21:07 - 0031557 ____A C:\Windows\System32\lvcoinst.log
2012-05-20 12:16 - 2012-05-20 12:16 - 0008440 ____A C:\Users\John\Desktop\Attach.txt
2012-05-20 12:15 - 2012-05-20 12:15 - 0030036 ____A C:\Users\John\Desktop\DDS.txt
2012-05-20 12:05 - 2012-05-20 12:05 - 0607260 ____R (Swearware) C:\Users\John\Desktop\dds.scr
2012-05-20 11:52 - 2010-08-03 21:28 - 0000000 ____D C:\Users\John\My Documents\Outlook Files
2012-05-20 11:52 - 2010-08-03 21:28 - 0000000 ____D C:\Users\John\Documents\Outlook Files
2012-05-20 11:10 - 2010-07-27 17:19 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-05-20 10:31 - 2009-07-14 02:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-19 23:57 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2012-05-19 23:27 - 2012-05-19 23:26 - 0129108 ____A C:\TDSSKiller.2.7.35.0_19.05.2012_23.26.39_log.txt
2012-05-19 23:25 - 2012-05-19 23:25 - 0003646 ____A C:\TDSSKiller.2.7.35.0_19.05.2012_23.25.39_log.txt
2012-05-19 23:25 - 2012-05-19 23:23 - 0129108 ____A C:\TDSSKiller.2.7.35.0_19.05.2012_23.23.40_log.txt
2012-05-19 23:24 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-19 23:24 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-19 23:19 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{667A95F8-56EE-43B3-A2A7-C36350498630}
2012-05-19 23:19 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\Local Settings\{667A95F8-56EE-43B3-A2A7-C36350498630}
2012-05-19 23:19 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\AppData\Local\{667A95F8-56EE-43B3-A2A7-C36350498630}
2012-05-19 23:18 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{17940A31-2B52-4D9B-96EB-3218088738EA}
2012-05-19 23:18 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\Local Settings\{17940A31-2B52-4D9B-96EB-3218088738EA}
2012-05-19 23:18 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\AppData\Local\{17940A31-2B52-4D9B-96EB-3218088738EA}
2012-05-19 23:17 - 2010-08-11 22:20 - 0000000 ____D C:\Windows\SysWOW64\logishrd
2012-05-19 23:17 - 2010-08-11 22:20 - 0000000 ____D C:\Windows\System32\logishrd
2012-05-19 23:17 - 2010-08-02 19:56 - 0000000 ____D C:\Users\John\Tracing
2012-05-19 23:17 - 2010-08-02 18:39 - 0000000 ____D C:\Users\John\Local Settings\SoftThinks
2012-05-19 23:17 - 2010-08-02 18:39 - 0000000 ____D C:\Users\John\Local Settings\Application Data\SoftThinks
2012-05-19 23:17 - 2010-08-02 18:39 - 0000000 ____D C:\Users\John\AppData\Local\SoftThinks
2012-05-19 23:17 - 2010-07-27 19:00 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-05-19 23:17 - 2010-07-27 19:00 - 0000000 ____D C:\Users\All Users\Application Data\NVIDIA
2012-05-19 23:17 - 2010-07-27 19:00 - 0000000 ____D C:\ProgramData\NVIDIA
2012-05-19 23:17 - 2010-07-27 18:59 - 2115301376 __ASH C:\hiberfil.sys
2012-05-19 23:17 - 2010-07-27 18:59 - 0076836 ____A C:\Windows\PFRO.log
2012-05-19 23:17 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{28ECB912-FB56-4A68-9716-5AD1C750FD74}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\{28ECB912-FB56-4A68-9716-5AD1C750FD74}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\AppData\Local\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\AppData\Local\{28ECB912-FB56-4A68-9716-5AD1C750FD74}
2012-05-19 20:15 - 2012-01-04 21:03 - 0000000 ____D C:\Users\John\Local Settings\Deployment
2012-05-19 20:15 - 2012-01-04 21:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\Deployment
2012-05-19 20:15 - 2012-01-04 21:03 - 0000000 ____D C:\Users\John\AppData\Local\Deployment
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A66F0417-A07A-467E-84AB-D2B8867F6F6E}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{2FC21730-80E0-4161-A690-AE21443D5979}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\{A66F0417-A07A-467E-84AB-D2B8867F6F6E}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\{2FC21730-80E0-4161-A690-AE21443D5979}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\AppData\Local\{A66F0417-A07A-467E-84AB-D2B8867F6F6E}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\AppData\Local\{2FC21730-80E0-4161-A690-AE21443D5979}
2012-05-19 13:43 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7}
2012-05-19 13:43 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\Local Settings\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7}
2012-05-19 13:43 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\AppData\Local\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7}
2012-05-19 13:42 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88}
2012-05-19 13:42 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\Local Settings\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88}
2012-05-19 13:42 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\AppData\Local\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\AppData\Local\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\AppData\Local\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A}
2012-05-18 22:26 - 2012-05-16 22:11 - 0000000 ____D C:\Users\John\AppData\Local\Apps\Apple
2012-05-18 19:07 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C00D000A-161B-483B-8240-F9221B76DA1A}
2012-05-18 19:07 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\Local Settings\{C00D000A-161B-483B-8240-F9221B76DA1A}
2012-05-18 19:07 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\AppData\Local\{C00D000A-161B-483B-8240-F9221B76DA1A}
2012-05-18 19:06 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B1383185-06AD-4092-9A48-91240C2136BB}
2012-05-18 19:06 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\Local Settings\{B1383185-06AD-4092-9A48-91240C2136BB}
2012-05-18 19:06 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\AppData\Local\{B1383185-06AD-4092-9A48-91240C2136BB}
2012-05-17 23:50 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{03762243-F766-4DC3-84A0-44E47E983E86}
2012-05-17 23:50 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\Local Settings\{03762243-F766-4DC3-84A0-44E47E983E86}
2012-05-17 23:50 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\AppData\Local\{03762243-F766-4DC3-84A0-44E47E983E86}
2012-05-17 23:50 - 2012-05-17 23:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{80726E4C-FD13-49DD-9865-A4022AF69E5F}
2012-05-17 23:50 - 2012-05-17 23:49 - 0000000 ____D C:\Users\John\Local Settings\{80726E4C-FD13-49DD-9865-A4022AF69E5F}
2012-05-17 23:50 - 2012-05-17 23:49 - 0000000 ____D C:\Users\John\AppData\Local\{80726E4C-FD13-49DD-9865-A4022AF69E5F}
2012-05-17 23:31 - 2012-05-17 23:09 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-17 23:31 - 2012-05-17 23:09 - 0000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-05-17 23:31 - 2012-05-17 23:09 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-17 23:10 - 2012-05-17 23:09 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-17 23:09 - 2012-05-17 23:09 - 0001264 ____A C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
2012-05-17 22:38 - 2012-05-17 22:34 - 0129108 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_22.34.25_log.txt
2012-05-17 22:28 - 2012-05-17 22:25 - 0129108 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_22.25.13_log.txt
2012-05-17 22:19 - 2012-05-17 22:13 - 0129108 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_22.13.29_log.txt
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C68FAA79-6D18-45B9-8773-D467CE4A7E76}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\{C68FAA79-6D18-45B9-8773-D467CE4A7E76}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\AppData\Local\{C68FAA79-6D18-45B9-8773-D467CE4A7E76}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\AppData\Local\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1}
2012-05-16 21:03 - 2012-05-16 21:03 - 0000000 ____D C:\Users\John\Local Settings\Dassault Systemes
2012-05-16 21:03 - 2012-05-16 21:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\Dassault Systemes
2012-05-16 21:03 - 2012-05-16 21:03 - 0000000 ____D C:\Users\John\AppData\Local\Dassault Systemes
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{45859203-D03E-4AD1-86D6-F23CC0E595B6}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0BE8259B-A998-49EF-9661-95F4E4705254}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\{45859203-D03E-4AD1-86D6-F23CC0E595B6}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\{0BE8259B-A998-49EF-9661-95F4E4705254}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\AppData\Local\{45859203-D03E-4AD1-86D6-F23CC0E595B6}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\AppData\Local\{0BE8259B-A998-49EF-9661-95F4E4705254}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FA1A654A-8D23-4789-9D2B-B20631E0F023}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\{FA1A654A-8D23-4789-9D2B-B20631E0F023}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\AppData\Local\{FA1A654A-8D23-4789-9D2B-B20631E0F023}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\AppData\Local\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653}
2012-05-13 10:11 - 2012-05-13 10:11 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8283340F-607E-4916-BC84-DAE0C47EFFDA}
2012-05-13 10:11 - 2012-05-13 10:11 - 0000000 ____D C:\Users\John\Local Settings\{8283340F-607E-4916-BC84-DAE0C47EFFDA}
2012-05-13 10:11 - 2012-05-13 10:11 - 0000000 ____D C:\Users\John\AppData\Local\{8283340F-607E-4916-BC84-DAE0C47EFFDA}
2012-05-13 10:10 - 2012-05-13 10:10 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{56244B7F-E5F4-47D0-912B-AECA75216A66}
2012-05-13 10:10 - 2012-05-13 10:10 - 0000000 ____D C:\Users\John\Local Settings\{56244B7F-E5F4-47D0-912B-AECA75216A66}
2012-05-13 10:10 - 2012-05-13 10:10 - 0000000 ____D C:\Users\John\AppData\Local\{56244B7F-E5F4-47D0-912B-AECA75216A66}
2012-05-13 03:26 - 2012-04-17 15:03 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-05-13 03:26 - 2009-07-13 23:45 - 0457168 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-13 03:25 - 2010-07-27 17:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 03:07 - 2010-08-03 20:51 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-13 03:07 - 2010-08-03 20:51 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-05-13 03:07 - 2010-08-03 20:51 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-13 03:07 - 2010-08-02 19:44 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-13 03:01 - 2009-07-14 02:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-12 13:41 - 2012-05-05 00:41 - 8769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-12 13:41 - 2012-04-05 20:34 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-12 13:41 - 2011-06-09 18:18 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-12 12:58 - 2012-05-12 12:58 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-12 12:55 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B8652C95-5100-4222-8B8D-21AE08984FCC}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{545CE56D-2264-4F7B-A520-1791A4E6AA35}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\{B8652C95-5100-4222-8B8D-21AE08984FCC}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\{545CE56D-2264-4F7B-A520-1791A4E6AA35}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\AppData\Local\{B8652C95-5100-4222-8B8D-21AE08984FCC}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\AppData\Local\{545CE56D-2264-4F7B-A520-1791A4E6AA35}
2012-05-12 12:50 - 2010-08-02 18:39 - 0000000 ____D C:\users\John
2012-05-12 12:48 - 2012-03-11 18:15 - 0000000 ____D C:\Users\All Users\pdf995
2012-05-12 12:48 - 2012-03-11 18:15 - 0000000 ____D C:\Users\All Users\Application Data\pdf995
2012-05-12 12:48 - 2012-03-11 18:15 - 0000000 ____D C:\ProgramData\pdf995
2012-05-12 12:48 - 2011-11-30 23:53 - 0000000 ____D C:\Windows\System32\Macromed
2012-05-12 12:48 - 2010-07-27 17:14 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-05-12 12:48 - 2009-07-14 02:45 - 0000000 ____D C:\Windows\ShellNew
2012-05-12 12:48 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-12 12:43 - 2010-08-03 20:51 - 0000000 __RHD C:\MSOCache
2012-05-12 12:37 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A}
2012-05-12 12:37 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\Local Settings\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A}
2012-05-12 12:37 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\AppData\Local\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A}
2012-05-12 12:36 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{5A642EBA-7033-4317-9703-AB899BC755C0}
2012-05-12 12:36 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\Local Settings\{5A642EBA-7033-4317-9703-AB899BC755C0}
2012-05-12 12:36 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\AppData\Local\{5A642EBA-7033-4317-9703-AB899BC755C0}
2012-05-12 10:50 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FD4D17D3-9926-4340-ADB0-AF176F36C584}
2012-05-12 10:50 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\Local Settings\{FD4D17D3-9926-4340-ADB0-AF176F36C584}
2012-05-12 10:50 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\AppData\Local\{FD4D17D3-9926-4340-ADB0-AF176F36C584}
2012-05-12 10:50 - 2012-05-12 10:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1}
2012-05-12 10:50 - 2012-05-12 10:49 - 0000000 ____D C:\Users\John\Local Settings\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1}
2012-05-12 10:50 - 2012-05-12 10:49 - 0000000 ____D C:\Users\John\AppData\Local\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{4271411E-90D7-4646-BCA8-0A92AA25FA22}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\{4271411E-90D7-4646-BCA8-0A92AA25FA22}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\AppData\Local\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\AppData\Local\{4271411E-90D7-4646-BCA8-0A92AA25FA22}
2012-05-10 22:59 - 2010-08-02 19:59 - 0000000 ____D C:\Users\John\Local Settings\Application Data\Apple
2012-05-10 22:59 - 2010-08-02 19:59 - 0000000 ____D C:\Users\John\Local Settings\Apple
2012-05-10 22:59 - 2010-08-02 19:59 - 0000000 ____D C:\Users\John\AppData\Local\Apple
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\AppData\Local\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\AppData\Local\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\AppData\Local\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\AppData\Local\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\AppData\Local\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\AppData\Local\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D}
2012-05-09 21:18 - 2012-05-09 21:18 - 0010990 ____A C:\Users\John\My Documents\Route Comparison - Work to Home.xlsx
2012-05-09 21:18 - 2012-05-09 21:18 - 0010990 ____A C:\Users\John\Documents\Route Comparison - Work to Home.xlsx
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EC2B073B-5149-46B5-AF37-02E735B480D1}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\{EC2B073B-5149-46B5-AF37-02E735B480D1}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\AppData\Local\{EC2B073B-5149-46B5-AF37-02E735B480D1}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\AppData\Local\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED}
2012-05-09 19:25 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F}
2012-05-09 19:25 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\Local Settings\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F}
2012-05-09 19:25 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\AppData\Local\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F}
2012-05-09 19:24 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A}
2012-05-09 19:24 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\Local Settings\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A}
2012-05-09 19:24 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\AppData\Local\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A}
2012-05-06 23:50 - 2011-03-26 21:33 - 0000000 ____D C:\Users\John\Local Settings\CrashRpt
2012-05-06 23:50 - 2011-03-26 21:33 - 0000000 ____D C:\Users\John\Local Settings\Application Data\CrashRpt
2012-05-06 23:50 - 2011-03-26 21:33 - 0000000 ____D C:\Users\John\AppData\Local\CrashRpt
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E89C2A08-1C02-4C0C-9811-368F3898BF7D}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{DE6EA7A2-B2F2-422C-82EE-32115FC40775}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\{E89C2A08-1C02-4C0C-9811-368F3898BF7D}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\{DE6EA7A2-B2F2-422C-82EE-32115FC40775}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\AppData\Local\{E89C2A08-1C02-4C0C-9811-368F3898BF7D}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\AppData\Local\{DE6EA7A2-B2F2-422C-82EE-32115FC40775}
2012-05-04 18:35 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FE2AE774-B62F-44AE-8C2F-585843BFAF38}
2012-05-04 18:35 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\Local Settings\{FE2AE774-B62F-44AE-8C2F-585843BFAF38}
2012-05-04 18:35 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\AppData\Local\{FE2AE774-B62F-44AE-8C2F-585843BFAF38}
2012-05-04 18:35 - 2012-05-04 18:34 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F6276667-BE0E-4728-9101-6BEDE53ADF7A}
2012-05-04 18:35 - 2012-05-04 18:34 - 0000000 ____D C:\Users\John\Local Settings\{F6276667-BE0E-4728-9101-6BEDE53ADF7A}
2012-05-04 18:35 - 2012-05-04 18:34 - 0000000 ____D C:\Users\John\AppData\Local\{F6276667-BE0E-4728-9101-6BEDE53ADF7A}
2012-05-03 18:58 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E}
2012-05-03 18:58 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\Local Settings\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E}
2012-05-03 18:58 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\AppData\Local\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E}
2012-05-03 18:57 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA}
2012-05-03 18:57 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\Local Settings\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA}
2012-05-03 18:57 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\AppData\Local\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{573D777F-383A-4DF0-8458-D893B74A6186}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\{573D777F-383A-4DF0-8458-D893B74A6186}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\AppData\Local\{573D777F-383A-4DF0-8458-D893B74A6186}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\AppData\Local\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B42144E3-CECD-43EE-BFD7-05C26F227CD2}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\{B42144E3-CECD-43EE-BFD7-05C26F227CD2}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\AppData\Local\{B42144E3-CECD-43EE-BFD7-05C26F227CD2}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\AppData\Local\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1}
2012-04-28 15:00 - 2012-04-28 14:51 - 202441724 ____A C:\Users\John\Downloads\teen_bleep.wmv
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{D194DAC8-0029-4A7C-B25E-4079DC927C5E}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{422CF318-A541-4001-B41C-A21669145589}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\{D194DAC8-0029-4A7C-B25E-4079DC927C5E}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\{422CF318-A541-4001-B41C-A21669145589}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\AppData\Local\{D194DAC8-0029-4A7C-B25E-4079DC927C5E}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\AppData\Local\{422CF318-A541-4001-B41C-A21669145589}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{457B37D3-3B77-4FA6-8111-315940875F71}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\{457B37D3-3B77-4FA6-8111-315940875F71}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\AppData\Local\{457B37D3-3B77-4FA6-8111-315940875F71}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\AppData\Local\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD}
2012-04-24 19:03 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{425F7893-E933-4D1F-AFEE-E40F1A594C43}
2012-04-24 19:03 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\Local Settings\{425F7893-E933-4D1F-AFEE-E40F1A594C43}
2012-04-24 19:03 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\AppData\Local\{425F7893-E933-4D1F-AFEE-E40F1A594C43}
2012-04-24 19:03 - 2012-04-24 19:02 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6}
2012-04-24 19:03 - 2012-04-24 19:02 - 0000000 ____D C:\Users\John\Local Settings\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6}
2012-04-24 19:03 - 2012-04-24 19:02 - 0000000 ____D C:\Users\John\AppData\Local\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{26BF71AD-94B4-4B28-B48A-8682FC29640C}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\{26BF71AD-94B4-4B28-B48A-8682FC29640C}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\AppData\Local\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\AppData\Local\{26BF71AD-94B4-4B28-B48A-8682FC29640C}
2012-04-22 17:05 - 2011-12-08 22:35 - 0001298 ____A C:\Users\John\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-04-22 17:05 - 2011-12-08 22:35 - 0001298 ____A C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7A42EC75-DD5F-4A51-8E98-15998884D128}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\{7A42EC75-DD5F-4A51-8E98-15998884D128}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\AppData\Local\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\AppData\Local\{7A42EC75-DD5F-4A51-8E98-15998884D128}
2012-04-20 19:04 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660}
2012-04-20 19:04 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\Local Settings\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660}
2012-04-20 19:04 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\AppData\Local\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660}
2012-04-20 19:03 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{94CFE4D8-C048-48C8-92DD-478ACE0370F6}
2012-04-20 19:03 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\Local Settings\{94CFE4D8-C048-48C8-92DD-478ACE0370F6}
2012-04-20 19:03 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\AppData\Local\{94CFE4D8-C048-48C8-92DD-478ACE0370F6}
2012-04-19 19:45 - 2012-04-19 19:45 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6ACD1D2A-FE9A-4B05-92A1-00F0D0E846D1}
2012-04-19 19:45 - 2012-04-19 19:45 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{622D9FC2-CE57-4410-833A-0C60515548A2}
2012-04-19 19:45 - 2012-04-19 19:45 - 0000000 ____D C:\Users\John\Local Settings\{6ACD1D2A-FE9A-4B05-92A1-00F0D0E846D1}
2012-04-19 19:45 - 2012-04-19 19:45 - 0000000 ____D C:\Users\John\Local Settings\{622D9FC2-CE57-4410-833A-0C60515548A2}
2012-04-19 19:45 - 2012-04-19 19:45 - 0000000 ____D C:\Users\John\AppData\Local\{6ACD1D2A-FE9A-4B05-92A1-00F0D0E846D1}
2012-04-19 19:45 - 2012-04-19 19:45 - 0000000 ____D C:\Users\John\AppData\Local\{622D9FC2-CE57-4410-833A-0C60515548A2}
2012-04-18 19:20 - 2012-04-18 19:20 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B9D6357F-35A3-4563-83E8-C6A5F89CD5B5}
2012-04-18 19:20 - 2012-04-18 19:20 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{5A4721EC-63BE-4B8B-8418-DDF120A0C6BC}
2012-04-18 19:20 - 2012-04-18 19:20 - 0000000 ____D C:\Users\John\Local Settings\{B9D6357F-35A3-4563-83E8-C6A5F89CD5B5}
2012-04-18 19:20 - 2012-04-18 19:20 - 0000000 ____D C:\Users\John\Local Settings\{5A4721EC-63BE-4B8B-8418-DDF120A0C6BC}
2012-04-18 19:20 - 2012-04-18 19:20 - 0000000 ____D C:\Users\John\AppData\Local\{B9D6357F-35A3-4563-83E8-C6A5F89CD5B5}
2012-04-18 19:20 - 2012-04-18 19:20 - 0000000 ____D C:\Users\John\AppData\Local\{5A4721EC-63BE-4B8B-8418-DDF120A0C6BC}
2012-04-17 19:12 - 2012-04-17 19:12 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{27E9CDC7-7CB3-4732-89BF-F7A155F05E47}
2012-04-17 19:12 - 2012-04-17 19:12 - 0000000 ____D C:\Users\John\Local Settings\{27E9CDC7-7CB3-4732-89BF-F7A155F05E47}
2012-04-17 19:12 - 2012-04-17 19:12 - 0000000 ____D C:\Users\John\AppData\Local\{27E9CDC7-7CB3-4732-89BF-F7A155F05E47}
2012-04-17 19:12 - 2012-04-17 19:11 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{DDDDDBCA-FB64-4792-A62C-8E32F3824624}
2012-04-17 19:12 - 2012-04-17 19:11 - 0000000 ____D C:\Users\John\Local Settings\{DDDDDBCA-FB64-4792-A62C-8E32F3824624}
2012-04-17 19:12 - 2012-04-17 19:11 - 0000000 ____D C:\Users\John\AppData\Local\{DDDDDBCA-FB64-4792-A62C-8E32F3824624}
2012-04-17 15:03 - 2011-05-30 12:06 - 0000000 ____D C:\Program Files\Dell Support Center
2012-04-17 15:03 - 2010-07-27 17:31 - 0000000 ____D C:\Users\All Users\Dell
2012-04-17 15:03 - 2010-07-27 17:31 - 0000000 ____D C:\Users\All Users\Application Data\Dell
2012-04-17 15:03 - 2010-07-27 17:31 - 0000000 ____D C:\ProgramData\Dell
2012-04-16 19:08 - 2012-04-16 19:08 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A693D566-ADD2-462A-8025-25A4D74B13C3}
2012-04-16 19:08 - 2012-04-16 19:08 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{66E5A081-5DEF-4DF0-99F2-4FE0A24E7795}
2012-04-16 19:08 - 2012-04-16 19:08 - 0000000 ____D C:\Users\John\Local Settings\{A693D566-ADD2-462A-8025-25A4D74B13C3}
2012-04-16 19:08 - 2012-04-16 19:08 - 0000000 ____D C:\Users\John\Local Settings\{66E5A081-5DEF-4DF0-99F2-4FE0A24E7795}
2012-04-16 19:08 - 2012-04-16 19:08 - 0000000 ____D C:\Users\John\AppData\Local\{A693D566-ADD2-462A-8025-25A4D74B13C3}
2012-04-16 19:08 - 2012-04-16 19:08 - 0000000 ____D C:\Users\John\AppData\Local\{66E5A081-5DEF-4DF0-99F2-4FE0A24E7795}
2012-04-15 16:41 - 2012-04-15 16:41 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{DC2C5AC6-92D4-4E26-8F3E-32368B76774E}
2012-04-15 16:41 - 2012-04-15 16:41 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{D08A4E23-B998-4B1D-A568-CBB690F196A2}
2012-04-15 16:41 - 2012-04-15 16:41 - 0000000 ____D C:\Users\John\Local Settings\{DC2C5AC6-92D4-4E26-8F3E-32368B76774E}
2012-04-15 16:41 - 2012-04-15 16:41 - 0000000 ____D C:\Users\John\Local Settings\{D08A4E23-B998-4B1D-A568-CBB690F196A2}
2012-04-15 16:41 - 2012-04-15 16:41 - 0000000 ____D C:\Users\John\AppData\Local\{DC2C5AC6-92D4-4E26-8F3E-32368B76774E}
2012-04-15 16:41 - 2012-04-15 16:41 - 0000000 ____D C:\Users\John\AppData\Local\{D08A4E23-B998-4B1D-A568-CBB690F196A2}
2012-04-15 12:50 - 2012-04-15 12:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{859222C0-5DCC-4509-99D3-0524BFDCF84C}
2012-04-15 12:50 - 2012-04-15 12:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6B46E13A-C4F3-4E38-9473-90D91BB8FE77}
2012-04-15 12:50 - 2012-04-15 12:50 - 0000000 ____D C:\Users\John\Local Settings\{859222C0-5DCC-4509-99D3-0524BFDCF84C}
2012-04-15 12:50 - 2012-04-15 12:50 - 0000000 ____D C:\Users\John\Local Settings\{6B46E13A-C4F3-4E38-9473-90D91BB8FE77}
2012-04-15 12:50 - 2012-04-15 12:50 - 0000000 ____D C:\Users\John\AppData\Local\{859222C0-5DCC-4509-99D3-0524BFDCF84C}
2012-04-15 12:50 - 2012-04-15 12:50 - 0000000 ____D C:\Users\John\AppData\Local\{6B46E13A-C4F3-4E38-9473-90D91BB8FE77}
2012-04-15 09:50 - 2012-04-15 09:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A4791920-F2F2-40B4-B88B-FE8B3C0ECD91}
2012-04-15 09:50 - 2012-04-15 09:49 - 0000000 ____D C:\Users\John\Local Settings\{A4791920-F2F2-40B4-B88B-FE8B3C0ECD91}
2012-04-15 09:50 - 2012-04-15 09:49 - 0000000 ____D C:\Users\John\AppData\Local\{A4791920-F2F2-40B4-B88B-FE8B3C0ECD91}
2012-04-15 09:49 - 2012-04-15 09:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{701B232A-BDAD-4C9C-A77B-FDFDC4C85ED0}
2012-04-15 09:49 - 2012-04-15 09:49 - 0000000 ____D C:\Users\John\Local Settings\{701B232A-BDAD-4C9C-A77B-FDFDC4C85ED0}
2012-04-15 09:49 - 2012-04-15 09:49 - 0000000 ____D C:\Users\John\AppData\Local\{701B232A-BDAD-4C9C-A77B-FDFDC4C85ED0}
2012-04-15 00:13 - 2012-03-31 13:03 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-15 00:13 - 2012-03-31 13:03 - 0001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-15 00:13 - 2011-11-21 19:53 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-15 00:07 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-14 22:32 - 2012-01-10 22:39 - 0002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-14 22:32 - 2012-01-10 22:39 - 0002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-04-14 12:32 - 2012-04-14 12:31 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{ED9F61C1-37D8-4D12-84CA-7BE46242167E}
2012-04-14 12:32 - 2012-04-14 12:31 - 0000000 ____D C:\Users\John\Local Settings\{ED9F61C1-37D8-4D12-84CA-7BE46242167E}
2012-04-14 12:32 - 2012-04-14 12:31 - 0000000 ____D C:\Users\John\AppData\Local\{ED9F61C1-37D8-4D12-84CA-7BE46242167E}
2012-04-14 12:31 - 2012-04-14 12:31 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7F68ECAC-D230-4F05-B1A5-79E6039ADC2A}
2012-04-14 12:31 - 2012-04-14 12:31 - 0000000 ____D C:\Users\John\Local Settings\{7F68ECAC-D230-4F05-B1A5-79E6039ADC2A}
2012-04-14 12:31 - 2012-04-14 12:31 - 0000000 ____D C:\Users\John\AppData\Local\{7F68ECAC-D230-4F05-B1A5-79E6039ADC2A}
2012-04-13 18:05 - 2012-04-13 18:04 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E4BBC5BF-964A-4ABB-A00B-FD76C30C1243}
2012-04-13 18:05 - 2012-04-13 18:04 - 0000000 ____D C:\Users\John\Local Settings\{E4BBC5BF-964A-4ABB-A00B-FD76C30C1243}
2012-04-13 18:05 - 2012-04-13 18:04 - 0000000 ____D C:\Users\John\AppData\Local\{E4BBC5BF-964A-4ABB-A00B-FD76C30C1243}
2012-04-13 18:04 - 2012-04-13 18:04 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7619CFC9-3310-43CC-9766-8508B860AB37}
2012-04-13 18:04 - 2012-04-13 18:04 - 0000000 ____D C:\Users\John\Local Settings\{7619CFC9-3310-43CC-9766-8508B860AB37}
2012-04-13 18:04 - 2012-04-13 18:04 - 0000000 ____D C:\Users\John\AppData\Local\{7619CFC9-3310-43CC-9766-8508B860AB37}
2012-04-13 18:02 - 2012-04-13 18:02 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{96C9DA3F-FFCA-4F82-9675-C6BA556CBA49}
2012-04-13 18:02 - 2012-04-13 18:02 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{3926CE91-8E53-414F-A87C-8A6B34C1B806}
2012-04-13 18:02 - 2012-04-13 18:02 - 0000000 ____D C:\Users\John\Local Settings\{96C9DA3F-FFCA-4F82-9675-C6BA556CBA49}
2012-04-13 18:02 - 2012-04-13 18:02 - 0000000 ____D C:\Users\John\Local Settings\{3926CE91-8E53-414F-A87C-8A6B34C1B806}
2012-04-13 18:02 - 2012-04-13 18:02 - 0000000 ____D C:\Users\John\AppData\Local\{96C9DA3F-FFCA-4F82-9675-C6BA556CBA49}
2012-04-13 18:02 - 2012-04-13 18:02 - 0000000 ____D C:\Users\John\AppData\Local\{3926CE91-8E53-414F-A87C-8A6B34C1B806}
2012-04-13 03:03 - 2009-07-13 21:34 - 0000478 ____A C:\Windows\win.ini
2012-04-13 01:36 - 2012-04-13 01:35 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{2A59D477-6E0F-4241-8851-84F867D890ED}
2012-04-13 01:36 - 2012-04-13 01:35 - 0000000 ____D C:\Users\John\Local Settings\{2A59D477-6E0F-4241-8851-84F867D890ED}
2012-04-13 01:36 - 2012-04-13 01:35 - 0000000 ____D C:\Users\John\AppData\Local\{2A59D477-6E0F-4241-8851-84F867D890ED}
2012-04-13 01:36 - 2010-12-01 23:18 - 0000000 ____D C:\Users\John\Local Settings\Windows Live
2012-04-13 01:36 - 2010-12-01 23:18 - 0000000 ____D C:\Users\John\Local Settings\Application Data\Windows Live
2012-04-13 01:36 - 2010-12-01 23:18 - 0000000 ____D C:\Users\John\AppData\Local\Windows Live
2012-04-12 13:07 - 2012-04-12 13:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{BB9CDEDC-B15E-411D-9559-F19CADFE8674}
2012-04-12 13:07 - 2012-04-12 13:07 - 0000000 ____D C:\Users\John\Local Settings\{BB9CDEDC-B15E-411D-9559-F19CADFE8674}
2012-04-12 13:07 - 2012-04-12 13:07 - 0000000 ____D C:\Users\John\AppData\Local\{BB9CDEDC-B15E-411D-9559-F19CADFE8674}
2012-04-11 17:43 - 2012-04-11 17:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{3CDE8024-78DE-4341-9485-3CC36627CCCA}
2012-04-11 17:43 - 2012-04-11 17:43 - 0000000 ____D C:\Users\John\Local Settings\{3CDE8024-78DE-4341-9485-3CC36627CCCA}
2012-04-11 17:43 - 2012-04-11 17:43 - 0000000 ____D C:\Users\John\AppData\Local\{3CDE8024-78DE-4341-9485-3CC36627CCCA}
2012-04-11 01:48 - 2012-04-11 01:48 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{04B71107-7254-4DB2-947A-6B6EAAEB9206}
2012-04-11 01:48 - 2012-04-11 01:48 - 0000000 ____D C:\Users\John\Local Settings\{04B71107-7254-4DB2-947A-6B6EAAEB9206}
2012-04-11 01:48 - 2012-04-11 01:48 - 0000000 ____D C:\Users\John\AppData\Local\{04B71107-7254-4DB2-947A-6B6EAAEB9206}
2012-04-10 13:42 - 2012-04-10 13:42 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{81E089F6-8E47-40C1-8446-0DA4112B357A}
2012-04-10 13:42 - 2012-04-10 13:42 - 0000000 ____D C:\Users\John\Local Settings\{81E089F6-8E47-40C1-8446-0DA4112B357A}
2012-04-10 13:42 - 2012-04-10 13:42 - 0000000 ____D C:\Users\John\AppData\Local\{81E089F6-8E47-40C1-8446-0DA4112B357A}
2012-04-09 18:34 - 2012-04-09 18:34 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E881D815-15CF-494D-A8A3-C88E29BFEAF2}
2012-04-09 18:34 - 2012-04-09 18:34 - 0000000 ____D C:\Users\John\Local Settings\{E881D815-15CF-494D-A8A3-C88E29BFEAF2}
2012-04-09 18:34 - 2012-04-09 18:34 - 0000000 ____D C:\Users\John\AppData\Local\{E881D815-15CF-494D-A8A3-C88E29BFEAF2}
2012-04-09 01:51 - 2012-04-09 01:51 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EC67A373-AE3A-4B22-8B23-E5F390B59335}
2012-04-09 01:51 - 2012-04-09 01:51 - 0000000 ____D C:\Users\John\Local Settings\{EC67A373-AE3A-4B22-8B23-E5F390B59335}
2012-04-09 01:51 - 2012-04-09 01:51 - 0000000 ____D C:\Users\John\AppData\Local\{EC67A373-AE3A-4B22-8B23-E5F390B59335}
2012-04-08 13:49 - 2012-04-08 13:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0ACA20B0-5372-48A2-80DA-4E51348CC9DE}
2012-04-08 13:49 - 2012-04-08 13:49 - 0000000 ____D C:\Users\John\Local Settings\{0ACA20B0-5372-48A2-80DA-4E51348CC9DE}
2012-04-08 13:49 - 2012-04-08 13:49 - 0000000 ____D C:\Users\John\AppData\Local\{0ACA20B0-5372-48A2-80DA-4E51348CC9DE}
2012-04-08 01:06 - 2012-04-08 01:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{86B0FDB3-3D9F-4AFC-8FF5-AA77513B49DC}
2012-04-08 01:06 - 2012-04-08 01:06 - 0000000 ____D C:\Users\John\Local Settings\{86B0FDB3-3D9F-4AFC-8FF5-AA77513B49DC}
2012-04-08 01:06 - 2012-04-08 01:06 - 0000000 ____D C:\Users\John\AppData\Local\{86B0FDB3-3D9F-4AFC-8FF5-AA77513B49DC}
2012-04-07 13:06 - 2012-04-07 13:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{688507DF-6153-4B32-B02B-F050E1C05256}
2012-04-07 13:06 - 2012-04-07 13:06 - 0000000 ____D C:\Users\John\Local Settings\{688507DF-6153-4B32-B02B-F050E1C05256}
2012-04-07 13:06 - 2012-04-07 13:06 - 0000000 ____D C:\Users\John\AppData\Local\{688507DF-6153-4B32-B02B-F050E1C05256}
2012-04-06 13:49 - 2012-04-06 13:48 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{40904DFA-5A36-421C-8517-E67446C65DDB}
2012-04-06 13:49 - 2012-04-06 13:48 - 0000000 ____D C:\Users\John\Local Settings\{40904DFA-5A36-421C-8517-E67446C65DDB}
2012-04-06 13:49 - 2012-04-06 13:48 - 0000000 ____D C:\Users\John\AppData\Local\{40904DFA-5A36-421C-8517-E67446C65DDB}
2012-04-05 20:35 - 2010-08-02 19:57 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-04-05 20:35 - 2010-08-02 19:57 - 0000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion
2012-04-05 20:35 - 2010-08-02 19:57 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-04-05 20:35 - 2010-08-02 18:39 - 0000000 ____D C:\Users\John\AppData\LocalLow
2012-04-05 18:53 - 2012-04-05 18:52 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A2AD41E0-7B03-4227-9EE3-79416BD79ED8}
2012-04-05 18:53 - 2012-04-05 18:52 - 0000000 ____D C:\Users\John\Local Settings\{A2AD41E0-7B03-4227-9EE3-79416BD79ED8}
2012-04-05 18:53 - 2012-04-05 18:52 - 0000000 ____D C:\Users\John\AppData\Local\{A2AD41E0-7B03-4227-9EE3-79416BD79ED8}
2012-04-05 01:52 - 2012-04-05 01:52 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B4E03451-E9DD-4EA3-AC08-384E691131E8}
2012-04-05 01:52 - 2012-04-05 01:52 - 0000000 ____D C:\Users\John\Local Settings\{B4E03451-E9DD-4EA3-AC08-384E691131E8}
2012-04-05 01:52 - 2012-04-05 01:52 - 0000000 ____D C:\Users\John\AppData\Local\{B4E03451-E9DD-4EA3-AC08-384E691131E8}
2012-04-04 15:56 - 2011-11-21 19:53 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 13:18 - 2012-04-04 13:17 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{65E3F6B2-EF40-4793-A027-E68906DD3279}
2012-04-04 13:18 - 2012-04-04 13:17 - 0000000 ____D C:\Users\John\Local Settings\{65E3F6B2-EF40-4793-A027-E68906DD3279}
2012-04-04 13:18 - 2012-04-04 13:17 - 0000000 ____D C:\Users\John\AppData\Local\{65E3F6B2-EF40-4793-A027-E68906DD3279}
2012-04-03 13:24 - 2012-04-03 13:24 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8F8AAFC8-68AD-4811-81CB-7CFD23DAF48B}
2012-04-03 13:24 - 2012-04-03 13:24 - 0000000 ____D C:\Users\John\Local Settings\{8F8AAFC8-68AD-4811-81CB-7CFD23DAF48B}
2012-04-03 13:24 - 2012-04-03 13:24 - 0000000 ____D C:\Users\John\AppData\Local\{8F8AAFC8-68AD-4811-81CB-7CFD23DAF48B}
2012-04-03 01:24 - 2012-04-03 01:24 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EE2537E5-1C81-40A7-9D8C-EE9F94B7A4C4}
2012-04-03 01:24 - 2012-04-03 01:24 - 0000000 ____D C:\Users\John\Local Settings\{EE2537E5-1C81-40A7-9D8C-EE9F94B7A4C4}
2012-04-03 01:24 - 2012-04-03 01:24 - 0000000 ____D C:\Users\John\AppData\Local\{EE2537E5-1C81-40A7-9D8C-EE9F94B7A4C4}
2012-04-02 13:07 - 2012-04-02 13:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EFD69233-3AA6-4D4F-9EDA-04AD67604F99}
2012-04-02 13:07 - 2012-04-02 13:06 - 0000000 ____D C:\Users\John\Local Settings\{EFD69233-3AA6-4D4F-9EDA-04AD67604F99}
2012-04-02 13:07 - 2012-04-02 13:06 - 0000000 ____D C:\Users\John\AppData\Local\{EFD69233-3AA6-4D4F-9EDA-04AD67604F99}
2012-04-01 21:27 - 2012-04-01 21:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7C40664C-F4BF-44CD-A582-573679BFDAFC}
2012-04-01 21:27 - 2012-04-01 21:27 - 0000000 ____D C:\Users\John\Local Settings\{7C40664C-F4BF-44CD-A582-573679BFDAFC}
2012-04-01 21:27 - 2012-04-01 21:27 - 0000000 ____D C:\Users\John\AppData\Local\{7C40664C-F4BF-44CD-A582-573679BFDAFC}
2012-04-01 09:27 - 2012-04-01 09:26 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8A7245BC-89CB-44CB-8BA0-CC93710691EC}
2012-04-01 09:27 - 2012-04-01 09:26 - 0000000 ____D C:\Users\John\Local Settings\{8A7245BC-89CB-44CB-8BA0-CC93710691EC}
2012-04-01 09:27 - 2012-04-01 09:26 - 0000000 ____D C:\Users\John\AppData\Local\{8A7245BC-89CB-44CB-8BA0-CC93710691EC}
2012-04-01 00:36 - 2012-04-01 00:34 - 0000112 ____A C:\Users\All Users\GTeA6i0r2.dat
2012-04-01 00:36 - 2012-04-01 00:34 - 0000112 ____A C:\Users\All Users\Application Data\GTeA6i0r2.dat
2012-04-01 00:36 - 2012-04-01 00:34 - 0000112 ____A C:\ProgramData\GTeA6i0r2.dat
2012-03-31 21:26 - 2012-03-31 21:26 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{53E6FCBC-F499-43E7-A147-BEEA0A914829}
2012-03-31 21:26 - 2012-03-31 21:26 - 0000000 ____D C:\Users\John\Local Settings\{53E6FCBC-F499-43E7-A147-BEEA0A914829}
2012-03-31 21:26 - 2012-03-31 21:26 - 0000000 ____D C:\Users\John\AppData\Local\{53E6FCBC-F499-43E7-A147-BEEA0A914829}
2012-03-31 17:21 - 2012-03-31 17:21 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-31 17:21 - 2012-03-31 17:21 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-03-31 17:21 - 2012-03-31 17:20 - 0000000 ____D C:\Program Files\iTunes
2012-03-31 17:21 - 2012-03-11 10:14 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-31 17:20 - 2012-03-31 17:20 - 0000000 ____D C:\Program Files\iPod
2012-03-31 09:26 - 2012-03-31 09:26 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{ADCB4724-BD93-4228-A3D1-9E33AA008DC5}
2012-03-31 09:26 - 2012-03-31 09:26 - 0000000 ____D C:\Users\John\Local Settings\{ADCB4724-BD93-4228-A3D1-9E33AA008DC5}
2012-03-31 09:26 - 2012-03-31 09:26 - 0000000 ____D C:\Users\John\AppData\Local\{ADCB4724-BD93-4228-A3D1-9E33AA008DC5}
2012-03-31 01:05 - 2012-05-12 13:04 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 23:39 - 2012-05-12 13:04 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 23:39 - 2012-05-12 13:04 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 23:31 - 2010-08-02 19:35 - 0000000 ____D C:\Users\John\Application Data\Adobe
2012-03-30 23:31 - 2010-08-02 19:35 - 0000000 ____D C:\Users\John\AppData\Roaming\Adobe
2012-03-30 22:10 - 2012-05-12 13:04 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 13:39 - 2012-03-30 13:39 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FCE41FE5-69C9-4949-9CCE-8E450B0BF663}
2012-03-30 13:39 - 2012-03-30 13:39 - 0000000 ____D C:\Users\John\Local Settings\{FCE41FE5-69C9-4949-9CCE-8E450B0BF663}
2012-03-30 13:39 - 2012-03-30 13:39 - 0000000 ____D C:\Users\John\AppData\Local\{FCE41FE5-69C9-4949-9CCE-8E450B0BF663}
2012-03-30 06:35 - 2012-05-12 13:00 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 13:55 - 2012-03-29 01:54 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{70CF52B3-B996-4C92-82F1-3FFF542F6EB7}
2012-03-29 13:55 - 2012-03-29 01:54 - 0000000 ____D C:\Users\John\Local Settings\{70CF52B3-B996-4C92-82F1-3FFF542F6EB7}
2012-03-29 13:55 - 2012-03-29 01:54 - 0000000 ____D C:\Users\John\AppData\Local\{70CF52B3-B996-4C92-82F1-3FFF542F6EB7}
2012-03-28 13:11 - 2012-03-28 13:11 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F7280AA8-3DE8-4B59-80AF-9A01A201A173}
2012-03-28 13:11 - 2012-03-28 13:11 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{3EE0EC5F-FF2E-4F53-925A-F11B855D33DF}
2012-03-28 13:11 - 2012-03-28 13:11 - 0000000 ____D C:\Users\John\Local Settings\{F7280AA8-3DE8-4B59-80AF-9A01A201A173}
2012-03-28 13:11 - 2012-03-28 13:11 - 0000000 ____D C:\Users\John\Local Settings\{3EE0EC5F-FF2E-4F53-925A-F11B855D33DF}
2012-03-28 13:11 - 2012-03-28 13:11 - 0000000 ____D C:\Users\John\AppData\Local\{F7280AA8-3DE8-4B59-80AF-9A01A201A173}
2012-03-28 13:11 - 2012-03-28 13:11 - 0000000 ____D C:\Users\John\AppData\Local\{3EE0EC5F-FF2E-4F53-925A-F11B855D33DF}
2012-03-27 18:36 - 2012-03-27 18:35 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{D08B0399-4C37-41BE-9149-795F38A5EB9F}
2012-03-27 18:36 - 2012-03-27 18:35 - 0000000 ____D C:\Users\John\Local Settings\{D08B0399-4C37-41BE-9149-795F38A5EB9F}
2012-03-27 18:36 - 2012-03-27 18:35 - 0000000 ____D C:\Users\John\AppData\Local\{D08B0399-4C37-41BE-9149-795F38A5EB9F}
2012-03-27 18:35 - 2012-03-27 01:48 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{CDD387A3-0949-46CD-842F-A9D306E1E1B4}
2012-03-27 18:35 - 2012-03-27 01:48 - 0000000 ____D C:\Users\John\Local Settings\{CDD387A3-0949-46CD-842F-A9D306E1E1B4}
2012-03-27 18:35 - 2012-03-27 01:48 - 0000000 ____D C:\Users\John\AppData\Local\{CDD387A3-0949-46CD-842F-A9D306E1E1B4}
2012-03-27 01:49 - 2012-03-27 01:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{1412AD84-5E43-4E9E-815C-963CA82DACED}
2012-03-27 01:49 - 2012-03-27 01:49 - 0000000 ____D C:\Users\John\Local Settings\{1412AD84-5E43-4E9E-815C-963CA82DACED}
2012-03-27 01:49 - 2012-03-27 01:49 - 0000000 ____D C:\Users\John\AppData\Local\{1412AD84-5E43-4E9E-815C-963CA82DACED}
2012-03-26 13:16 - 2012-03-26 13:15 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{447C84AF-DF02-4DE8-82C6-521108737C52}
2012-03-26 13:16 - 2012-03-26 13:15 - 0000000 ____D C:\Users\John\Local Settings\{447C84AF-DF02-4DE8-82C6-521108737C52}
2012-03-26 13:16 - 2012-03-26 13:15 - 0000000 ____D C:\Users\John\AppData\Local\{447C84AF-DF02-4DE8-82C6-521108737C52}
2012-03-26 13:15 - 2012-03-26 13:15 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{501504A9-14F8-4A58-8896-3E28AF8EAA34}
2012-03-26 13:15 - 2012-03-26 13:15 - 0000000 ____D C:\Users\John\Local Settings\{501504A9-14F8-4A58-8896-3E28AF8EAA34}
2012-03-26 13:15 - 2012-03-26 13:15 - 0000000 ____D C:\Users\John\AppData\Local\{501504A9-14F8-4A58-8896-3E28AF8EAA34}
2012-03-25 22:40 - 2012-03-25 22:39 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{5929D428-19F9-4866-AE1D-ADAA29680C63}
2012-03-25 22:40 - 2012-03-25 22:39 - 0000000 ____D C:\Users\John\Local Settings\{5929D428-19F9-4866-AE1D-ADAA29680C63}
2012-03-25 22:40 - 2012-03-25 22:39 - 0000000 ____D C:\Users\John\AppData\Local\{5929D428-19F9-4866-AE1D-ADAA29680C63}
2012-03-25 22:39 - 2012-03-25 22:39 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7C855FBA-8D0F-439B-941A-12E9E796323D}
2012-03-25 22:39 - 2012-03-25 22:39 - 0000000 ____D C:\Users\John\Local Settings\{7C855FBA-8D0F-439B-941A-12E9E796323D}
2012-03-25 22:39 - 2012-03-25 22:39 - 0000000 ____D C:\Users\John\AppData\Local\{7C855FBA-8D0F-439B-941A-12E9E796323D}
2012-03-25 10:39 - 2012-03-25 10:39 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A59031D6-2D60-4675-BE11-992DB5117562}
2012-03-25 10:39 - 2012-03-25 10:39 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{9B9B91DB-2312-4F1E-AA78-E58086C87CE6}
2012-03-25 10:39 - 2012-03-25 10:39 - 0000000 ____D C:\Users\John\Local Settings\{A59031D6-2D60-4675-BE11-992DB5117562}
2012-03-25 10:39 - 2012-03-25 10:39 - 0000000 ____D C:\Users\John\Local Settings\{9B9B91DB-2312-4F1E-AA78-E58086C87CE6}
2012-03-25 10:39 - 2012-03-25 10:39 - 0000000 ____D C:\Users\John\AppData\Local\{A59031D6-2D60-4675-BE11-992DB5117562}
2012-03-25 10:39 - 2012-03-25 10:39 - 0000000 ____D C:\Users\John\AppData\Local\{9B9B91DB-2312-4F1E-AA78-E58086C87CE6}
2012-03-24 22:38 - 2012-03-24 22:38 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B18D44E5-D559-46F5-961E-AE408EA9C031}
2012-03-24 22:38 - 2012-03-24 22:38 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{37899C22-E0CB-45AE-B00D-4A7BC5694033}
2012-03-24 22:38 - 2012-03-24 22:38 - 0000000 ____D C:\Users\John\Local Settings\{B18D44E5-D559-46F5-961E-AE408EA9C031}
2012-03-24 22:38 - 2012-03-24 22:38 - 0000000 ____D C:\Users\John\Local Settings\{37899C22-E0CB-45AE-B00D-4A7BC5694033}
2012-03-24 22:38 - 2012-03-24 22:38 - 0000000 ____D C:\Users\John\AppData\Local\{B18D44E5-D559-46F5-961E-AE408EA9C031}
2012-03-24 22:38 - 2012-03-24 22:38 - 0000000 ____D C:\Users\John\AppData\Local\{37899C22-E0CB-45AE-B00D-4A7BC5694033}
2012-03-24 10:38 - 2012-03-24 10:38 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{05CAFDC8-948C-48FB-933E-164597B7C7DB}
2012-03-24 10:38 - 2012-03-24 10:38 - 0000000 ____D C:\Users\John\Local Settings\{05CAFDC8-948C-48FB-933E-164597B7C7DB}
2012-03-24 10:38 - 2012-03-24 10:38 - 0000000 ____D C:\Users\John\AppData\Local\{05CAFDC8-948C-48FB-933E-164597B7C7DB}
2012-03-24 10:38 - 2012-03-24 10:37 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EA0BDE88-9EC9-44DE-965D-94A5BADE214E}
2012-03-24 10:38 - 2012-03-24 10:37 - 0000000 ____D C:\Users\John\Local Settings\{EA0BDE88-9EC9-44DE-965D-94A5BADE214E}
2012-03-24 10:38 - 2012-03-24 10:37 - 0000000 ____D C:\Users\John\AppData\Local\{EA0BDE88-9EC9-44DE-965D-94A5BADE214E}
2012-03-23 18:23 - 2012-03-23 18:22 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B14EF512-47A4-4EFB-A122-775C87F175ED}
2012-03-23 18:23 - 2012-03-23 18:22 - 0000000 ____D C:\Users\John\Local Settings\{B14EF512-47A4-4EFB-A122-775C87F175ED}
2012-03-23 18:23 - 2012-03-23 18:22 - 0000000 ____D C:\Users\John\AppData\Local\{B14EF512-47A4-4EFB-A122-775C87F175ED}
2012-03-23 18:22 - 2012-03-23 18:22 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{71942E8A-5C66-4026-8D30-67628E8F5387}
2012-03-23 18:22 - 2012-03-23 18:22 - 0000000 ____D C:\Users\John\Local Settings\{71942E8A-5C66-4026-8D30-67628E8F5387}
2012-03-23 18:22 - 2012-03-23 18:22 - 0000000 ____D C:\Users\John\AppData\Local\{71942E8A-5C66-4026-8D30-67628E8F5387}
2012-03-23 01:59 - 2012-03-23 01:59 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E7FD27D0-3489-4830-8656-2A11707FB675}
2012-03-23 01:59 - 2012-03-23 01:59 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{39A865D3-ABAE-4D0C-B00A-3BB1F92F14CE}
2012-03-23 01:59 - 2012-03-23 01:59 - 0000000 ____D C:\Users\John\Local Settings\{E7FD27D0-3489-4830-8656-2A11707FB675}
2012-03-23 01:59 - 2012-03-23 01:59 - 0000000 ____D C:\Users\John\Local Settings\{39A865D3-ABAE-4D0C-B00A-3BB1F92F14CE}
2012-03-23 01:59 - 2012-03-23 01:59 - 0000000 ____D C:\Users\John\AppData\Local\{E7FD27D0-3489-4830-8656-2A11707FB675}
2012-03-23 01:59 - 2012-03-23 01:59 - 0000000 ____D C:\Users\John\AppData\Local\{39A865D3-ABAE-4D0C-B00A-3BB1F92F14CE}
2012-03-22 13:55 - 2012-03-22 13:55 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7CA08B96-A036-4034-ADAD-29B1BC23A28D}
2012-03-22 13:55 - 2012-03-22 13:55 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{5DBE6505-EDB3-4990-8251-D13CBBD3EFFB}
2012-03-22 13:55 - 2012-03-22 13:55 - 0000000 ____D C:\Users\John\Local Settings\{7CA08B96-A036-4034-ADAD-29B1BC23A28D}
2012-03-22 13:55 - 2012-03-22 13:55 - 0000000 ____D C:\Users\John\Local Settings\{5DBE6505-EDB3-4990-8251-D13CBBD3EFFB}
2012-03-22 13:55 - 2012-03-22 13:55 - 0000000 ____D C:\Users\John\AppData\Local\{7CA08B96-A036-4034-ADAD-29B1BC23A28D}
2012-03-22 13:55 - 2012-03-22 13:55 - 0000000 ____D C:\Users\John\AppData\Local\{5DBE6505-EDB3-4990-8251-D13CBBD3EFFB}
2012-03-22 01:43 - 2012-03-22 01:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{91CD1D40-50C1-4E1B-9A15-8904C46C0D7C}
2012-03-22 01:43 - 2012-03-22 01:43 - 0000000 ____D C:\Users\John\Local Settings\{91CD1D40-50C1-4E1B-9A15-8904C46C0D7C}
2012-03-22 01:43 - 2012-03-22 01:43 - 0000000 ____D C:\Users\John\AppData\Local\{91CD1D40-50C1-4E1B-9A15-8904C46C0D7C}
2012-03-22 01:43 - 2012-03-22 01:42 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{CFF629FE-1544-4EDE-B0FF-94C444191656}
2012-03-22 01:43 - 2012-03-22 01:42 - 0000000 ____D C:\Users\John\Local Settings\{CFF629FE-1544-4EDE-B0FF-94C444191656}
2012-03-22 01:43 - 2012-03-22 01:42 - 0000000 ____D C:\Users\John\AppData\Local\{CFF629FE-1544-4EDE-B0FF-94C444191656}
2012-03-21 13:16 - 2012-03-21 13:16 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7BB650EF-D849-43A2-BF53-E9AF68D58BA8}
2012-03-21 13:16 - 2012-03-21 13:16 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{478ECDAD-5B51-4C87-A1CB-A4D37E72E930}
2012-03-21 13:16 - 2012-03-21 13:16 - 0000000 ____D C:\Users\John\Local Settings\{7BB650EF-D849-43A2-BF53-E9AF68D58BA8}
2012-03-21 13:16 - 2012-03-21 13:16 - 0000000 ____D C:\Users\John\Local Settings\{478ECDAD-5B51-4C87-A1CB-A4D37E72E930}
2012-03-21 13:16 - 2012-03-21 13:16 - 0000000 ____D C:\Users\John\AppData\Local\{7BB650EF-D849-43A2-BF53-E9AF68D58BA8}
2012-03-21 13:16 - 2012-03-21 13:16 - 0000000 ____D C:\Users\John\AppData\Local\{478ECDAD-5B51-4C87-A1CB-A4D37E72E930}
2012-03-20 22:47 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-03-20 22:40 - 2012-03-20 22:40 - 0004611 ____N C:\Users\John\Desktop\Footboard Pattern.pdf
2012-03-20 22:36 - 2012-03-20 22:36 - 0004644 ____N C:\Users\John\Desktop\Headboard Pattern.pdf
2012-03-20 22:30 - 2012-03-20 22:30 - 0010031 ____A C:\Users\John\Desktop\Reference.pdf
2012-03-20 18:12 - 2012-03-20 18:12 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A508C9A1-436A-4922-B2EC-5B500AAA2D29}
2012-03-20 18:12 - 2012-03-20 18:12 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6458F276-5C38-4D2B-A7CB-4A771FCD552A}
2012-03-20 18:12 - 2012-03-20 18:12 - 0000000 ____D C:\Users\John\Local Settings\{A508C9A1-436A-4922-B2EC-5B500AAA2D29}
2012-03-20 18:12 - 2012-03-20 18:12 - 0000000 ____D C:\Users\John\Local Settings\{6458F276-5C38-4D2B-A7CB-4A771FCD552A}
2012-03-20 18:12 - 2012-03-20 18:12 - 0000000 ____D C:\Users\John\AppData\Local\{A508C9A1-436A-4922-B2EC-5B500AAA2D29}
2012-03-20 18:12 - 2012-03-20 18:12 - 0000000 ____D C:\Users\John\AppData\Local\{6458F276-5C38-4D2B-A7CB-4A771FCD552A}
2012-03-20 01:49 - 2012-03-20 01:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{BB91F476-699D-4310-9495-12CF9B204CF1}
2012-03-20 01:49 - 2012-03-20 01:49 - 0000000 ____D C:\Users\John\Local Settings\{BB91F476-699D-4310-9495-12CF9B204CF1}
2012-03-20 01:49 - 2012-03-20 01:49 - 0000000 ____D C:\Users\John\AppData\Local\{BB91F476-699D-4310-9495-12CF9B204CF1}
2012-03-20 01:49 - 2012-03-20 01:48 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{749E2332-D8DC-4EC6-AF1E-AF0C2889BEB0}
2012-03-20 01:49 - 2012-03-20 01:48 - 0000000 ____D C:\Users\John\Local Settings\{749E2332-D8DC-4EC6-AF1E-AF0C2889BEB0}
2012-03-20 01:49 - 2012-03-20 01:48 - 0000000 ____D C:\Users\John\AppData\Local\{749E2332-D8DC-4EC6-AF1E-AF0C2889BEB0}
2012-03-19 21:18 - 2012-03-19 21:18 - 0255528 ____N C:\Users\John\My Documents\John Tyler 2011 Tax Return_T11_For_Records.pdf
2012-03-19 21:18 - 2012-03-19 21:18 - 0255528 ____N C:\Users\John\Documents\John Tyler 2011 Tax Return_T11_For_Records.pdf
2012-03-19 21:18 - 2012-03-19 21:18 - 0158045 ____N C:\Users\John\My Documents\John Tyler 2011 Tax Return_T11_For_Filing.pdf
2012-03-19 21:18 - 2012-03-19 21:18 - 0158045 ____N C:\Users\John\Documents\John Tyler 2011 Tax Return_T11_For_Filing.pdf
2012-03-19 21:18 - 2012-03-11 16:24 - 0000000 ____D C:\Users\John\Application Data\TaxCut
2012-03-19 21:18 - 2012-03-11 16:24 - 0000000 ____D C:\Users\John\AppData\Roaming\TaxCut
2012-03-19 21:18 - 2012-03-11 16:19 - 0000000 ____D C:\Users\John\My Documents\HRBlock
2012-03-19 21:18 - 2012-03-11 16:19 - 0000000 ____D C:\Users\John\Documents\HRBlock
2012-03-19 13:48 - 2012-03-19 13:48 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{112A5C7C-A3E2-4862-A955-DA66D999F1B4}
2012-03-19 13:48 - 2012-03-19 13:48 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{110C132B-45F6-4300-A44F-E368441EDD13}
2012-03-19 13:48 - 2012-03-19 13:48 - 0000000 ____D C:\Users\John\Local Settings\{112A5C7C-A3E2-4862-A955-DA66D999F1B4}
2012-03-19 13:48 - 2012-03-19 13:48 - 0000000 ____D C:\Users\John\Local Settings\{110C132B-45F6-4300-A44F-E368441EDD13}
2012-03-19 13:48 - 2012-03-19 13:48 - 0000000 ____D C:\Users\John\AppData\Local\{112A5C7C-A3E2-4862-A955-DA66D999F1B4}
2012-03-19 13:48 - 2012-03-19 13:48 - 0000000 ____D C:\Users\John\AppData\Local\{110C132B-45F6-4300-A44F-E368441EDD13}
2012-03-18 19:41 - 2012-03-18 19:41 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F8A99EEE-113E-4804-A7A1-EAD0471F770B}
2012-03-18 19:41 - 2012-03-18 19:41 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{9857DED5-AF62-45EC-A8C5-ACC080C75ECB}
2012-03-18 19:41 - 2012-03-18 19:41 - 0000000 ____D C:\Users\John\Local Settings\{F8A99EEE-113E-4804-A7A1-EAD0471F770B}
2012-03-18 19:41 - 2012-03-18 19:41 - 0000000 ____D C:\Users\John\Local Settings\{9857DED5-AF62-45EC-A8C5-ACC080C75ECB}
2012-03-18 19:41 - 2012-03-18 19:41 - 0000000 ____D C:\Users\John\AppData\Local\{F8A99EEE-113E-4804-A7A1-EAD0471F770B}
2012-03-18 19:41 - 2012-03-18 19:41 - 0000000 ____D C:\Users\John\AppData\Local\{9857DED5-AF62-45EC-A8C5-ACC080C75ECB}
2012-03-18 01:54 - 2012-03-18 01:54 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FFCE7D22-DFAF-4C99-9EA0-C0025AD451DC}
2012-03-18 01:54 - 2012-03-18 01:54 - 0000000 ____D C:\Users\John\Local Settings\{FFCE7D22-DFAF-4C99-9EA0-C0025AD451DC}
2012-03-18 01:54 - 2012-03-18 01:54 - 0000000 ____D C:\Users\John\AppData\Local\{FFCE7D22-DFAF-4C99-9EA0-C0025AD451DC}
2012-03-18 01:54 - 2012-03-18 01:53 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0F8F92BD-FDD8-4343-A512-B38DD44F7611}
2012-03-18 01:54 - 2012-03-18 01:53 - 0000000 ____D C:\Users\John\Local Settings\{0F8F92BD-FDD8-4343-A512-B38DD44F7611}
2012-03-18 01:54 - 2012-03-18 01:53 - 0000000 ____D C:\Users\John\AppData\Local\{0F8F92BD-FDD8-4343-A512-B38DD44F7611}
2012-03-17 13:53 - 2012-03-17 13:53 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{1F45EBAD-D3CF-494C-9DAD-16654849C8E8}
2012-03-17 13:53 - 2012-03-17 13:53 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0507F4C6-6072-474B-8E58-4037290BBDDF}
2012-03-17 13:53 - 2012-03-17 13:53 - 0000000 ____D C:\Users\John\Local Settings\{1F45EBAD-D3CF-494C-9DAD-16654849C8E8}
2012-03-17 13:53 - 2012-03-17 13:53 - 0000000 ____D C:\Users\John\Local Settings\{0507F4C6-6072-474B-8E58-4037290BBDDF}
2012-03-17 13:53 - 2012-03-17 13:53 - 0000000 ____D C:\Users\John\AppData\Local\{1F45EBAD-D3CF-494C-9DAD-16654849C8E8}
2012-03-17 13:53 - 2012-03-17 13:53 - 0000000 ____D C:\Users\John\AppData\Local\{0507F4C6-6072-474B-8E58-4037290BBDDF}
2012-03-17 02:58 - 2012-05-12 13:03 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-17 01:09 - 2012-03-17 01:09 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C798263B-5CDB-4D6B-90AD-A4FB630A0554}
2012-03-17 01:09 - 2012-03-17 01:09 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{BFEB4B5A-9CC7-420D-B645-954D971E353F}
2012-03-17 01:09 - 2012-03-17 01:09 - 0000000 ____D C:\Users\John\Local Settings\{C798263B-5CDB-4D6B-90AD-A4FB630A0554}
2012-03-17 01:09 - 2012-03-17 01:09 - 0000000 ____D C:\Users\John\Local Settings\{BFEB4B5A-9CC7-420D-B645-954D971E353F}
2012-03-17 01:09 - 2012-03-17 01:09 - 0000000 ____D C:\Users\John\AppData\Local\{C798263B-5CDB-4D6B-90AD-A4FB630A0554}
2012-03-17 01:09 - 2012-03-17 01:09 - 0000000 ____D C:\Users\John\AppData\Local\{BFEB4B5A-9CC7-420D-B645-954D971E353F}
2012-03-16 01:49 - 2012-03-16 01:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{38CDDE26-DBD2-4E4E-B393-95E2AA184F25}
2012-03-16 01:49 - 2012-03-16 01:49 - 0000000 ____D C:\Users\John\Local Settings\{38CDDE26-DBD2-4E4E-B393-95E2AA184F25}
2012-03-16 01:49 - 2012-03-16 01:49 - 0000000 ____D C:\Users\John\AppData\Local\{38CDDE26-DBD2-4E4E-B393-95E2AA184F25}
2012-03-16 01:49 - 2012-03-16 01:48 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{ABB302DE-1B28-4BE3-8B2B-8937B11E23BC}
2012-03-16 01:49 - 2012-03-16 01:48 - 0000000 ____D C:\Users\John\Local Settings\{ABB302DE-1B28-4BE3-8B2B-8937B11E23BC}
2012-03-16 01:49 - 2012-03-16 01:48 - 0000000 ____D C:\Users\John\AppData\Local\{ABB302DE-1B28-4BE3-8B2B-8937B11E23BC}
2012-03-15 13:30 - 2012-03-15 13:30 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E46A9ED1-5FBE-4F43-BC0C-F2F50D47FB06}
2012-03-15 13:30 - 2012-03-15 13:30 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{56192CD0-8242-464E-8176-5C0F0E519902}
2012-03-15 13:30 - 2012-03-15 13:30 - 0000000 ____D C:\Users\John\Local Settings\{E46A9ED1-5FBE-4F43-BC0C-F2F50D47FB06}
2012-03-15 13:30 - 2012-03-15 13:30 - 0000000 ____D C:\Users\John\Local Settings\{56192CD0-8242-464E-8176-5C0F0E519902}
2012-03-15 13:30 - 2012-03-15 13:30 - 0000000 ____D C:\Users\John\AppData\Local\{E46A9ED1-5FBE-4F43-BC0C-F2F50D47FB06}
2012-03-15 13:30 - 2012-03-15 13:30 - 0000000 ____D C:\Users\John\AppData\Local\{56192CD0-8242-464E-8176-5C0F0E519902}
2012-03-14 19:01 - 2012-03-14 19:01 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A5E13A40-C4B8-43DF-A7B3-B2ECEF60746A}
2012-03-14 19:01 - 2012-03-14 19:01 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{9CCCA063-3061-4D74-8F46-28C0A62F0C7E}
2012-03-14 19:01 - 2012-03-14 19:01 - 0000000 ____D C:\Users\John\Local Settings\{A5E13A40-C4B8-43DF-A7B3-B2ECEF60746A}
2012-03-14 19:01 - 2012-03-14 19:01 - 0000000 ____D C:\Users\John\Local Settings\{9CCCA063-3061-4D74-8F46-28C0A62F0C7E}
2012-03-14 19:01 - 2012-03-14 19:01 - 0000000 ____D C:\Users\John\AppData\Local\{A5E13A40-C4B8-43DF-A7B3-B2ECEF60746A}
2012-03-14 19:01 - 2012-03-14 19:01 - 0000000 ____D C:\Users\John\AppData\Local\{9CCCA063-3061-4D74-8F46-28C0A62F0C7E}
2012-03-13 15:53 - 2012-03-13 15:53 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6AB554E9-62B3-42E4-80A3-5359EB56F3C9}
2012-03-13 15:53 - 2012-03-13 15:53 - 0000000 ____D C:\Users\John\Local Settings\{6AB554E9-62B3-42E4-80A3-5359EB56F3C9}
2012-03-13 15:53 - 2012-03-13 15:53 - 0000000 ____D C:\Users\John\AppData\Local\{6AB554E9-62B3-42E4-80A3-5359EB56F3C9}
2012-03-13 15:53 - 2012-03-13 15:52 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6EB182DD-F167-439D-AE62-3C3AC9FDC493}
2012-03-13 15:53 - 2012-03-13 15:52 - 0000000 ____D C:\Users\John\Local Settings\{6EB182DD-F167-439D-AE62-3C3AC9FDC493}
2012-03-13 15:53 - 2012-03-13 15:52 - 0000000 ____D C:\Users\John\AppData\Local\{6EB182DD-F167-439D-AE62-3C3AC9FDC493}
2012-03-13 03:00 - 2012-03-13 03:00 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{54514513-C589-4ED8-BF17-3FCA78F166DD}
2012-03-13 03:00 - 2012-03-13 03:00 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{1EB1B46D-24D8-444B-8353-D668A50DE0F4}
2012-03-13 03:00 - 2012-03-13 03:00 - 0000000 ____D C:\Users\John\Local Settings\{54514513-C589-4ED8-BF17-3FCA78F166DD}
2012-03-13 03:00 - 2012-03-13 03:00 - 0000000 ____D C:\Users\John\Local Settings\{1EB1B46D-24D8-444B-8353-D668A50DE0F4}
2012-03-13 03:00 - 2012-03-13 03:00 - 0000000 ____D C:\Users\John\AppData\Local\{54514513-C589-4ED8-BF17-3FCA78F166DD}
2012-03-13 03:00 - 2012-03-13 03:00 - 0000000 ____D C:\Users\John\AppData\Local\{1EB1B46D-24D8-444B-8353-D668A50DE0F4}
2012-03-12 14:17 - 2012-03-12 14:17 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{5FCEB7B6-7103-477F-9B1E-2A342EDD026A}
2012-03-12 14:17 - 2012-03-12 14:17 - 0000000 ____D C:\Users\John\Local Settings\{5FCEB7B6-7103-477F-9B1E-2A342EDD026A}
2012-03-12 14:17 - 2012-03-12 14:17 - 0000000 ____D C:\Users\John\AppData\Local\{5FCEB7B6-7103-477F-9B1E-2A342EDD026A}
2012-03-12 14:17 - 2012-03-12 14:16 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{29167536-A88E-44BD-9490-2C7A6308C9C4}
2012-03-12 14:17 - 2012-03-12 14:16 - 0000000 ____D C:\Users\John\Local Settings\{29167536-A88E-44BD-9490-2C7A6308C9C4}
2012-03-12 14:17 - 2012-03-12 14:16 - 0000000 ____D C:\Users\John\AppData\Local\{29167536-A88E-44BD-9490-2C7A6308C9C4}
2012-03-12 01:35 - 2012-03-12 01:35 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{DEEE1AF7-81D1-403F-9714-113943595C6C}
2012-03-12 01:35 - 2012-03-12 01:35 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B53ABD06-8A17-45C6-A5E1-42F36357BFB9}
2012-03-12 01:35 - 2012-03-12 01:35 - 0000000 ____D C:\Users\John\Local Settings\{DEEE1AF7-81D1-403F-9714-113943595C6C}
2012-03-12 01:35 - 2012-03-12 01:35 - 0000000 ____D C:\Users\John\Local Settings\{B53ABD06-8A17-45C6-A5E1-42F36357BFB9}
2012-03-12 01:35 - 2012-03-12 01:35 - 0000000 ____D C:\Users\John\AppData\Local\{DEEE1AF7-81D1-403F-9714-113943595C6C}
2012-03-12 01:35 - 2012-03-12 01:35 - 0000000 ____D C:\Users\John\AppData\Local\{B53ABD06-8A17-45C6-A5E1-42F36357BFB9}
2012-03-11 18:16 - 2012-03-11 18:16 - 0107805 ____N C:\Users\John\My Documents\TaxReturn 2011.pdf
2012-03-11 18:16 - 2012-03-11 18:16 - 0107805 ____N C:\Users\John\Documents\TaxReturn 2011.pdf
2012-03-11 18:16 - 2012-03-11 18:16 - 0000000 ____D C:\Users\John\Application Data\pdf995
2012-03-11 18:16 - 2012-03-11 18:16 - 0000000 ____D C:\Users\John\AppData\Roaming\pdf995
2012-03-11 18:15 - 2012-03-11 18:15 - 0047616 ____A C:\Windows\SysWOW64\pdf995mon64.dll
2012-03-11 18:15 - 2012-03-11 16:19 - 0000000 ____D C:\Program Files (x86)\PDF995
2012-03-11 18:04 - 2010-08-02 18:39 - 0125072 ____A C:\Users\John\Local Settings\GDIPFONTCACHEV1.DAT
2012-03-11 18:04 - 2010-08-02 18:39 - 0125072 ____A C:\Users\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-03-11 18:04 - 2010-08-02 18:39 - 0125072 ____A C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-11 16:20 - 2012-03-11 16:20 - 0002035 ____A C:\Users\Public\Desktop\H&R Block 2011.lnk
2012-03-11 16:20 - 2012-03-11 16:20 - 0002035 ____A C:\Users\All Users\Desktop\H&R Block 2011.lnk
2012-03-11 16:20 - 2012-03-11 16:19 - 0000000 ____D C:\Program Files (x86)\HRBlock2011
2012-03-11 16:16 - 2012-03-11 16:16 - 0000000 ____D C:\Users\All Users\TaxCut
2012-03-11 16:16 - 2012-03-11 16:16 - 0000000 ____D C:\Users\All Users\Application Data\TaxCut
2012-03-11 16:16 - 2012-03-11 16:16 - 0000000 ____D C:\ProgramData\TaxCut
2012-03-11 13:35 - 2012-03-11 13:35 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C6B20DC8-A34C-4BCA-8393-0749D1EC0D0D}
2012-03-11 13:35 - 2012-03-11 13:35 - 0000000 ____D C:\Users\John\Local Settings\{C6B20DC8-A34C-4BCA-8393-0749D1EC0D0D}
2012-03-11 13:35 - 2012-03-11 13:35 - 0000000 ____D C:\Users\John\AppData\Local\{C6B20DC8-A34C-4BCA-8393-0749D1EC0D0D}
2012-03-11 13:35 - 2012-03-11 13:34 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6F4068EA-E677-4F62-BA6B-EA382E89C814}
2012-03-11 13:35 - 2012-03-11 13:34 - 0000000 ____D C:\Users\John\Local Settings\{6F4068EA-E677-4F62-BA6B-EA382E89C814}
2012-03-11 13:35 - 2012-03-11 13:34 - 0000000 ____D C:\Users\John\AppData\Local\{6F4068EA-E677-4F62-BA6B-EA382E89C814}
2012-03-11 01:34 - 2012-03-11 01:34 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E3A075A3-8C7D-4CCD-AAAA-BF9E7621B80C}
2012-03-11 01:34 - 2012-03-11 01:34 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{D0710743-A6CD-48CE-B970-5D4BF31440B2}
2012-03-11 01:34 - 2012-03-11 01:34 - 0000000 ____D C:\Users\John\Local Settings\{E3A075A3-8C7D-4CCD-AAAA-BF9E7621B80C}
2012-03-11 01:34 - 2012-03-11 01:34 - 0000000 ____D C:\Users\John\Local Settings\{D0710743-A6CD-48CE-B970-5D4BF31440B2}
2012-03-11 01:34 - 2012-03-11 01:34 - 0000000 ____D C:\Users\John\AppData\Local\{E3A075A3-8C7D-4CCD-AAAA-BF9E7621B80C}
2012-03-11 01:34 - 2012-03-11 01:34 - 0000000 ____D C:\Users\John\AppData\Local\{D0710743-A6CD-48CE-B970-5D4BF31440B2}
2012-03-10 13:33 - 2012-03-10 13:33 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{49448F00-BE4D-4AD7-802D-6E84DF0C10F0}
2012-03-10 13:33 - 2012-03-10 13:33 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{26DE1ECE-A96F-4948-B63D-C0669DFCF67B}
2012-03-10 13:33 - 2012-03-10 13:33 - 0000000 ____D C:\Users\John\Local Settings\{49448F00-BE4D-4AD7-802D-6E84DF0C10F0}
2012-03-10 13:33 - 2012-03-10 13:33 - 0000000 ____D C:\Users\John\Local Settings\{26DE1ECE-A96F-4948-B63D-C0669DFCF67B}
2012-03-10 13:33 - 2012-03-10 13:33 - 0000000 ____D C:\Users\John\AppData\Local\{49448F00-BE4D-4AD7-802D-6E84DF0C10F0}
2012-03-10 13:33 - 2012-03-10 13:33 - 0000000 ____D C:\Users\John\AppData\Local\{26DE1ECE-A96F-4948-B63D-C0669DFCF67B}
2012-03-10 01:33 - 2012-03-10 01:33 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FF13E28D-809F-423C-B8EB-8E0FF9ECB118}
2012-03-10 01:33 - 2012-03-10 01:33 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{ECFD723F-3B11-4D1B-BA86-0BF93A4EFC49}
2012-03-10 01:33 - 2012-03-10 01:33 - 0000000 ____D C:\Users\John\Local Settings\{FF13E28D-809F-423C-B8EB-8E0FF9ECB118}
2012-03-10 01:33 - 2012-03-10 01:33 - 0000000 ____D C:\Users\John\Local Settings\{ECFD723F-3B11-4D1B-BA86-0BF93A4EFC49}
2012-03-10 01:33 - 2012-03-10 01:33 - 0000000 ____D C:\Users\John\AppData\Local\{FF13E28D-809F-423C-B8EB-8E0FF9ECB118}
2012-03-10 01:33 - 2012-03-10 01:33 - 0000000 ____D C:\Users\John\AppData\Local\{ECFD723F-3B11-4D1B-BA86-0BF93A4EFC49}
2012-03-09 13:33 - 2012-03-09 13:32 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{9E3DB9E2-29D1-4F74-AE3C-E807BD2EA7CB}
2012-03-09 13:33 - 2012-03-09 13:32 - 0000000 ____D C:\Users\John\Local Settings\{9E3DB9E2-29D1-4F74-AE3C-E807BD2EA7CB}
2012-03-09 13:33 - 2012-03-09 13:32 - 0000000 ____D C:\Users\John\AppData\Local\{9E3DB9E2-29D1-4F74-AE3C-E807BD2EA7CB}
2012-03-09 13:32 - 2012-03-09 13:32 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{94BDE9C2-73E6-44DD-90D9-9EF76DC46516}
2012-03-09 13:32 - 2012-03-09 13:32 - 0000000 ____D C:\Users\John\Local Settings\{94BDE9C2-73E6-44DD-90D9-9EF76DC46516}
2012-03-09 13:32 - 2012-03-09 13:32 - 0000000 ____D C:\Users\John\AppData\Local\{94BDE9C2-73E6-44DD-90D9-9EF76DC46516}
2012-03-09 01:22 - 2012-03-09 01:22 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{92786075-3BA7-4C90-A542-641F4F85258D}
2012-03-09 01:22 - 2012-03-09 01:22 - 0000000 ____D C:\Users\John\Local Settings\{92786075-3BA7-4C90-A542-641F4F85258D}
2012-03-09 01:22 - 2012-03-09 01:22 - 0000000 ____D C:\Users\John\AppData\Local\{92786075-3BA7-4C90-A542-641F4F85258D}
2012-03-09 01:22 - 2012-03-09 01:21 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E6039AEC-EAE1-4C24-80D5-C84613A1C7AF}
2012-03-09 01:22 - 2012-03-09 01:21 - 0000000 ____D C:\Users\John\Local Settings\{E6039AEC-EAE1-4C24-80D5-C84613A1C7AF}
2012-03-09 01:22 - 2012-03-09 01:21 - 0000000 ____D C:\Users\John\AppData\Local\{E6039AEC-EAE1-4C24-80D5-C84613A1C7AF}
2012-03-08 13:12 - 2012-03-08 13:11 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{1B440A82-8B30-43E6-9569-1226FEA1EADE}
2012-03-08 13:12 - 2012-03-08 13:11 - 0000000 ____D C:\Users\John\Local Settings\{1B440A82-8B30-43E6-9569-1226FEA1EADE}
2012-03-08 13:12 - 2012-03-08 13:11 - 0000000 ____D C:\Users\John\AppData\Local\{1B440A82-8B30-43E6-9569-1226FEA1EADE}
2012-03-08 13:11 - 2012-03-08 13:11 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F69E69B7-5090-41E0-85DD-D8377B3CD51D}
2012-03-08 13:11 - 2012-03-08 13:11 - 0000000 ____D C:\Users\John\Local Settings\{F69E69B7-5090-41E0-85DD-D8377B3CD51D}
2012-03-08 13:11 - 2012-03-08 13:11 - 0000000 ____D C:\Users\John\AppData\Local\{F69E69B7-5090-41E0-85DD-D8377B3CD51D}
2012-03-07 15:17 - 2012-03-07 15:17 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{DD0E746B-3A04-4FA8-BF8C-742288959166}
2012-03-07 15:17 - 2012-03-07 15:17 - 0000000 ____D C:\Users\John\Local Settings\{DD0E746B-3A04-4FA8-BF8C-742288959166}
2012-03-07 15:17 - 2012-03-07 15:17 - 0000000 ____D C:\Users\John\AppData\Local\{DD0E746B-3A04-4FA8-BF8C-742288959166}
2012-03-07 15:17 - 2012-03-07 15:16 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{041B2890-C656-40CC-A854-1C8C94AF2923}
2012-03-07 15:17 - 2012-03-07 15:16 - 0000000 ____D C:\Users\John\Local Settings\{041B2890-C656-40CC-A854-1C8C94AF2923}
2012-03-07 15:17 - 2012-03-07 15:16 - 0000000 ____D C:\Users\John\AppData\Local\{041B2890-C656-40CC-A854-1C8C94AF2923}
2012-03-07 01:57 - 2012-03-07 01:57 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0B0A0173-E609-4E7A-9FB1-A28A28AE50CE}
2012-03-07 01:57 - 2012-03-07 01:57 - 0000000 ____D C:\Users\John\Local Settings\{0B0A0173-E609-4E7A-9FB1-A28A28AE50CE}
2012-03-07 01:57 - 2012-03-07 01:57 - 0000000 ____D C:\Users\John\AppData\Local\{0B0A0173-E609-4E7A-9FB1-A28A28AE50CE}
2012-03-07 01:57 - 2012-03-07 01:56 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{D9FA882C-E5D6-4A6C-9034-7739FF5E1743}
2012-03-07 01:57 - 2012-03-07 01:56 - 0000000 ____D C:\Users\John\Local Settings\{D9FA882C-E5D6-4A6C-9034-7739FF5E1743}
2012-03-07 01:57 - 2012-03-07 01:56 - 0000000 ____D C:\Users\John\AppData\Local\{D9FA882C-E5D6-4A6C-9034-7739FF5E1743}
2012-03-06 13:44 - 2012-03-06 13:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F5A0A25B-FD78-470A-A460-0C93C364B53B}
2012-03-06 13:44 - 2012-03-06 13:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0FFCF5A2-3191-4EA9-AD57-D5A891DE1B75}
2012-03-06 13:44 - 2012-03-06 13:44 - 0000000 ____D C:\Users\John\Local Settings\{F5A0A25B-FD78-470A-A460-0C93C364B53B}
2012-03-06 13:44 - 2012-03-06 13:44 - 0000000 ____D C:\Users\John\Local Settings\{0FFCF5A2-3191-4EA9-AD57-D5A891DE1B75}
2012-03-06 13:44 - 2012-03-06 13:44 - 0000000 ____D C:\Users\John\AppData\Local\{F5A0A25B-FD78-470A-A460-0C93C364B53B}
2012-03-06 13:44 - 2012-03-06 13:44 - 0000000 ____D C:\Users\John\AppData\Local\{0FFCF5A2-3191-4EA9-AD57-D5A891DE1B75}
2012-03-06 01:44 - 2012-03-06 01:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E8C53F11-C39E-4F95-AF92-0B23794D2DD8}
2012-03-06 01:44 - 2012-03-06 01:44 - 0000000 ____D C:\Users\John\Local Settings\{E8C53F11-C39E-4F95-AF92-0B23794D2DD8}
2012-03-06 01:44 - 2012-03-06 01:44 - 0000000 ____D C:\Users\John\AppData\Local\{E8C53F11-C39E-4F95-AF92-0B23794D2DD8}
2012-03-06 01:44 - 2012-03-06 01:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A52F31B0-3B37-4603-B459-0703D417B7E4}
2012-03-06 01:44 - 2012-03-06 01:43 - 0000000 ____D C:\Users\John\Local Settings\{A52F31B0-3B37-4603-B459-0703D417B7E4}
2012-03-06 01:44 - 2012-03-06 01:43 - 0000000 ____D C:\Users\John\AppData\Local\{A52F31B0-3B37-4603-B459-0703D417B7E4}
2012-03-05 13:32 - 2012-03-05 13:32 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C8CF20ED-62CE-4E8E-95FA-866FB801B508}
2012-03-05 13:32 - 2012-03-05 13:32 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B83319BD-E2D8-4351-9587-A0D90127F626}
2012-03-05 13:32 - 2012-03-05 13:32 - 0000000 ____D C:\Users\John\Local Settings\{C8CF20ED-62CE-4E8E-95FA-866FB801B508}
2012-03-05 13:32 - 2012-03-05 13:32 - 0000000 ____D C:\Users\John\Local Settings\{B83319BD-E2D8-4351-9587-A0D90127F626}
2012-03-05 13:32 - 2012-03-05 13:32 - 0000000 ____D C:\Users\John\AppData\Local\{C8CF20ED-62CE-4E8E-95FA-866FB801B508}
2012-03-05 13:32 - 2012-03-05 13:32 - 0000000 ____D C:\Users\John\AppData\Local\{B83319BD-E2D8-4351-9587-A0D90127F626}
2012-03-05 01:32 - 2012-03-05 01:31 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{495A73D9-D50F-4E0A-ABFE-3BA366899B0B}
2012-03-05 01:32 - 2012-03-05 01:31 - 0000000 ____D C:\Users\John\Local Settings\{495A73D9-D50F-4E0A-ABFE-3BA366899B0B}
2012-03-05 01:32 - 2012-03-05 01:31 - 0000000 ____D C:\Users\John\AppData\Local\{495A73D9-D50F-4E0A-ABFE-3BA366899B0B}
2012-03-05 01:31 - 2012-03-05 01:31 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E54B2756-2888-4753-92F9-616BF09B3F82}
2012-03-05 01:31 - 2012-03-05 01:31 - 0000000 ____D C:\Users\John\Local Settings\{E54B2756-2888-4753-92F9-616BF09B3F82}
2012-03-05 01:31 - 2012-03-05 01:31 - 0000000 ____D C:\Users\John\AppData\Local\{E54B2756-2888-4753-92F9-616BF09B3F82}
2012-03-04 13:07 - 2012-03-04 13:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FAF9C0AF-7C76-4426-A267-F3744B68FD2E}
2012-03-04 13:07 - 2012-03-04 13:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7EB078BA-13D5-4440-B7DA-31EB1099C5D6}
2012-03-04 13:07 - 2012-03-04 13:07 - 0000000 ____D C:\Users\John\Local Settings\{FAF9C0AF-7C76-4426-A267-F3744B68FD2E}
2012-03-04 13:07 - 2012-03-04 13:07 - 0000000 ____D C:\Users\John\Local Settings\{7EB078BA-13D5-4440-B7DA-31EB1099C5D6}
2012-03-04 13:07 - 2012-03-04 13:07 - 0000000 ____D C:\Users\John\AppData\Local\{FAF9C0AF-7C76-4426-A267-F3744B68FD2E}
2012-03-04 13:07 - 2012-03-04 13:07 - 0000000 ____D C:\Users\John\AppData\Local\{7EB078BA-13D5-4440-B7DA-31EB1099C5D6}
2012-03-04 01:07 - 2012-03-04 01:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B27940A2-8287-4A17-8752-495D63A18499}
2012-03-04 01:07 - 2012-03-04 01:07 - 0000000 ____D C:\Users\John\Local Settings\{B27940A2-8287-4A17-8752-495D63A18499}
2012-03-04 01:07 - 2012-03-04 01:07 - 0000000 ____D C:\Users\John\AppData\Local\{B27940A2-8287-4A17-8752-495D63A18499}
2012-03-04 01:07 - 2012-03-04 01:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6681AD86-4395-437B-83F4-19A83D87836B}
2012-03-04 01:07 - 2012-03-04 01:06 - 0000000 ____D C:\Users\John\Local Settings\{6681AD86-4395-437B-83F4-19A83D87836B}
2012-03-04 01:07 - 2012-03-04 01:06 - 0000000 ____D C:\Users\John\AppData\Local\{6681AD86-4395-437B-83F4-19A83D87836B}
2012-03-03 13:06 - 2012-03-03 13:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{DD3B3CA1-67C8-4D6A-B3E3-341159E5CD2E}
2012-03-03 13:06 - 2012-03-03 13:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{5F1E81BA-E090-42CE-A926-AD9F5EB51CAD}
2012-03-03 13:06 - 2012-03-03 13:06 - 0000000 ____D C:\Users\John\Local Settings\{DD3B3CA1-67C8-4D6A-B3E3-341159E5CD2E}
2012-03-03 13:06 - 2012-03-03 13:06 - 0000000 ____D C:\Users\John\Local Settings\{5F1E81BA-E090-42CE-A926-AD9F5EB51CAD}
2012-03-03 13:06 - 2012-03-03 13:06 - 0000000 ____D C:\Users\John\AppData\Local\{DD3B3CA1-67C8-4D6A-B3E3-341159E5CD2E}
2012-03-03 13:06 - 2012-03-03 13:06 - 0000000 ____D C:\Users\John\AppData\Local\{5F1E81BA-E090-42CE-A926-AD9F5EB51CAD}
2012-03-03 01:35 - 2012-05-12 13:04 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-03 00:45 - 2012-03-03 00:45 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{D048AEE9-0B10-4B5E-8EBA-61ED7C5E0704}
2012-03-03 00:45 - 2012-03-03 00:45 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{07EA7E68-CCA1-4598-90D1-D85BDADB8769}
2012-03-03 00:45 - 2012-03-03 00:45 - 0000000 ____D C:\Users\John\Local Settings\{D048AEE9-0B10-4B5E-8EBA-61ED7C5E0704}
2012-03-03 00:45 - 2012-03-03 00:45 - 0000000 ____D C:\Users\John\Local Settings\{07EA7E68-CCA1-4598-90D1-D85BDADB8769}
2012-03-03 00:45 - 2012-03-03 00:45 - 0000000 ____D C:\Users\John\AppData\Local\{D048AEE9-0B10-4B5E-8EBA-61ED7C5E0704}
2012-03-03 00:45 - 2012-03-03 00:45 - 0000000 ____D C:\Users\John\AppData\Local\{07EA7E68-CCA1-4598-90D1-D85BDADB8769}
2012-03-03 00:31 - 2012-05-12 13:04 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-02 04:29 - 2012-03-02 04:29 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{55494D5D-43AD-4C37-9B70-8642E8D46E1F}
2012-03-02 04:29 - 2012-03-02 04:29 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{53D399A4-D8C6-4F18-BB89-45AA9635077D}
2012-03-02 04:29 - 2012-03-02 04:29 - 0000000 ____D C:\Users\John\Local Settings\{55494D5D-43AD-4C37-9B70-8642E8D46E1F}
2012-03-02 04:29 - 2012-03-02 04:29 - 0000000 ____D C:\Users\John\Local Settings\{53D399A4-D8C6-4F18-BB89-45AA9635077D}
2012-03-02 04:29 - 2012-03-02 04:29 - 0000000 ____D C:\Users\John\AppData\Local\{55494D5D-43AD-4C37-9B70-8642E8D46E1F}
2012-03-02 04:29 - 2012-03-02 04:29 - 0000000 ____D C:\Users\John\AppData\Local\{53D399A4-D8C6-4F18-BB89-45AA9635077D}
2012-03-01 15:19 - 2012-03-01 15:19 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{4F442AA6-E226-40F7-9918-4D7B749D2B08}
2012-03-01 15:19 - 2012-03-01 15:19 - 0000000 ____D C:\Users\John\Local Settings\{4F442AA6-E226-40F7-9918-4D7B749D2B08}
2012-03-01 15:19 - 2012-03-01 15:19 - 0000000 ____D C:\Users\John\AppData\Local\{4F442AA6-E226-40F7-9918-4D7B749D2B08}
2012-03-01 15:19 - 2012-03-01 15:18 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{DAC85DFC-93DC-4F13-983D-8AEC2A76EEA5}
2012-03-01 15:19 - 2012-03-01 15:18 - 0000000 ____D C:\Users\John\Local Settings\{DAC85DFC-93DC-4F13-983D-8AEC2A76EEA5}
2012-03-01 15:19 - 2012-03-01 15:18 - 0000000 ____D C:\Users\John\AppData\Local\{DAC85DFC-93DC-4F13-983D-8AEC2A76EEA5}
2012-03-01 01:46 - 2012-04-13 03:01 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 01:38 - 2012-04-13 03:01 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 01:33 - 2012-04-13 03:01 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 01:28 - 2012-04-13 03:01 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 01:20 - 2012-03-01 01:19 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F2F70216-47DC-4DB9-BB93-D8DC0D78D19A}
2012-03-01 01:20 - 2012-03-01 01:19 - 0000000 ____D C:\Users\John\Local Settings\{F2F70216-47DC-4DB9-BB93-D8DC0D78D19A}
2012-03-01 01:20 - 2012-03-01 01:19 - 0000000 ____D C:\Users\John\AppData\Local\{F2F70216-47DC-4DB9-BB93-D8DC0D78D19A}
2012-03-01 01:19 - 2012-03-01 01:19 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{1EAD945A-C9AF-4EEA-9556-2C02B37AA506}
2012-03-01 01:19 - 2012-03-01 01:19 - 0000000 ____D C:\Users\John\Local Settings\{1EAD945A-C9AF-4EEA-9556-2C02B37AA506}
2012-03-01 01:19 - 2012-03-01 01:19 - 0000000 ____D C:\Users\John\AppData\Local\{1EAD945A-C9AF-4EEA-9556-2C02B37AA506}
2012-03-01 00:37 - 2012-04-13 03:01 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 00:33 - 2012-04-13 03:01 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 00:29 - 2012-04-13 03:01 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 13:10 - 2012-02-29 13:10 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6A35BACC-975E-493D-8479-6355A7BDBDD7}
2012-02-29 13:10 - 2012-02-29 13:10 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{33E90579-A09A-42A1-A46C-61B45190AAA9}
2012-02-29 13:10 - 2012-02-29 13:10 - 0000000 ____D C:\Users\John\Local Settings\{6A35BACC-975E-493D-8479-6355A7BDBDD7}
2012-02-29 13:10 - 2012-02-29 13:10 - 0000000 ____D C:\Users\John\Local Settings\{33E90579-A09A-42A1-A46C-61B45190AAA9}
2012-02-29 13:10 - 2012-02-29 13:10 - 0000000 ____D C:\Users\John\AppData\Local\{6A35BACC-975E-493D-8479-6355A7BDBDD7}
2012-02-29 13:10 - 2012-02-29 13:10 - 0000000 ____D C:\Users\John\AppData\Local\{33E90579-A09A-42A1-A46C-61B45190AAA9}
2012-02-28 15:23 - 2012-02-28 15:23 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{95BA6A3A-04D9-4E1A-B61C-97F35ADA1924}
2012-02-28 15:23 - 2012-02-28 15:23 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{72218154-90A2-43D2-88A9-8F61FE50A195}
2012-02-28 15:23 - 2012-02-28 15:23 - 0000000 ____D C:\Users\John\Local Settings\{95BA6A3A-04D9-4E1A-B61C-97F35ADA1924}
2012-02-28 15:23 - 2012-02-28 15:23 - 0000000 ____D C:\Users\John\Local Settings\{72218154-90A2-43D2-88A9-8F61FE50A195}
2012-02-28 15:23 - 2012-02-28 15:23 - 0000000 ____D C:\Users\John\AppData\Local\{95BA6A3A-04D9-4E1A-B61C-97F35ADA1924}
2012-02-28 15:23 - 2012-02-28 15:23 - 0000000 ____D C:\Users\John\AppData\Local\{72218154-90A2-43D2-88A9-8F61FE50A195}
2012-02-28 03:23 - 2012-02-28 03:23 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{47629783-F655-4445-ACF3-FB113CC8554C}
2012-02-28 03:23 - 2012-02-28 03:23 - 0000000 ____D C:\Users\John\Local Settings\{47629783-F655-4445-ACF3-FB113CC8554C}
2012-02-28 03:23 - 2012-02-28 03:23 - 0000000 ____D C:\Users\John\AppData\Local\{47629783-F655-4445-ACF3-FB113CC8554C}
2012-02-28 03:23 - 2012-02-28 03:22 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7890AEAC-F026-4B5B-972E-7DB08815EE73}
2012-02-28 03:23 - 2012-02-28 03:22 - 0000000 ____D C:\Users\John\Local Settings\{7890AEAC-F026-4B5B-972E-7DB08815EE73}
2012-02-28 03:23 - 2012-02-28 03:22 - 0000000 ____D C:\Users\John\AppData\Local\{7890AEAC-F026-4B5B-972E-7DB08815EE73}
2012-02-28 02:34 - 2012-04-13 03:02 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 02:02 - 2012-04-13 03:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 01:56 - 2012-04-13 03:02 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 01:50 - 2012-04-13 03:02 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 01:49 - 2012-04-13 03:02 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 01:48 - 2012-04-13 03:02 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 01:48 - 2012-04-13 03:02 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 01:47 - 2012-04-13 03:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 01:45 - 2012-04-13 03:02 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 01:43 - 2012-04-13 03:02 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 01:43 - 2012-04-13 03:02 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 01:42 - 2012-04-13 03:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 01:39 - 2012-04-13 03:02 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 20:52 - 2012-04-13 03:02 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 20:27 - 2012-04-13 03:02 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 20:18 - 2012-04-13 03:02 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 20:12 - 2012-04-13 03:02 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 20:11 - 2012-04-13 03:02 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 20:11 - 2012-04-13 03:02 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 20:09 - 2012-04-13 03:02 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 20:08 - 2012-04-13 03:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 20:06 - 2012-04-13 03:02 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 20:04 - 2012-04-13 03:02 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 20:03 - 2012-04-13 03:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 20:03 - 2012-04-13 03:02 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 19:59 - 2012-04-13 03:02 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 15:17 - 2012-02-27 15:17 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{48AC4BE5-4A33-43CC-8435-97364C9DEE3A}
2012-02-27 15:17 - 2012-02-27 15:17 - 0000000 ____D C:\Users\John\Local Settings\{48AC4BE5-4A33-43CC-8435-97364C9DEE3A}
2012-02-27 15:17 - 2012-02-27 15:17 - 0000000 ____D C:\Users\John\AppData\Local\{48AC4BE5-4A33-43CC-8435-97364C9DEE3A}
2012-02-27 15:17 - 2012-02-27 15:16 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A1702399-941A-4C70-BB23-46FED8569048}
2012-02-27 15:17 - 2012-02-27 15:16 - 0000000 ____D C:\Users\John\Local Settings\{A1702399-941A-4C70-BB23-46FED8569048}
2012-02-27 15:17 - 2012-02-27 15:16 - 0000000 ____D C:\Users\John\AppData\Local\{A1702399-941A-4C70-BB23-46FED8569048}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F1EE0900-CA18-4B55-BA6F-306BD0162DD2}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E20F70E6-B3D1-41A7-8587-EB1921F135E4}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\Local Settings\{F1EE0900-CA18-4B55-BA6F-306BD0162DD2}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\Local Settings\{E20F70E6-B3D1-41A7-8587-EB1921F135E4}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\AppData\Local\{F1EE0900-CA18-4B55-BA6F-306BD0162DD2}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\AppData\Local\{E20F70E6-B3D1-41A7-8587-EB1921F135E4}
2012-02-26 13:45 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{650E9B4E-7759-45F4-9070-5AE6AB800189}
2012-02-26 13:45 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\Local Settings\{650E9B4E-7759-45F4-9070-5AE6AB800189}
2012-02-26 13:45 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\AppData\Local\{650E9B4E-7759-45F4-9070-5AE6AB800189}
2012-02-26 13:44 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{26A67851-94C4-40C4-A442-D2B47C5069CA}
2012-02-26 13:44 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\Local Settings\{26A67851-94C4-40C4-A442-D2B47C5069CA}
2012-02-26 13:44 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\AppData\Local\{26A67851-94C4-40C4-A442-D2B47C5069CA}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{21888BDA-5ED2-4E88-A4BD-6DE7806D2064}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{1B8E0FBC-528A-4561-8D4D-E84EADBAC1F3}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\Local Settings\{21888BDA-5ED2-4E88-A4BD-6DE7806D2064}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\Local Settings\{1B8E0FBC-528A-4561-8D4D-E84EADBAC1F3}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\AppData\Local\{21888BDA-5ED2-4E88-A4BD-6DE7806D2064}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\AppData\Local\{1B8E0FBC-528A-4561-8D4D-E84EADBAC1F3}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{9BA3B11D-3026-4330-B2EF-2B61648AED02}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{2F096A55-C61C-46A0-964C-2C3E0135BC5A}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\Local Settings\{9BA3B11D-3026-4330-B2EF-2B61648AED02}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\Local Settings\{2F096A55-C61C-46A0-964C-2C3E0135BC5A}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\AppData\Local\{9BA3B11D-3026-4330-B2EF-2B61648AED02}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\AppData\Local\{2F096A55-C61C-46A0-964C-2C3E0135BC5A}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7CADAC31-0BD9-47F1-930D-CCD5BA4F39E9}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0FFF3111-20F8-4B7E-A3E1-F17BFA23C66C}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\Local Settings\{7CADAC31-0BD9-47F1-930D-CCD5BA4F39E9}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\Local Settings\{0FFF3111-20F8-4B7E-A3E1-F17BFA23C66C}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\AppData\Local\{7CADAC31-0BD9-47F1-930D-CCD5BA4F39E9}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\AppData\Local\{0FFF3111-20F8-4B7E-A3E1-F17BFA23C66C}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{76902187-F5E6-4E3D-A766-79EF99DCF93C}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{54937360-077A-40B8-9B12-7B37202222AB}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\Local Settings\{76902187-F5E6-4E3D-A766-79EF99DCF93C}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\Local Settings\{54937360-077A-40B8-9B12-7B37202222AB}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\AppData\Local\{76902187-F5E6-4E3D-A766-79EF99DCF93C}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\AppData\Local\{54937360-077A-40B8-9B12-7B37202222AB}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{BED0BE01-C070-4F0E-893D-1A2F7366B521}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8AB26EDE-A56F-4772-A270-4E80D844980E}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\Local Settings\{BED0BE01-C070-4F0E-893D-1A2F7366B521}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\Local Settings\{8AB26EDE-A56F-4772-A270-4E80D844980E}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\AppData\Local\{BED0BE01-C070-4F0E-893D-1A2F7366B521}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\AppData\Local\{8AB26EDE-A56F-4772-A270-4E80D844980E}
2012-02-23 13:38 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B591BE75-1AFC-4F76-9DD4-ED97E9DBAA58}
2012-02-23 13:38 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\Local Settings\{B591BE75-1AFC-4F76-9DD4-ED97E9DBAA58}
2012-02-23 13:38 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\AppData\Local\{B591BE75-1AFC-4F76-9DD4-ED97E9DBAA58}
2012-02-23 13:37 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6F8979CE-1AEC-473B-9B25-CC2337BFD0F4}
2012-02-23 13:37 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\Local Settings\{6F8979CE-1AEC-473B-9B25-CC2337BFD0F4}
2012-02-23 13:37 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\AppData\Local\{6F8979CE-1AEC-473B-9B25-CC2337BFD0F4}
2012-02-22 20:00 - 2010-08-03 22:37 - 0000000 ____D C:\Program Files (x86)\StarCraft II
2012-02-22 19:08 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A6C8D965-7885-4BC1-ADB8-3447B20B0017}
2012-02-22 19:08 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\Local Settings\{A6C8D965-7885-4BC1-ADB8-3447B20B0017}
2012-02-22 19:08 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\AppData\Local\{A6C8D965-7885-4BC1-ADB8-3447B20B0017}
2012-02-22 19:07 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{70A10802-4C68-4EDC-9740-1D5D0DF0A97E}
2012-02-22 19:07 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\Local Settings\{70A10802-4C68-4EDC-9740-1D5D0DF0A97E}
2012-02-22 19:07 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\AppData\Local\{70A10802-4C68-4EDC-9740-1D5D0DF0A97E}
2012-02-22 13:29 - 2010-07-27 17:29 - 0010248 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-02-22 13:29 - 2010-01-05 18:04 - 0647208 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-02-22 13:29 - 2010-01-05 18:04 - 0487296 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-02-22 13:29 - 2010-01-05 18:04 - 0289664 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-02-22 13:29 - 2010-01-05 18:04 - 0229528 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-02-22 13:29 - 2010-01-05 18:04 - 0160792 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-02-22 13:29 - 2010-01-05 18:04 - 0100912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-02-22 13:29 - 2010-01-05 18:04 - 0075936 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2012-02-22 13:29 - 2010-01-05 18:04 - 0065264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-02-22 01:59 - 2012-02-22 01:59 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{01C9EF7B-5C0F-4DE3-AEBE-F5CE62D37480}
2012-02-22 01:59 - 2012-02-22 01:59 - 0000000 ____D C:\Users\John\Local Settings\{01C9EF7B-5C0F-4DE3-AEBE-F5CE62D37480}
2012-02-22 01:59 - 2012-02-22 01:59 - 0000000 ____D C:\Users\John\AppData\Local\{01C9EF7B-5C0F-4DE3-AEBE-F5CE62D37480}
2012-02-22 01:59 - 2012-02-22 01:58 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{639DDE13-9F48-4204-8140-16F43D8B12F8}
2012-02-22 01:59 - 2012-02-22 01:58 - 0000000 ____D C:\Users\John\Local Settings\{639DDE13-9F48-4204-8140-16F43D8B12F8}
2012-02-22 01:59 - 2012-02-22 01:58 - 0000000 ____D C:\Users\John\AppData\Local\{639DDE13-9F48-4204-8140-16F43D8B12F8}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{88F94AF2-FED4-4A1D-AD63-759E006B0EFB}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{073755E6-71E6-4115-80A1-A4E464618F1B}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\Local Settings\{88F94AF2-FED4-4A1D-AD63-759E006B0EFB}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\Local Settings\{073755E6-71E6-4115-80A1-A4E464618F1B}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\AppData\Local\{88F94AF2-FED4-4A1D-AD63-759E006B0EFB}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\AppData\Local\{073755E6-71E6-4115-80A1-A4E464618F1B}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{77EB9ACA-2870-450F-B9A1-01360BFEF906}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{22AF763F-45FF-4FC6-A8F5-7C19BACA7440}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\Local Settings\{77EB9ACA-2870-450F-B9A1-01360BFEF906}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\Local Settings\{22AF763F-45FF-4FC6-A8F5-7C19BACA7440}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\AppData\Local\{77EB9ACA-2870-450F-B9A1-01360BFEF906}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\AppData\Local\{22AF763F-45FF-4FC6-A8F5-7C19BACA7440}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8151.08 MB
Available physical RAM: 7343.15 MB
Total Pagefile: 8149.23 MB
Available Pagefile: 7334.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:920.59 GB) (Free:349.45 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:4.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: (Lexar) (Removable) (Total:1.87 GB) (Free:1.79 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 1920 MB 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 920 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 10 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 920 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1911 MB 16 KB

======================================================================================================

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J Lexar FAT Removable 1911 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-19 18:26

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 20 May 2012 - 08:19 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\John\...\Run: [CrashRpt] rundll32.exe "C:\Users\John\AppData\Local\Deployment\CrashRpt\zresadsc.dll",DllRegisterServer [472808 2012-05-19] (Sun Microsystems, Inc.)
2012-05-19 23:18 - 2012-05-19 23:19 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{667A95F8-56EE-43B3-A2A7-C36350498630}
2012-05-19 23:18 - 2012-05-19 23:19 - 0000000 ____D C:\Users\John\Local Settings\{667A95F8-56EE-43B3-A2A7-C36350498630}
2012-05-19 23:18 - 2012-05-19 23:19 - 0000000 ____D C:\Users\John\AppData\Local\{667A95F8-56EE-43B3-A2A7-C36350498630}
2012-05-19 23:18 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{17940A31-2B52-4D9B-96EB-3218088738EA}
2012-05-19 23:18 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\Local Settings\{17940A31-2B52-4D9B-96EB-3218088738EA}
2012-05-19 23:18 - 2012-05-19 23:18 - 0000000 ____D C:\Users\John\AppData\Local\{17940A31-2B52-4D9B-96EB-3218088738EA}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{28ECB912-FB56-4A68-9716-5AD1C750FD74}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\Local Settings\{28ECB912-FB56-4A68-9716-5AD1C750FD74}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\AppData\Local\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0}
2012-05-19 20:40 - 2012-05-19 20:40 - 0000000 ____D C:\Users\John\AppData\Local\{28ECB912-FB56-4A68-9716-5AD1C750FD74}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A66F0417-A07A-467E-84AB-D2B8867F6F6E}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{2FC21730-80E0-4161-A690-AE21443D5979}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\{A66F0417-A07A-467E-84AB-D2B8867F6F6E}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\Local Settings\{2FC21730-80E0-4161-A690-AE21443D5979}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\AppData\Local\{A66F0417-A07A-467E-84AB-D2B8867F6F6E}
2012-05-19 13:47 - 2012-05-19 13:47 - 0000000 ____D C:\Users\John\AppData\Local\{2FC21730-80E0-4161-A690-AE21443D5979}
2012-05-19 13:42 - 2012-05-19 13:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7}
2012-05-19 13:42 - 2012-05-19 13:43 - 0000000 ____D C:\Users\John\Local Settings\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7}
2012-05-19 13:42 - 2012-05-19 13:43 - 0000000 ____D C:\Users\John\AppData\Local\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7}
2012-05-19 13:42 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88}
2012-05-19 13:42 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\Local Settings\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88}
2012-05-19 13:42 - 2012-05-19 13:42 - 0000000 ____D C:\Users\John\AppData\Local\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\Local Settings\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\AppData\Local\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6}
2012-05-18 22:27 - 2012-05-18 22:27 - 0000000 ____D C:\Users\John\AppData\Local\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A}
2012-05-18 19:06 - 2012-05-18 19:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C00D000A-161B-483B-8240-F9221B76DA1A}
2012-05-18 19:06 - 2012-05-18 19:07 - 0000000 ____D C:\Users\John\Local Settings\{C00D000A-161B-483B-8240-F9221B76DA1A}
2012-05-18 19:06 - 2012-05-18 19:07 - 0000000 ____D C:\Users\John\AppData\Local\{C00D000A-161B-483B-8240-F9221B76DA1A}
2012-05-18 19:06 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B1383185-06AD-4092-9A48-91240C2136BB}
2012-05-18 19:06 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\Local Settings\{B1383185-06AD-4092-9A48-91240C2136BB}
2012-05-18 19:06 - 2012-05-18 19:06 - 0000000 ____D C:\Users\John\AppData\Local\{B1383185-06AD-4092-9A48-91240C2136BB}
2012-05-17 23:50 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{03762243-F766-4DC3-84A0-44E47E983E86}
2012-05-17 23:50 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\Local Settings\{03762243-F766-4DC3-84A0-44E47E983E86}
2012-05-17 23:50 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\AppData\Local\{03762243-F766-4DC3-84A0-44E47E983E86}
2012-05-17 23:49 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{80726E4C-FD13-49DD-9865-A4022AF69E5F}
2012-05-17 23:49 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\Local Settings\{80726E4C-FD13-49DD-9865-A4022AF69E5F}
2012-05-17 23:49 - 2012-05-17 23:50 - 0000000 ____D C:\Users\John\AppData\Local\{80726E4C-FD13-49DD-9865-A4022AF69E5F}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{C68FAA79-6D18-45B9-8773-D467CE4A7E76}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\{C68FAA79-6D18-45B9-8773-D467CE4A7E76}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\Local Settings\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\AppData\Local\{C68FAA79-6D18-45B9-8773-D467CE4A7E76}
2012-05-17 18:49 - 2012-05-17 18:49 - 0000000 ____D C:\Users\John\AppData\Local\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{45859203-D03E-4AD1-86D6-F23CC0E595B6}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0BE8259B-A998-49EF-9661-95F4E4705254}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\{45859203-D03E-4AD1-86D6-F23CC0E595B6}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\Local Settings\{0BE8259B-A998-49EF-9661-95F4E4705254}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\AppData\Local\{45859203-D03E-4AD1-86D6-F23CC0E595B6}
2012-05-16 19:06 - 2012-05-16 19:06 - 0000000 ____D C:\Users\John\AppData\Local\{0BE8259B-A998-49EF-9661-95F4E4705254}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FA1A654A-8D23-4789-9D2B-B20631E0F023}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\{FA1A654A-8D23-4789-9D2B-B20631E0F023}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\Local Settings\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\AppData\Local\{FA1A654A-8D23-4789-9D2B-B20631E0F023}
2012-05-13 10:33 - 2012-05-13 10:33 - 0000000 ____D C:\Users\John\AppData\Local\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653}
2012-05-13 10:11 - 2012-05-13 10:11 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8283340F-607E-4916-BC84-DAE0C47EFFDA}
2012-05-13 10:11 - 2012-05-13 10:11 - 0000000 ____D C:\Users\John\Local Settings\{8283340F-607E-4916-BC84-DAE0C47EFFDA}
2012-05-13 10:11 - 2012-05-13 10:11 - 0000000 ____D C:\Users\John\AppData\Local\{8283340F-607E-4916-BC84-DAE0C47EFFDA}
2012-05-13 10:10 - 2012-05-13 10:10 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{56244B7F-E5F4-47D0-912B-AECA75216A66}
2012-05-13 10:10 - 2012-05-13 10:10 - 0000000 ____D C:\Users\John\Local Settings\{56244B7F-E5F4-47D0-912B-AECA75216A66}
2012-05-13 10:10 - 2012-05-13 10:10 - 0000000 ____D C:\Users\John\AppData\Local\{56244B7F-E5F4-47D0-912B-AECA75216A66}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B8652C95-5100-4222-8B8D-21AE08984FCC}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{545CE56D-2264-4F7B-A520-1791A4E6AA35}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\{B8652C95-5100-4222-8B8D-21AE08984FCC}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\Local Settings\{545CE56D-2264-4F7B-A520-1791A4E6AA35}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\AppData\Local\{B8652C95-5100-4222-8B8D-21AE08984FCC}
2012-05-12 12:51 - 2012-05-12 12:51 - 0000000 ____D C:\Users\John\AppData\Local\{545CE56D-2264-4F7B-A520-1791A4E6AA35}
2012-05-12 12:36 - 2012-05-12 12:37 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A}
2012-05-12 12:36 - 2012-05-12 12:37 - 0000000 ____D C:\Users\John\Local Settings\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A}
2012-05-12 12:36 - 2012-05-12 12:37 - 0000000 ____D C:\Users\John\AppData\Local\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A}
2012-05-12 12:36 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{5A642EBA-7033-4317-9703-AB899BC755C0}
2012-05-12 12:36 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\Local Settings\{5A642EBA-7033-4317-9703-AB899BC755C0}
2012-05-12 12:36 - 2012-05-12 12:36 - 0000000 ____D C:\Users\John\AppData\Local\{5A642EBA-7033-4317-9703-AB899BC755C0}
2012-05-12 10:50 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FD4D17D3-9926-4340-ADB0-AF176F36C584}
2012-05-12 10:50 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\Local Settings\{FD4D17D3-9926-4340-ADB0-AF176F36C584}
2012-05-12 10:50 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\AppData\Local\{FD4D17D3-9926-4340-ADB0-AF176F36C584}
2012-05-12 10:49 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1}
2012-05-12 10:49 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\Local Settings\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1}
2012-05-12 10:49 - 2012-05-12 10:50 - 0000000 ____D C:\Users\John\AppData\Local\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{4271411E-90D7-4646-BCA8-0A92AA25FA22}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\Local Settings\{4271411E-90D7-4646-BCA8-0A92AA25FA22}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\AppData\Local\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB}
2012-05-12 10:44 - 2012-05-12 10:44 - 0000000 ____D C:\Users\John\AppData\Local\{4271411E-90D7-4646-BCA8-0A92AA25FA22}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\Local Settings\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\AppData\Local\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5}
2012-05-10 18:50 - 2012-05-10 18:50 - 0000000 ____D C:\Users\John\AppData\Local\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\Local Settings\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\AppData\Local\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE}
2012-05-09 23:00 - 2012-05-09 23:00 - 0000000 ____D C:\Users\John\AppData\Local\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\Local Settings\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\AppData\Local\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F}
2012-05-09 22:55 - 2012-05-09 22:55 - 0000000 ____D C:\Users\John\AppData\Local\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EC2B073B-5149-46B5-AF37-02E735B480D1}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\{EC2B073B-5149-46B5-AF37-02E735B480D1}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\Local Settings\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\AppData\Local\{EC2B073B-5149-46B5-AF37-02E735B480D1}
2012-05-09 20:07 - 2012-05-09 20:07 - 0000000 ____D C:\Users\John\AppData\Local\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED}
2012-05-09 19:24 - 2012-05-09 19:25 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F}
2012-05-09 19:24 - 2012-05-09 19:25 - 0000000 ____D C:\Users\John\Local Settings\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F}
2012-05-09 19:24 - 2012-05-09 19:25 - 0000000 ____D C:\Users\John\AppData\Local\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F}
2012-05-09 19:24 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A}
2012-05-09 19:24 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\Local Settings\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A}
2012-05-09 19:24 - 2012-05-09 19:24 - 0000000 ____D C:\Users\John\AppData\Local\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E89C2A08-1C02-4C0C-9811-368F3898BF7D}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{DE6EA7A2-B2F2-422C-82EE-32115FC40775}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\{E89C2A08-1C02-4C0C-9811-368F3898BF7D}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\Local Settings\{DE6EA7A2-B2F2-422C-82EE-32115FC40775}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\AppData\Local\{E89C2A08-1C02-4C0C-9811-368F3898BF7D}
2012-05-06 13:40 - 2012-05-06 13:40 - 0000000 ____D C:\Users\John\AppData\Local\{DE6EA7A2-B2F2-422C-82EE-32115FC40775}
2012-05-04 18:35 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{FE2AE774-B62F-44AE-8C2F-585843BFAF38}
2012-05-04 18:35 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\Local Settings\{FE2AE774-B62F-44AE-8C2F-585843BFAF38}
2012-05-04 18:35 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\AppData\Local\{FE2AE774-B62F-44AE-8C2F-585843BFAF38}
2012-05-04 18:34 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F6276667-BE0E-4728-9101-6BEDE53ADF7A}
2012-05-04 18:34 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\Local Settings\{F6276667-BE0E-4728-9101-6BEDE53ADF7A}
2012-05-04 18:34 - 2012-05-04 18:35 - 0000000 ____D C:\Users\John\AppData\Local\{F6276667-BE0E-4728-9101-6BEDE53ADF7A}
2012-05-03 18:57 - 2012-05-03 18:58 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E}
2012-05-03 18:57 - 2012-05-03 18:58 - 0000000 ____D C:\Users\John\Local Settings\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E}
2012-05-03 18:57 - 2012-05-03 18:58 - 0000000 ____D C:\Users\John\AppData\Local\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E}
2012-05-03 18:57 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA}
2012-05-03 18:57 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\Local Settings\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA}
2012-05-03 18:57 - 2012-05-03 18:57 - 0000000 ____D C:\Users\John\AppData\Local\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{573D777F-383A-4DF0-8458-D893B74A6186}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\{573D777F-383A-4DF0-8458-D893B74A6186}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\Local Settings\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\AppData\Local\{573D777F-383A-4DF0-8458-D893B74A6186}
2012-04-29 13:17 - 2012-04-29 13:17 - 0000000 ____D C:\Users\John\AppData\Local\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B42144E3-CECD-43EE-BFD7-05C26F227CD2}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\{B42144E3-CECD-43EE-BFD7-05C26F227CD2}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\Local Settings\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\AppData\Local\{B42144E3-CECD-43EE-BFD7-05C26F227CD2}
2012-04-28 15:44 - 2012-04-28 15:44 - 0000000 ____D C:\Users\John\AppData\Local\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1}
2012-04-28 14:51 - 2012-04-28 15:00 - 202441724 ____A C:\Users\John\Downloads\teen_bleep.wmv
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{D194DAC8-0029-4A7C-B25E-4079DC927C5E}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{422CF318-A541-4001-B41C-A21669145589}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\{D194DAC8-0029-4A7C-B25E-4079DC927C5E}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\Local Settings\{422CF318-A541-4001-B41C-A21669145589}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\AppData\Local\{D194DAC8-0029-4A7C-B25E-4079DC927C5E}
2012-04-27 18:19 - 2012-04-27 18:19 - 0000000 ____D C:\Users\John\AppData\Local\{422CF318-A541-4001-B41C-A21669145589}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{457B37D3-3B77-4FA6-8111-315940875F71}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\{457B37D3-3B77-4FA6-8111-315940875F71}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\Local Settings\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\AppData\Local\{457B37D3-3B77-4FA6-8111-315940875F71}
2012-04-26 18:27 - 2012-04-26 18:27 - 0000000 ____D C:\Users\John\AppData\Local\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD}
2012-04-24 19:03 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{425F7893-E933-4D1F-AFEE-E40F1A594C43}
2012-04-24 19:03 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\Local Settings\{425F7893-E933-4D1F-AFEE-E40F1A594C43}
2012-04-24 19:03 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\AppData\Local\{425F7893-E933-4D1F-AFEE-E40F1A594C43}
2012-04-24 19:02 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6}
2012-04-24 19:02 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\Local Settings\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6}
2012-04-24 19:02 - 2012-04-24 19:03 - 0000000 ____D C:\Users\John\AppData\Local\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{26BF71AD-94B4-4B28-B48A-8682FC29640C}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\Local Settings\{26BF71AD-94B4-4B28-B48A-8682FC29640C}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\AppData\Local\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16}
2012-04-23 19:22 - 2012-04-23 19:22 - 0000000 ____D C:\Users\John\AppData\Local\{26BF71AD-94B4-4B28-B48A-8682FC29640C}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7A42EC75-DD5F-4A51-8E98-15998884D128}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\Local Settings\{7A42EC75-DD5F-4A51-8E98-15998884D128}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\AppData\Local\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D}
2012-04-21 11:02 - 2012-04-21 11:02 - 0000000 ____D C:\Users\John\AppData\Local\{7A42EC75-DD5F-4A51-8E98-15998884D128}
2012-04-20 19:03 - 2012-04-20 19:04 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660}
2012-04-20 19:03 - 2012-04-20 19:04 - 0000000 ____D C:\Users\John\Local Settings\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660}
2012-04-20 19:03 - 2012-04-20 19:04 - 0000000 ____D C:\Users\John\AppData\Local\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660}
2012-04-20 19:03 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{94CFE4D8-C048-48C8-92DD-478ACE0370F6}
2012-04-20 19:03 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\Local Settings\{94CFE4D8-C048-48C8-92DD-478ACE0370F6}
2012-04-20 19:03 - 2012-04-20 19:03 - 0000000 ____D C:\Users\John\AppData\Local\{94CFE4D8-C048-48C8-92DD-478ACE0370F6}
2012-04-01 00:36 - 2012-04-01 00:34 - 0000112 ____A C:\Users\All Users\GTeA6i0r2.dat
2012-04-01 00:36 - 2012-04-01 00:34 - 0000112 ____A C:\Users\All Users\Application Data\GTeA6i0r2.dat
2012-04-01 00:36 - 2012-04-01 00:34 - 0000112 ____A C:\ProgramData\GTeA6i0r2.dat
2012-02-27 15:17 - 2012-02-27 15:17 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{48AC4BE5-4A33-43CC-8435-97364C9DEE3A}
2012-02-27 15:17 - 2012-02-27 15:17 - 0000000 ____D C:\Users\John\Local Settings\{48AC4BE5-4A33-43CC-8435-97364C9DEE3A}
2012-02-27 15:17 - 2012-02-27 15:17 - 0000000 ____D C:\Users\John\AppData\Local\{48AC4BE5-4A33-43CC-8435-97364C9DEE3A}
2012-02-27 15:17 - 2012-02-27 15:16 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A1702399-941A-4C70-BB23-46FED8569048}
2012-02-27 15:17 - 2012-02-27 15:16 - 0000000 ____D C:\Users\John\Local Settings\{A1702399-941A-4C70-BB23-46FED8569048}
2012-02-27 15:17 - 2012-02-27 15:16 - 0000000 ____D C:\Users\John\AppData\Local\{A1702399-941A-4C70-BB23-46FED8569048}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{F1EE0900-CA18-4B55-BA6F-306BD0162DD2}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{E20F70E6-B3D1-41A7-8587-EB1921F135E4}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\Local Settings\{F1EE0900-CA18-4B55-BA6F-306BD0162DD2}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\Local Settings\{E20F70E6-B3D1-41A7-8587-EB1921F135E4}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\AppData\Local\{F1EE0900-CA18-4B55-BA6F-306BD0162DD2}
2012-02-27 01:45 - 2012-02-27 01:45 - 0000000 ____D C:\Users\John\AppData\Local\{E20F70E6-B3D1-41A7-8587-EB1921F135E4}
2012-02-26 13:45 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{650E9B4E-7759-45F4-9070-5AE6AB800189}
2012-02-26 13:45 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\Local Settings\{650E9B4E-7759-45F4-9070-5AE6AB800189}
2012-02-26 13:45 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\AppData\Local\{650E9B4E-7759-45F4-9070-5AE6AB800189}
2012-02-26 13:44 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{26A67851-94C4-40C4-A442-D2B47C5069CA}
2012-02-26 13:44 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\Local Settings\{26A67851-94C4-40C4-A442-D2B47C5069CA}
2012-02-26 13:44 - 2012-02-26 13:44 - 0000000 ____D C:\Users\John\AppData\Local\{26A67851-94C4-40C4-A442-D2B47C5069CA}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{21888BDA-5ED2-4E88-A4BD-6DE7806D2064}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{1B8E0FBC-528A-4561-8D4D-E84EADBAC1F3}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\Local Settings\{21888BDA-5ED2-4E88-A4BD-6DE7806D2064}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\Local Settings\{1B8E0FBC-528A-4561-8D4D-E84EADBAC1F3}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\AppData\Local\{21888BDA-5ED2-4E88-A4BD-6DE7806D2064}
2012-02-26 01:44 - 2012-02-26 01:44 - 0000000 ____D C:\Users\John\AppData\Local\{1B8E0FBC-528A-4561-8D4D-E84EADBAC1F3}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{9BA3B11D-3026-4330-B2EF-2B61648AED02}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{2F096A55-C61C-46A0-964C-2C3E0135BC5A}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\Local Settings\{9BA3B11D-3026-4330-B2EF-2B61648AED02}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\Local Settings\{2F096A55-C61C-46A0-964C-2C3E0135BC5A}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\AppData\Local\{9BA3B11D-3026-4330-B2EF-2B61648AED02}
2012-02-25 13:43 - 2012-02-25 13:43 - 0000000 ____D C:\Users\John\AppData\Local\{2F096A55-C61C-46A0-964C-2C3E0135BC5A}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{7CADAC31-0BD9-47F1-930D-CCD5BA4F39E9}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{0FFF3111-20F8-4B7E-A3E1-F17BFA23C66C}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\Local Settings\{7CADAC31-0BD9-47F1-930D-CCD5BA4F39E9}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\Local Settings\{0FFF3111-20F8-4B7E-A3E1-F17BFA23C66C}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\AppData\Local\{7CADAC31-0BD9-47F1-930D-CCD5BA4F39E9}
2012-02-25 01:43 - 2012-02-25 01:43 - 0000000 ____D C:\Users\John\AppData\Local\{0FFF3111-20F8-4B7E-A3E1-F17BFA23C66C}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{76902187-F5E6-4E3D-A766-79EF99DCF93C}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{54937360-077A-40B8-9B12-7B37202222AB}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\Local Settings\{76902187-F5E6-4E3D-A766-79EF99DCF93C}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\Local Settings\{54937360-077A-40B8-9B12-7B37202222AB}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\AppData\Local\{76902187-F5E6-4E3D-A766-79EF99DCF93C}
2012-02-24 13:42 - 2012-02-24 13:42 - 0000000 ____D C:\Users\John\AppData\Local\{54937360-077A-40B8-9B12-7B37202222AB}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{BED0BE01-C070-4F0E-893D-1A2F7366B521}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{8AB26EDE-A56F-4772-A270-4E80D844980E}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\Local Settings\{BED0BE01-C070-4F0E-893D-1A2F7366B521}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\Local Settings\{8AB26EDE-A56F-4772-A270-4E80D844980E}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\AppData\Local\{BED0BE01-C070-4F0E-893D-1A2F7366B521}
2012-02-24 01:38 - 2012-02-24 01:38 - 0000000 ____D C:\Users\John\AppData\Local\{8AB26EDE-A56F-4772-A270-4E80D844980E}
2012-02-23 13:38 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{B591BE75-1AFC-4F76-9DD4-ED97E9DBAA58}
2012-02-23 13:38 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\Local Settings\{B591BE75-1AFC-4F76-9DD4-ED97E9DBAA58}
2012-02-23 13:38 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\AppData\Local\{B591BE75-1AFC-4F76-9DD4-ED97E9DBAA58}
2012-02-23 13:37 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{6F8979CE-1AEC-473B-9B25-CC2337BFD0F4}
2012-02-23 13:37 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\Local Settings\{6F8979CE-1AEC-473B-9B25-CC2337BFD0F4}
2012-02-23 13:37 - 2012-02-23 13:37 - 0000000 ____D C:\Users\John\AppData\Local\{6F8979CE-1AEC-473B-9B25-CC2337BFD0F4}
2012-02-22 19:08 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{A6C8D965-7885-4BC1-ADB8-3447B20B0017}
2012-02-22 19:08 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\Local Settings\{A6C8D965-7885-4BC1-ADB8-3447B20B0017}
2012-02-22 19:08 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\AppData\Local\{A6C8D965-7885-4BC1-ADB8-3447B20B0017}
2012-02-22 19:07 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{70A10802-4C68-4EDC-9740-1D5D0DF0A97E}
2012-02-22 19:07 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\Local Settings\{70A10802-4C68-4EDC-9740-1D5D0DF0A97E}
2012-02-22 19:07 - 2012-02-22 19:07 - 0000000 ____D C:\Users\John\AppData\Local\{70A10802-4C68-4EDC-9740-1D5D0DF0A97E}
2012-02-22 01:59 - 2012-02-22 01:59 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{01C9EF7B-5C0F-4DE3-AEBE-F5CE62D37480}
2012-02-22 01:59 - 2012-02-22 01:59 - 0000000 ____D C:\Users\John\Local Settings\{01C9EF7B-5C0F-4DE3-AEBE-F5CE62D37480}
2012-02-22 01:59 - 2012-02-22 01:59 - 0000000 ____D C:\Users\John\AppData\Local\{01C9EF7B-5C0F-4DE3-AEBE-F5CE62D37480}
2012-02-22 01:59 - 2012-02-22 01:58 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{639DDE13-9F48-4204-8140-16F43D8B12F8}
2012-02-22 01:59 - 2012-02-22 01:58 - 0000000 ____D C:\Users\John\Local Settings\{639DDE13-9F48-4204-8140-16F43D8B12F8}
2012-02-22 01:59 - 2012-02-22 01:58 - 0000000 ____D C:\Users\John\AppData\Local\{639DDE13-9F48-4204-8140-16F43D8B12F8}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{88F94AF2-FED4-4A1D-AD63-759E006B0EFB}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{073755E6-71E6-4115-80A1-A4E464618F1B}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\Local Settings\{88F94AF2-FED4-4A1D-AD63-759E006B0EFB}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\Local Settings\{073755E6-71E6-4115-80A1-A4E464618F1B}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\AppData\Local\{88F94AF2-FED4-4A1D-AD63-759E006B0EFB}
2012-02-21 13:58 - 2012-02-21 13:58 - 0000000 ____D C:\Users\John\AppData\Local\{073755E6-71E6-4115-80A1-A4E464618F1B}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{77EB9ACA-2870-450F-B9A1-01360BFEF906}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\Local Settings\Application Data\{22AF763F-45FF-4FC6-A8F5-7C19BACA7440}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\Local Settings\{77EB9ACA-2870-450F-B9A1-01360BFEF906}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\Local Settings\{22AF763F-45FF-4FC6-A8F5-7C19BACA7440}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\AppData\Local\{77EB9ACA-2870-450F-B9A1-01360BFEF906}
2012-02-21 01:38 - 2012-02-21 01:38 - 0000000 ____D C:\Users\John\AppData\Local\{22AF763F-45FF-4FC6-A8F5-7C19BACA7440}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.



NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 20 May 2012 - 09:33 PM

Ran fixlist, TDSSkiller, and ComboFix as instructed. Logs are below.

Everything seemed to run smoothly, except that ComboFix gave a warning that my McAfee antivirus was active, even after having disabled it per the instructions in your link. I assumed this was just a false warning, and ran it anyway, hopefully that was the right move. I recieved no other warnings or errors other than that.


Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 19-05-2012
Ran by SYSTEM at 2012-05-20 20:38:14 Run:1
Running from J:\

==============================================

HKEY_USERS\John\Software\Microsoft\Windows\CurrentVersion\Run\\CrashRpt Value deleted successfully.
C:\Users\John\Local Settings\Application Data\{667A95F8-56EE-43B3-A2A7-C36350498630} moved successfully.
C:\Users\John\Local Settings\{667A95F8-56EE-43B3-A2A7-C36350498630} not found.
C:\Users\John\AppData\Local\{667A95F8-56EE-43B3-A2A7-C36350498630} not found.
C:\Users\John\Local Settings\Application Data\{17940A31-2B52-4D9B-96EB-3218088738EA} moved successfully.
C:\Users\John\Local Settings\{17940A31-2B52-4D9B-96EB-3218088738EA} not found.
C:\Users\John\AppData\Local\{17940A31-2B52-4D9B-96EB-3218088738EA} not found.
C:\Users\John\Local Settings\Application Data\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0} moved successfully.
C:\Users\John\Local Settings\Application Data\{28ECB912-FB56-4A68-9716-5AD1C750FD74} moved successfully.
C:\Users\John\Local Settings\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0} not found.
C:\Users\John\Local Settings\{28ECB912-FB56-4A68-9716-5AD1C750FD74} not found.
C:\Users\John\AppData\Local\{8099EC13-7F3C-46CE-8683-A5FF50A4D5F0} not found.
C:\Users\John\AppData\Local\{28ECB912-FB56-4A68-9716-5AD1C750FD74} not found.
C:\Users\John\Local Settings\Application Data\{A66F0417-A07A-467E-84AB-D2B8867F6F6E} moved successfully.
C:\Users\John\Local Settings\Application Data\{2FC21730-80E0-4161-A690-AE21443D5979} moved successfully.
C:\Users\John\Local Settings\{A66F0417-A07A-467E-84AB-D2B8867F6F6E} not found.
C:\Users\John\Local Settings\{2FC21730-80E0-4161-A690-AE21443D5979} not found.
C:\Users\John\AppData\Local\{A66F0417-A07A-467E-84AB-D2B8867F6F6E} not found.
C:\Users\John\AppData\Local\{2FC21730-80E0-4161-A690-AE21443D5979} not found.
C:\Users\John\Local Settings\Application Data\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7} moved successfully.
C:\Users\John\Local Settings\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7} not found.
C:\Users\John\AppData\Local\{EEEF884C-513F-42D4-9CF7-C544DC1CEFC7} not found.
C:\Users\John\Local Settings\Application Data\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88} moved successfully.
C:\Users\John\Local Settings\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88} not found.
C:\Users\John\AppData\Local\{224BC92E-2DD6-4A68-B213-D6BD2EE13C88} not found.
C:\Users\John\Local Settings\Application Data\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6} moved successfully.
C:\Users\John\Local Settings\Application Data\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A} moved successfully.
C:\Users\John\Local Settings\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6} not found.
C:\Users\John\Local Settings\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A} not found.
C:\Users\John\AppData\Local\{C2A1D720-0222-4C6D-9DC3-6FF35BB61BF6} not found.
C:\Users\John\AppData\Local\{38B3CF8A-3EB3-4DC6-A1A5-FA865F7F011A} not found.
C:\Users\John\Local Settings\Application Data\{C00D000A-161B-483B-8240-F9221B76DA1A} moved successfully.
C:\Users\John\Local Settings\{C00D000A-161B-483B-8240-F9221B76DA1A} not found.
C:\Users\John\AppData\Local\{C00D000A-161B-483B-8240-F9221B76DA1A} not found.
C:\Users\John\Local Settings\Application Data\{B1383185-06AD-4092-9A48-91240C2136BB} moved successfully.
C:\Users\John\Local Settings\{B1383185-06AD-4092-9A48-91240C2136BB} not found.
C:\Users\John\AppData\Local\{B1383185-06AD-4092-9A48-91240C2136BB} not found.
C:\Users\John\Local Settings\Application Data\{03762243-F766-4DC3-84A0-44E47E983E86} moved successfully.
C:\Users\John\Local Settings\{03762243-F766-4DC3-84A0-44E47E983E86} not found.
C:\Users\John\AppData\Local\{03762243-F766-4DC3-84A0-44E47E983E86} not found.
C:\Users\John\Local Settings\Application Data\{80726E4C-FD13-49DD-9865-A4022AF69E5F} moved successfully.
C:\Users\John\Local Settings\{80726E4C-FD13-49DD-9865-A4022AF69E5F} not found.
C:\Users\John\AppData\Local\{80726E4C-FD13-49DD-9865-A4022AF69E5F} not found.
C:\Users\John\Local Settings\Application Data\{C68FAA79-6D18-45B9-8773-D467CE4A7E76} moved successfully.
C:\Users\John\Local Settings\Application Data\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1} moved successfully.
C:\Users\John\Local Settings\{C68FAA79-6D18-45B9-8773-D467CE4A7E76} not found.
C:\Users\John\Local Settings\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1} not found.
C:\Users\John\AppData\Local\{C68FAA79-6D18-45B9-8773-D467CE4A7E76} not found.
C:\Users\John\AppData\Local\{0A36BA5F-E94A-45AA-AF73-70FCCF7122C1} not found.
C:\Users\John\Local Settings\Application Data\{45859203-D03E-4AD1-86D6-F23CC0E595B6} moved successfully.
C:\Users\John\Local Settings\Application Data\{0BE8259B-A998-49EF-9661-95F4E4705254} moved successfully.
C:\Users\John\Local Settings\{45859203-D03E-4AD1-86D6-F23CC0E595B6} not found.
C:\Users\John\Local Settings\{0BE8259B-A998-49EF-9661-95F4E4705254} not found.
C:\Users\John\AppData\Local\{45859203-D03E-4AD1-86D6-F23CC0E595B6} not found.
C:\Users\John\AppData\Local\{0BE8259B-A998-49EF-9661-95F4E4705254} not found.
C:\Users\John\Local Settings\Application Data\{FA1A654A-8D23-4789-9D2B-B20631E0F023} moved successfully.
C:\Users\John\Local Settings\Application Data\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653} moved successfully.
C:\Users\John\Local Settings\{FA1A654A-8D23-4789-9D2B-B20631E0F023} not found.
C:\Users\John\Local Settings\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653} not found.
C:\Users\John\AppData\Local\{FA1A654A-8D23-4789-9D2B-B20631E0F023} not found.
C:\Users\John\AppData\Local\{CBB057E9-D4D1-45FA-BED3-B0613B0FB653} not found.
C:\Users\John\Local Settings\Application Data\{8283340F-607E-4916-BC84-DAE0C47EFFDA} moved successfully.
C:\Users\John\Local Settings\{8283340F-607E-4916-BC84-DAE0C47EFFDA} not found.
C:\Users\John\AppData\Local\{8283340F-607E-4916-BC84-DAE0C47EFFDA} not found.
C:\Users\John\Local Settings\Application Data\{56244B7F-E5F4-47D0-912B-AECA75216A66} moved successfully.
C:\Users\John\Local Settings\{56244B7F-E5F4-47D0-912B-AECA75216A66} not found.
C:\Users\John\AppData\Local\{56244B7F-E5F4-47D0-912B-AECA75216A66} not found.
C:\Users\John\Local Settings\Application Data\{B8652C95-5100-4222-8B8D-21AE08984FCC} moved successfully.
C:\Users\John\Local Settings\Application Data\{545CE56D-2264-4F7B-A520-1791A4E6AA35} moved successfully.
C:\Users\John\Local Settings\{B8652C95-5100-4222-8B8D-21AE08984FCC} not found.
C:\Users\John\Local Settings\{545CE56D-2264-4F7B-A520-1791A4E6AA35} not found.
C:\Users\John\AppData\Local\{B8652C95-5100-4222-8B8D-21AE08984FCC} not found.
C:\Users\John\AppData\Local\{545CE56D-2264-4F7B-A520-1791A4E6AA35} not found.
C:\Users\John\Local Settings\Application Data\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A} moved successfully.
C:\Users\John\Local Settings\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A} not found.
C:\Users\John\AppData\Local\{0BB01901-9A21-41F3-9ECD-1FB0D17E6B4A} not found.
C:\Users\John\Local Settings\Application Data\{5A642EBA-7033-4317-9703-AB899BC755C0} moved successfully.
C:\Users\John\Local Settings\{5A642EBA-7033-4317-9703-AB899BC755C0} not found.
C:\Users\John\AppData\Local\{5A642EBA-7033-4317-9703-AB899BC755C0} not found.
C:\Users\John\Local Settings\Application Data\{FD4D17D3-9926-4340-ADB0-AF176F36C584} moved successfully.
C:\Users\John\Local Settings\{FD4D17D3-9926-4340-ADB0-AF176F36C584} not found.
C:\Users\John\AppData\Local\{FD4D17D3-9926-4340-ADB0-AF176F36C584} not found.
C:\Users\John\Local Settings\Application Data\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1} moved successfully.
C:\Users\John\Local Settings\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1} not found.
C:\Users\John\AppData\Local\{BE20D1FF-A4B9-41B5-80DB-1B2560DDBDA1} not found.
C:\Users\John\Local Settings\Application Data\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB} moved successfully.
C:\Users\John\Local Settings\Application Data\{4271411E-90D7-4646-BCA8-0A92AA25FA22} moved successfully.
C:\Users\John\Local Settings\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB} not found.
C:\Users\John\Local Settings\{4271411E-90D7-4646-BCA8-0A92AA25FA22} not found.
C:\Users\John\AppData\Local\{E0CEF48F-FD17-407B-B19F-5098D9F01ECB} not found.
C:\Users\John\AppData\Local\{4271411E-90D7-4646-BCA8-0A92AA25FA22} not found.
C:\Users\John\Local Settings\Application Data\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5} moved successfully.
C:\Users\John\Local Settings\Application Data\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA} moved successfully.
C:\Users\John\Local Settings\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5} not found.
C:\Users\John\Local Settings\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA} not found.
C:\Users\John\AppData\Local\{8F35ACC4-7068-4938-9ED4-0E6845DFDAC5} not found.
C:\Users\John\AppData\Local\{1EF8BB19-18CE-4DF2-81E5-4D50AEB898BA} not found.
C:\Users\John\Local Settings\Application Data\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE} moved successfully.
C:\Users\John\Local Settings\Application Data\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F} moved successfully.
C:\Users\John\Local Settings\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE} not found.
C:\Users\John\Local Settings\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F} not found.
C:\Users\John\AppData\Local\{AE737B92-F28C-48D7-85AD-5B58B83D1AFE} not found.
C:\Users\John\AppData\Local\{6E8DBF4A-07DB-47E3-BC9E-D9C7BE20394F} not found.
C:\Users\John\Local Settings\Application Data\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F} moved successfully.
C:\Users\John\Local Settings\Application Data\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D} moved successfully.
C:\Users\John\Local Settings\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F} not found.
C:\Users\John\Local Settings\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D} not found.
C:\Users\John\AppData\Local\{F08DBD5A-992D-4270-8F5E-1D2F7E915F7F} not found.
C:\Users\John\AppData\Local\{BE0BB37F-3318-439E-B5EB-F8D1E53A1F5D} not found.
C:\Users\John\Local Settings\Application Data\{EC2B073B-5149-46B5-AF37-02E735B480D1} moved successfully.
C:\Users\John\Local Settings\Application Data\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED} moved successfully.
C:\Users\John\Local Settings\{EC2B073B-5149-46B5-AF37-02E735B480D1} not found.
C:\Users\John\Local Settings\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED} not found.
C:\Users\John\AppData\Local\{EC2B073B-5149-46B5-AF37-02E735B480D1} not found.
C:\Users\John\AppData\Local\{718BAABF-98D7-4F3B-926B-ACC80BB8E6ED} not found.
C:\Users\John\Local Settings\Application Data\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F} moved successfully.
C:\Users\John\Local Settings\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F} not found.
C:\Users\John\AppData\Local\{13AB59EB-E926-4DA4-AD18-05E3DF1D519F} not found.
C:\Users\John\Local Settings\Application Data\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A} moved successfully.
C:\Users\John\Local Settings\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A} not found.
C:\Users\John\AppData\Local\{87435CC1-DAEC-4CEC-97A9-EB3626072F0A} not found.
C:\Users\John\Local Settings\Application Data\{E89C2A08-1C02-4C0C-9811-368F3898BF7D} moved successfully.
C:\Users\John\Local Settings\Application Data\{DE6EA7A2-B2F2-422C-82EE-32115FC40775} moved successfully.
C:\Users\John\Local Settings\{E89C2A08-1C02-4C0C-9811-368F3898BF7D} not found.
C:\Users\John\Local Settings\{DE6EA7A2-B2F2-422C-82EE-32115FC40775} not found.
C:\Users\John\AppData\Local\{E89C2A08-1C02-4C0C-9811-368F3898BF7D} not found.
C:\Users\John\AppData\Local\{DE6EA7A2-B2F2-422C-82EE-32115FC40775} not found.
C:\Users\John\Local Settings\Application Data\{FE2AE774-B62F-44AE-8C2F-585843BFAF38} moved successfully.
C:\Users\John\Local Settings\{FE2AE774-B62F-44AE-8C2F-585843BFAF38} not found.
C:\Users\John\AppData\Local\{FE2AE774-B62F-44AE-8C2F-585843BFAF38} not found.
C:\Users\John\Local Settings\Application Data\{F6276667-BE0E-4728-9101-6BEDE53ADF7A} moved successfully.
C:\Users\John\Local Settings\{F6276667-BE0E-4728-9101-6BEDE53ADF7A} not found.
C:\Users\John\AppData\Local\{F6276667-BE0E-4728-9101-6BEDE53ADF7A} not found.
C:\Users\John\Local Settings\Application Data\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E} moved successfully.
C:\Users\John\Local Settings\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E} not found.
C:\Users\John\AppData\Local\{54AC1ECA-FE53-45F7-A106-B4B9AD0E545E} not found.
C:\Users\John\Local Settings\Application Data\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA} moved successfully.
C:\Users\John\Local Settings\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA} not found.
C:\Users\John\AppData\Local\{CF450F2D-B1CA-4CB8-A5FA-D82325DFF5BA} not found.
C:\Users\John\Local Settings\Application Data\{573D777F-383A-4DF0-8458-D893B74A6186} moved successfully.
C:\Users\John\Local Settings\Application Data\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77} moved successfully.
C:\Users\John\Local Settings\{573D777F-383A-4DF0-8458-D893B74A6186} not found.
C:\Users\John\Local Settings\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77} not found.
C:\Users\John\AppData\Local\{573D777F-383A-4DF0-8458-D893B74A6186} not found.
C:\Users\John\AppData\Local\{15CAF2CC-78F0-4EEA-A14A-D031FF15DE77} not found.
C:\Users\John\Local Settings\Application Data\{B42144E3-CECD-43EE-BFD7-05C26F227CD2} moved successfully.
C:\Users\John\Local Settings\Application Data\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1} moved successfully.
C:\Users\John\Local Settings\{B42144E3-CECD-43EE-BFD7-05C26F227CD2} not found.
C:\Users\John\Local Settings\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1} not found.
C:\Users\John\AppData\Local\{B42144E3-CECD-43EE-BFD7-05C26F227CD2} not found.
C:\Users\John\AppData\Local\{3CC758E0-81B8-4737-BCE4-EF4AAC7C46D1} not found.
C:\Users\John\Downloads\teen_bleep.wmv not found.
C:\Users\John\Local Settings\Application Data\{D194DAC8-0029-4A7C-B25E-4079DC927C5E} moved successfully.
C:\Users\John\Local Settings\Application Data\{422CF318-A541-4001-B41C-A21669145589} moved successfully.
C:\Users\John\Local Settings\{D194DAC8-0029-4A7C-B25E-4079DC927C5E} not found.
C:\Users\John\Local Settings\{422CF318-A541-4001-B41C-A21669145589} not found.
C:\Users\John\AppData\Local\{D194DAC8-0029-4A7C-B25E-4079DC927C5E} not found.
C:\Users\John\AppData\Local\{422CF318-A541-4001-B41C-A21669145589} not found.
C:\Users\John\Local Settings\Application Data\{457B37D3-3B77-4FA6-8111-315940875F71} moved successfully.
C:\Users\John\Local Settings\Application Data\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD} moved successfully.
C:\Users\John\Local Settings\{457B37D3-3B77-4FA6-8111-315940875F71} not found.
C:\Users\John\Local Settings\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD} not found.
C:\Users\John\AppData\Local\{457B37D3-3B77-4FA6-8111-315940875F71} not found.
C:\Users\John\AppData\Local\{4124EF14-B5E2-4DE5-B124-CD9E0C3857FD} not found.
C:\Users\John\Local Settings\Application Data\{425F7893-E933-4D1F-AFEE-E40F1A594C43} moved successfully.
C:\Users\John\Local Settings\{425F7893-E933-4D1F-AFEE-E40F1A594C43} not found.
C:\Users\John\AppData\Local\{425F7893-E933-4D1F-AFEE-E40F1A594C43} not found.
C:\Users\John\Local Settings\Application Data\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6} moved successfully.
C:\Users\John\Local Settings\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6} not found.
C:\Users\John\AppData\Local\{7AF0F18C-2CBD-4F7D-93AD-DF24F00720E6} not found.
C:\Users\John\Local Settings\Application Data\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16} moved successfully.
C:\Users\John\Local Settings\Application Data\{26BF71AD-94B4-4B28-B48A-8682FC29640C} moved successfully.
C:\Users\John\Local Settings\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16} not found.
C:\Users\John\Local Settings\{26BF71AD-94B4-4B28-B48A-8682FC29640C} not found.
C:\Users\John\AppData\Local\{F0734B83-5CC5-47D4-B1DE-0A161DB61A16} not found.
C:\Users\John\AppData\Local\{26BF71AD-94B4-4B28-B48A-8682FC29640C} not found.
C:\Users\John\Local Settings\Application Data\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D} moved successfully.
C:\Users\John\Local Settings\Application Data\{7A42EC75-DD5F-4A51-8E98-15998884D128} moved successfully.
C:\Users\John\Local Settings\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D} not found.
C:\Users\John\Local Settings\{7A42EC75-DD5F-4A51-8E98-15998884D128} not found.
C:\Users\John\AppData\Local\{EDB0072E-CE7E-4721-AB55-ACC38CF4BD8D} not found.
C:\Users\John\AppData\Local\{7A42EC75-DD5F-4A51-8E98-15998884D128} not found.
C:\Users\John\Local Settings\Application Data\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660} moved successfully.
C:\Users\John\Local Settings\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660} not found.
C:\Users\John\AppData\Local\{B09CC5F2-6493-42DC-842D-BA6A2A9E1660} not found.
C:\Users\John\Local Settings\Application Data\{94CFE4D8-C048-48C8-92DD-478ACE0370F6} moved successfully.
C:\Users\John\Local Settings\{94CFE4D8-C048-48C8-92DD-478ACE0370F6} not found.
C:\Users\John\AppData\Local\{94CFE4D8-C048-48C8-92DD-478ACE0370F6} not found.
C:\Users\All Users\GTeA6i0r2.dat moved successfully.
C:\Users\All Users\Application Data\GTeA6i0r2.dat not found.
C:\ProgramData\GTeA6i0r2.dat not found.
C:\Users\John\Local Settings\Application Data\{48AC4BE5-4A33-43CC-8435-97364C9DEE3A} moved successfully.
C:\Users\John\Local Settings\{48AC4BE5-4A33-43CC-8435-97364C9DEE3A} not found.
C:\Users\John\AppData\Local\{48AC4BE5-4A33-43CC-8435-97364C9DEE3A} not found.
C:\Users\John\Local Settings\Application Data\{A1702399-941A-4C70-BB23-46FED8569048} moved successfully.
C:\Users\John\Local Settings\{A1702399-941A-4C70-BB23-46FED8569048} not found.
C:\Users\John\AppData\Local\{A1702399-941A-4C70-BB23-46FED8569048} not found.
C:\Users\John\Local Settings\Application Data\{F1EE0900-CA18-4B55-BA6F-306BD0162DD2} moved successfully.
C:\Users\John\Local Settings\Application Data\{E20F70E6-B3D1-41A7-8587-EB1921F135E4} moved successfully.
C:\Users\John\Local Settings\{F1EE0900-CA18-4B55-BA6F-306BD0162DD2} not found.
C:\Users\John\Local Settings\{E20F70E6-B3D1-41A7-8587-EB1921F135E4} not found.
C:\Users\John\AppData\Local\{F1EE0900-CA18-4B55-BA6F-306BD0162DD2} not found.
C:\Users\John\AppData\Local\{E20F70E6-B3D1-41A7-8587-EB1921F135E4} not found.
C:\Users\John\Local Settings\Application Data\{650E9B4E-7759-45F4-9070-5AE6AB800189} moved successfully.
C:\Users\John\Local Settings\{650E9B4E-7759-45F4-9070-5AE6AB800189} not found.
C:\Users\John\AppData\Local\{650E9B4E-7759-45F4-9070-5AE6AB800189} not found.
C:\Users\John\Local Settings\Application Data\{26A67851-94C4-40C4-A442-D2B47C5069CA} moved successfully.
C:\Users\John\Local Settings\{26A67851-94C4-40C4-A442-D2B47C5069CA} not found.
C:\Users\John\AppData\Local\{26A67851-94C4-40C4-A442-D2B47C5069CA} not found.
C:\Users\John\Local Settings\Application Data\{21888BDA-5ED2-4E88-A4BD-6DE7806D2064} moved successfully.
C:\Users\John\Local Settings\Application Data\{1B8E0FBC-528A-4561-8D4D-E84EADBAC1F3} moved successfully.
C:\Users\John\Local Settings\{21888BDA-5ED2-4E88-A4BD-6DE7806D2064} not found.
C:\Users\John\Local Settings\{1B8E0FBC-528A-4561-8D4D-E84EADBAC1F3} not found.
C:\Users\John\AppData\Local\{21888BDA-5ED2-4E88-A4BD-6DE7806D2064} not found.
C:\Users\John\AppData\Local\{1B8E0FBC-528A-4561-8D4D-E84EADBAC1F3} not found.
C:\Users\John\Local Settings\Application Data\{9BA3B11D-3026-4330-B2EF-2B61648AED02} moved successfully.
C:\Users\John\Local Settings\Application Data\{2F096A55-C61C-46A0-964C-2C3E0135BC5A} moved successfully.
C:\Users\John\Local Settings\{9BA3B11D-3026-4330-B2EF-2B61648AED02} not found.
C:\Users\John\Local Settings\{2F096A55-C61C-46A0-964C-2C3E0135BC5A} not found.
C:\Users\John\AppData\Local\{9BA3B11D-3026-4330-B2EF-2B61648AED02} not found.
C:\Users\John\AppData\Local\{2F096A55-C61C-46A0-964C-2C3E0135BC5A} not found.
C:\Users\John\Local Settings\Application Data\{7CADAC31-0BD9-47F1-930D-CCD5BA4F39E9} moved successfully.
C:\Users\John\Local Settings\Application Data\{0FFF3111-20F8-4B7E-A3E1-F17BFA23C66C} moved successfully.
C:\Users\John\Local Settings\{7CADAC31-0BD9-47F1-930D-CCD5BA4F39E9} not found.
C:\Users\John\Local Settings\{0FFF3111-20F8-4B7E-A3E1-F17BFA23C66C} not found.
C:\Users\John\AppData\Local\{7CADAC31-0BD9-47F1-930D-CCD5BA4F39E9} not found.
C:\Users\John\AppData\Local\{0FFF3111-20F8-4B7E-A3E1-F17BFA23C66C} not found.
C:\Users\John\Local Settings\Application Data\{76902187-F5E6-4E3D-A766-79EF99DCF93C} moved successfully.
C:\Users\John\Local Settings\Application Data\{54937360-077A-40B8-9B12-7B37202222AB} moved successfully.
C:\Users\John\Local Settings\{76902187-F5E6-4E3D-A766-79EF99DCF93C} not found.
C:\Users\John\Local Settings\{54937360-077A-40B8-9B12-7B37202222AB} not found.
C:\Users\John\AppData\Local\{76902187-F5E6-4E3D-A766-79EF99DCF93C} not found.
C:\Users\John\AppData\Local\{54937360-077A-40B8-9B12-7B37202222AB} not found.
C:\Users\John\Local Settings\Application Data\{BED0BE01-C070-4F0E-893D-1A2F7366B521} moved successfully.
C:\Users\John\Local Settings\Application Data\{8AB26EDE-A56F-4772-A270-4E80D844980E} moved successfully.
C:\Users\John\Local Settings\{BED0BE01-C070-4F0E-893D-1A2F7366B521} not found.
C:\Users\John\Local Settings\{8AB26EDE-A56F-4772-A270-4E80D844980E} not found.
C:\Users\John\AppData\Local\{BED0BE01-C070-4F0E-893D-1A2F7366B521} not found.
C:\Users\John\AppData\Local\{8AB26EDE-A56F-4772-A270-4E80D844980E} not found.
C:\Users\John\Local Settings\Application Data\{B591BE75-1AFC-4F76-9DD4-ED97E9DBAA58} moved successfully.
C:\Users\John\Local Settings\{B591BE75-1AFC-4F76-9DD4-ED97E9DBAA58} not found.
C:\Users\John\AppData\Local\{B591BE75-1AFC-4F76-9DD4-ED97E9DBAA58} not found.
C:\Users\John\Local Settings\Application Data\{6F8979CE-1AEC-473B-9B25-CC2337BFD0F4} moved successfully.
C:\Users\John\Local Settings\{6F8979CE-1AEC-473B-9B25-CC2337BFD0F4} not found.
C:\Users\John\AppData\Local\{6F8979CE-1AEC-473B-9B25-CC2337BFD0F4} not found.
C:\Users\John\Local Settings\Application Data\{A6C8D965-7885-4BC1-ADB8-3447B20B0017} moved successfully.
C:\Users\John\Local Settings\{A6C8D965-7885-4BC1-ADB8-3447B20B0017} not found.
C:\Users\John\AppData\Local\{A6C8D965-7885-4BC1-ADB8-3447B20B0017} not found.
C:\Users\John\Local Settings\Application Data\{70A10802-4C68-4EDC-9740-1D5D0DF0A97E} moved successfully.
C:\Users\John\Local Settings\{70A10802-4C68-4EDC-9740-1D5D0DF0A97E} not found.
C:\Users\John\AppData\Local\{70A10802-4C68-4EDC-9740-1D5D0DF0A97E} not found.
C:\Users\John\Local Settings\Application Data\{01C9EF7B-5C0F-4DE3-AEBE-F5CE62D37480} moved successfully.
C:\Users\John\Local Settings\{01C9EF7B-5C0F-4DE3-AEBE-F5CE62D37480} not found.
C:\Users\John\AppData\Local\{01C9EF7B-5C0F-4DE3-AEBE-F5CE62D37480} not found.
C:\Users\John\Local Settings\Application Data\{639DDE13-9F48-4204-8140-16F43D8B12F8} moved successfully.
C:\Users\John\Local Settings\{639DDE13-9F48-4204-8140-16F43D8B12F8} not found.
C:\Users\John\AppData\Local\{639DDE13-9F48-4204-8140-16F43D8B12F8} not found.
C:\Users\John\Local Settings\Application Data\{88F94AF2-FED4-4A1D-AD63-759E006B0EFB} moved successfully.
C:\Users\John\Local Settings\Application Data\{073755E6-71E6-4115-80A1-A4E464618F1B} moved successfully.
C:\Users\John\Local Settings\{88F94AF2-FED4-4A1D-AD63-759E006B0EFB} not found.
C:\Users\John\Local Settings\{073755E6-71E6-4115-80A1-A4E464618F1B} not found.
C:\Users\John\AppData\Local\{88F94AF2-FED4-4A1D-AD63-759E006B0EFB} not found.
C:\Users\John\AppData\Local\{073755E6-71E6-4115-80A1-A4E464618F1B} not found.
C:\Users\John\Local Settings\Application Data\{77EB9ACA-2870-450F-B9A1-01360BFEF906} moved successfully.
C:\Users\John\Local Settings\Application Data\{22AF763F-45FF-4FC6-A8F5-7C19BACA7440} moved successfully.
C:\Users\John\Local Settings\{77EB9ACA-2870-450F-B9A1-01360BFEF906} not found.
C:\Users\John\Local Settings\{22AF763F-45FF-4FC6-A8F5-7C19BACA7440} not found.
C:\Users\John\AppData\Local\{77EB9ACA-2870-450F-B9A1-01360BFEF906} not found.
C:\Users\John\AppData\Local\{22AF763F-45FF-4FC6-A8F5-7C19BACA7440} not found.

==== End of Fixlog ====


20:46:59.0899 6392 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
20:47:00.0245 6392 ============================================================
20:47:00.0245 6392 Current date / time: 2012/05/20 20:47:00.0245
20:47:00.0245 6392 SystemInfo:
20:47:00.0245 6392
20:47:00.0245 6392 OS Version: 6.1.7601 ServicePack: 1.0
20:47:00.0245 6392 Product type: Workstation
20:47:00.0245 6392 ComputerName: OPTIMUS
20:47:00.0246 6392 UserName: John
20:47:00.0246 6392 Windows directory: C:\Windows
20:47:00.0246 6392 System windows directory: C:\Windows
20:47:00.0246 6392 Running under WOW64
20:47:00.0246 6392 Processor architecture: Intel x64
20:47:00.0246 6392 Number of processors: 8
20:47:00.0246 6392 Page size: 0x1000
20:47:00.0246 6392 Boot type: Normal boot
20:47:00.0246 6392 ============================================================
20:47:02.0370 6392 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:47:02.0397 6392 Drive \Device\Harddisk6\DR6 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:47:02.0400 6392 ============================================================
20:47:02.0400 6392 \Device\Harddisk0\DR0:
20:47:02.0400 6392 MBR partitions:
20:47:02.0400 6392 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x15C3000
20:47:02.0400 6392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15D7000, BlocksNum 0x7312F000
20:47:02.0400 6392 \Device\Harddisk6\DR6:
20:47:02.0401 6392 MBR partitions:
20:47:02.0401 6392 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BBFE0
20:47:02.0401 6392 ============================================================
20:47:02.0424 6392 C: <-> \Device\Harddisk0\DR0\Partition1
20:47:02.0424 6392 ============================================================
20:47:02.0424 6392 Initialize success
20:47:02.0424 6392 ============================================================
20:47:40.0861 6080 ============================================================
20:47:40.0861 6080 Scan started
20:47:40.0861 6080 Mode: Manual; TDLFS;
20:47:40.0861 6080 ============================================================
20:47:41.0314 6080 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:47:41.0318 6080 1394ohci - ok
20:47:41.0339 6080 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:47:41.0344 6080 ACPI - ok
20:47:41.0355 6080 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:47:41.0397 6080 AcpiPmi - ok
20:47:41.0530 6080 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:47:41.0533 6080 AdobeFlashPlayerUpdateSvc - ok
20:47:41.0585 6080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:47:41.0592 6080 adp94xx - ok
20:47:41.0637 6080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:47:41.0653 6080 adpahci - ok
20:47:41.0688 6080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:47:41.0692 6080 adpu320 - ok
20:47:41.0711 6080 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:47:41.0712 6080 AeLookupSvc - ok
20:47:41.0758 6080 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:47:41.0765 6080 AFD - ok
20:47:41.0781 6080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:47:41.0783 6080 agp440 - ok
20:47:41.0804 6080 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:47:41.0806 6080 ALG - ok
20:47:41.0818 6080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:47:41.0825 6080 aliide - ok
20:47:41.0840 6080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:47:41.0842 6080 amdide - ok
20:47:41.0856 6080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:47:41.0858 6080 AmdK8 - ok
20:47:41.0865 6080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:47:41.0871 6080 AmdPPM - ok
20:47:41.0924 6080 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:47:41.0926 6080 amdsata - ok
20:47:41.0948 6080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:47:41.0952 6080 amdsbs - ok
20:47:41.0983 6080 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:47:41.0984 6080 amdxata - ok
20:47:42.0030 6080 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:47:42.0032 6080 AppID - ok
20:47:42.0043 6080 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:47:42.0044 6080 AppIDSvc - ok
20:47:42.0099 6080 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:47:42.0101 6080 Appinfo - ok
20:47:42.0205 6080 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:47:42.0207 6080 Apple Mobile Device - ok
20:47:42.0218 6080 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:47:42.0223 6080 arc - ok
20:47:42.0243 6080 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:47:42.0252 6080 arcsas - ok
20:47:42.0274 6080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:47:42.0276 6080 AsyncMac - ok
20:47:42.0308 6080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:47:42.0310 6080 atapi - ok
20:47:42.0361 6080 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:47:42.0368 6080 AudioEndpointBuilder - ok
20:47:42.0377 6080 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:47:42.0383 6080 AudioSrv - ok
20:47:42.0428 6080 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:47:42.0468 6080 AxInstSV - ok
20:47:42.0509 6080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:47:42.0513 6080 b06bdrv - ok
20:47:42.0539 6080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:47:42.0549 6080 b57nd60a - ok
20:47:42.0583 6080 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:47:42.0585 6080 BDESVC - ok
20:47:42.0593 6080 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:47:42.0594 6080 Beep - ok
20:47:42.0659 6080 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:47:42.0668 6080 BITS - ok
20:47:42.0677 6080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:47:42.0685 6080 blbdrive - ok
20:47:42.0801 6080 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:47:42.0805 6080 Bonjour Service - ok
20:47:42.0846 6080 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:47:42.0848 6080 bowser - ok
20:47:42.0858 6080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:47:42.0859 6080 BrFiltLo - ok
20:47:42.0865 6080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:47:42.0866 6080 BrFiltUp - ok
20:47:42.0906 6080 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:47:42.0908 6080 Browser - ok
20:47:42.0935 6080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:47:42.0947 6080 Brserid - ok
20:47:42.0957 6080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:47:42.0965 6080 BrSerWdm - ok
20:47:42.0970 6080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:47:42.0971 6080 BrUsbMdm - ok
20:47:42.0976 6080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:47:42.0977 6080 BrUsbSer - ok
20:47:42.0987 6080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:47:42.0989 6080 BTHMODEM - ok
20:47:43.0027 6080 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:47:43.0029 6080 bthserv - ok
20:47:43.0090 6080 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
20:47:43.0091 6080 BVRPMPR5a64 - ok
20:47:43.0107 6080 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:47:43.0109 6080 cdfs - ok
20:47:43.0153 6080 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:47:43.0156 6080 cdrom - ok
20:47:43.0179 6080 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:47:43.0181 6080 CertPropSvc - ok
20:47:43.0215 6080 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
20:47:43.0258 6080 cfwids - ok
20:47:43.0310 6080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:47:43.0311 6080 circlass - ok
20:47:43.0337 6080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:47:43.0342 6080 CLFS - ok
20:47:43.0408 6080 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:43.0414 6080 clr_optimization_v2.0.50727_32 - ok
20:47:43.0446 6080 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:47:43.0448 6080 clr_optimization_v2.0.50727_64 - ok
20:47:43.0544 6080 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:47:43.0546 6080 clr_optimization_v4.0.30319_32 - ok
20:47:43.0600 6080 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:47:43.0603 6080 clr_optimization_v4.0.30319_64 - ok
20:47:43.0614 6080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:47:43.0616 6080 CmBatt - ok
20:47:43.0648 6080 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:47:43.0653 6080 cmdide - ok
20:47:43.0698 6080 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:47:43.0704 6080 CNG - ok
20:47:43.0740 6080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:47:43.0741 6080 Compbatt - ok
20:47:43.0755 6080 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:47:43.0801 6080 CompositeBus - ok
20:47:43.0810 6080 COMSysApp - ok
20:47:43.0813 6080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:47:43.0815 6080 crcdisk - ok
20:47:43.0857 6080 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:47:43.0859 6080 CryptSvc - ok
20:47:43.0894 6080 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
20:47:43.0895 6080 dc3d - ok
20:47:43.0914 6080 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:47:43.0918 6080 DcomLaunch - ok
20:47:43.0944 6080 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:47:43.0947 6080 defragsvc - ok
20:47:43.0979 6080 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:47:43.0980 6080 DfsC - ok
20:47:44.0008 6080 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:47:44.0011 6080 Dhcp - ok
20:47:44.0022 6080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:47:44.0024 6080 discache - ok
20:47:44.0036 6080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:47:44.0038 6080 Disk - ok
20:47:44.0081 6080 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:47:44.0085 6080 Dnscache - ok
20:47:44.0158 6080 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
20:47:44.0160 6080 DockLoginService - ok
20:47:44.0221 6080 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:47:44.0265 6080 dot3svc - ok
20:47:44.0310 6080 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:47:44.0311 6080 DPS - ok
20:47:44.0429 6080 DraftSight API Service (f4beee27acab429fb6fcaf8d29325a7d) C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
20:47:44.0432 6080 DraftSight API Service - ok
20:47:44.0444 6080 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:47:44.0446 6080 drmkaud - ok
20:47:44.0515 6080 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:47:44.0524 6080 DXGKrnl - ok
20:47:44.0547 6080 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:47:44.0549 6080 EapHost - ok
20:47:44.0670 6080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:47:44.0724 6080 ebdrv - ok
20:47:44.0801 6080 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:47:44.0802 6080 EFS - ok
20:47:44.0849 6080 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:47:44.0859 6080 ehRecvr - ok
20:47:44.0882 6080 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:47:44.0884 6080 ehSched - ok
20:47:44.0931 6080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:47:44.0939 6080 elxstor - ok
20:47:44.0981 6080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:47:44.0982 6080 ErrDev - ok
20:47:45.0013 6080 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:47:45.0018 6080 EventSystem - ok
20:47:45.0048 6080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:47:45.0052 6080 exfat - ok
20:47:45.0071 6080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:47:45.0081 6080 fastfat - ok
20:47:45.0137 6080 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:47:45.0147 6080 Fax - ok
20:47:45.0154 6080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:47:45.0155 6080 fdc - ok
20:47:45.0193 6080 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:47:45.0195 6080 fdPHost - ok
20:47:45.0208 6080 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:47:45.0210 6080 FDResPub - ok
20:47:45.0238 6080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:47:45.0240 6080 FileInfo - ok
20:47:45.0247 6080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:47:45.0248 6080 Filetrace - ok
20:47:45.0337 6080 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:47:45.0352 6080 FLEXnet Licensing Service - ok
20:47:45.0359 6080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:47:45.0360 6080 flpydisk - ok
20:47:45.0388 6080 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:47:45.0390 6080 FltMgr - ok
20:47:45.0462 6080 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:47:45.0503 6080 FontCache - ok
20:47:45.0572 6080 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:47:45.0629 6080 FontCache3.0.0.0 - ok
20:47:45.0649 6080 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:47:45.0651 6080 FsDepends - ok
20:47:45.0681 6080 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:47:45.0682 6080 Fs_Rec - ok
20:47:45.0726 6080 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:47:45.0776 6080 fvevol - ok
20:47:45.0798 6080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:47:45.0799 6080 gagp30kx - ok
20:47:45.0848 6080 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:47:45.0849 6080 GEARAspiWDM - ok
20:47:45.0901 6080 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:47:45.0904 6080 GoToAssist - ok
20:47:45.0962 6080 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:47:45.0973 6080 gpsvc - ok
20:47:46.0051 6080 HCW85BDA (6d0f56d217545e2d0addbf301b35260f) C:\Windows\system32\drivers\HCW85BDA.sys
20:47:46.0140 6080 HCW85BDA - ok
20:47:46.0209 6080 hcw85cir (25581dcfe6cb06cc0e48fa5b63f67532) C:\Windows\system32\drivers\hcw85cir3.sys
20:47:46.0255 6080 hcw85cir - ok
20:47:46.0315 6080 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:47:46.0317 6080 HDAudBus - ok
20:47:46.0329 6080 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:47:46.0376 6080 HECIx64 - ok
20:47:46.0393 6080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:47:46.0394 6080 HidBatt - ok
20:47:46.0403 6080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:47:46.0404 6080 HidBth - ok
20:47:46.0457 6080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:47:46.0462 6080 HidIr - ok
20:47:46.0483 6080 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:47:46.0485 6080 hidserv - ok
20:47:46.0501 6080 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:47:46.0503 6080 HidUsb - ok
20:47:46.0538 6080 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:47:46.0578 6080 hkmsvc - ok
20:47:46.0650 6080 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:47:46.0696 6080 HomeGroupListener - ok
20:47:46.0739 6080 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:47:46.0741 6080 HomeGroupProvider - ok
20:47:46.0764 6080 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:47:46.0766 6080 HpSAMD - ok
20:47:46.0825 6080 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:47:46.0835 6080 HTTP - ok
20:47:46.0868 6080 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:47:46.0869 6080 hwpolicy - ok
20:47:46.0889 6080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:47:46.0899 6080 i8042prt - ok
20:47:46.0942 6080 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
20:47:46.0948 6080 iaStor - ok
20:47:46.0996 6080 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:47:46.0997 6080 IAStorDataMgrSvc - ok
20:47:47.0051 6080 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:47:47.0057 6080 iaStorV - ok
20:47:47.0134 6080 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:47:47.0148 6080 idsvc - ok
20:47:47.0173 6080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:47:47.0181 6080 iirsp - ok
20:47:47.0225 6080 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:47:47.0236 6080 IKEEXT - ok
20:47:47.0329 6080 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
20:47:47.0368 6080 IntcAzAudAddService - ok
20:47:47.0433 6080 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:47:47.0484 6080 IntcDAud - ok
20:47:47.0518 6080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:47:47.0520 6080 intelide - ok
20:47:47.0563 6080 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:47:47.0564 6080 intelppm - ok
20:47:47.0586 6080 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:47:47.0595 6080 IPBusEnum - ok
20:47:47.0608 6080 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:47:47.0610 6080 IpFilterDriver - ok
20:47:47.0649 6080 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:47:47.0652 6080 IPMIDRV - ok
20:47:47.0665 6080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:47:47.0668 6080 IPNAT - ok
20:47:47.0768 6080 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:47:47.0776 6080 iPod Service - ok
20:47:47.0803 6080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:47:47.0804 6080 IRENUM - ok
20:47:47.0827 6080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:47:47.0829 6080 isapnp - ok
20:47:47.0847 6080 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:47:47.0852 6080 iScsiPrt - ok
20:47:47.0894 6080 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
20:47:47.0939 6080 k57nd60a - ok
20:47:47.0965 6080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:47:47.0965 6080 kbdclass - ok
20:47:47.0976 6080 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:47:48.0044 6080 kbdhid - ok
20:47:48.0066 6080 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:47:48.0066 6080 KeyIso - ok
20:47:48.0085 6080 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:47:48.0109 6080 KSecDD - ok
20:47:48.0121 6080 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:47:48.0122 6080 KSecPkg - ok
20:47:48.0126 6080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:47:48.0127 6080 ksthunk - ok
20:47:48.0159 6080 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:47:48.0174 6080 KtmRm - ok
20:47:48.0234 6080 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:47:48.0283 6080 LanmanServer - ok
20:47:48.0327 6080 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:47:48.0329 6080 LanmanWorkstation - ok
20:47:48.0355 6080 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:47:48.0356 6080 lltdio - ok
20:47:48.0380 6080 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:47:48.0386 6080 lltdsvc - ok
20:47:48.0400 6080 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:47:48.0402 6080 lmhosts - ok
20:47:48.0426 6080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:47:48.0429 6080 LSI_FC - ok
20:47:48.0442 6080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:47:48.0444 6080 LSI_SAS - ok
20:47:48.0461 6080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:47:48.0463 6080 LSI_SAS2 - ok
20:47:48.0478 6080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:47:48.0481 6080 LSI_SCSI - ok
20:47:48.0514 6080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:47:48.0516 6080 luafv - ok
20:47:48.0583 6080 lvpopf64 (a014e25d95f7091000b60ff8a1c2e988) C:\Windows\system32\DRIVERS\lvpopf64.sys
20:47:48.0587 6080 lvpopf64 - ok
20:47:48.0625 6080 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:47:48.0625 6080 LVPr2M64 - ok
20:47:48.0660 6080 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:47:48.0660 6080 LVPr2Mon - ok
20:47:48.0725 6080 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
20:47:48.0727 6080 LVPrcS64 - ok
20:47:48.0781 6080 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
20:47:48.0817 6080 LVRS64 - ok
20:47:48.0974 6080 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
20:47:49.0024 6080 LVUVC64 - ok
20:47:49.0105 6080 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:47:49.0107 6080 McMPFSvc - ok
20:47:49.0112 6080 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:47:49.0115 6080 mcmscsvc - ok
20:47:49.0120 6080 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:47:49.0122 6080 McNaiAnn - ok
20:47:49.0126 6080 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:47:49.0128 6080 McNASvc - ok
20:47:49.0219 6080 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\mcafee\VirusScan\mcods.exe
20:47:49.0226 6080 McODS - ok
20:47:49.0232 6080 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:47:49.0234 6080 McOobeSv - ok
20:47:49.0237 6080 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:47:49.0238 6080 McProxy - ok
20:47:49.0265 6080 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:47:49.0269 6080 McShield - ok
20:47:49.0351 6080 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:47:49.0354 6080 Mcx2Svc - ok
20:47:49.0394 6080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:47:49.0396 6080 megasas - ok
20:47:49.0426 6080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:47:49.0439 6080 MegaSR - ok
20:47:49.0471 6080 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
20:47:49.0473 6080 mfeapfk - ok
20:47:49.0523 6080 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
20:47:49.0581 6080 mfeavfk - ok
20:47:49.0604 6080 mfeavfk01 - ok
20:47:49.0622 6080 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:47:49.0623 6080 mfefire - ok
20:47:49.0679 6080 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
20:47:49.0734 6080 mfefirek - ok
20:47:49.0782 6080 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
20:47:49.0791 6080 mfehidk - ok
20:47:49.0818 6080 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
20:47:49.0819 6080 mfenlfk - ok
20:47:49.0835 6080 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
20:47:49.0837 6080 mferkdet - ok
20:47:49.0934 6080 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
20:47:49.0936 6080 mfevtp - ok
20:47:49.0953 6080 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
20:47:49.0958 6080 mfewfpk - ok
20:47:49.0981 6080 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:47:49.0983 6080 MMCSS - ok
20:47:50.0000 6080 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:47:50.0001 6080 Modem - ok
20:47:50.0029 6080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:47:50.0030 6080 monitor - ok
20:47:50.0076 6080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:47:50.0078 6080 mouclass - ok
20:47:50.0105 6080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:47:50.0107 6080 mouhid - ok
20:47:50.0148 6080 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:47:50.0209 6080 mountmgr - ok
20:47:50.0235 6080 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:47:50.0237 6080 mpio - ok
20:47:50.0247 6080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:47:50.0248 6080 mpsdrv - ok
20:47:50.0287 6080 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:47:50.0290 6080 MRxDAV - ok
20:47:50.0330 6080 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:47:50.0388 6080 mrxsmb - ok
20:47:50.0423 6080 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:47:50.0426 6080 mrxsmb10 - ok
20:47:50.0439 6080 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:47:50.0442 6080 mrxsmb20 - ok
20:47:50.0458 6080 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:47:50.0460 6080 msahci - ok
20:47:50.0481 6080 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:47:50.0546 6080 msdsm - ok
20:47:50.0567 6080 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:47:50.0572 6080 MSDTC - ok
20:47:50.0589 6080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:47:50.0591 6080 Msfs - ok
20:47:50.0596 6080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:47:50.0597 6080 mshidkmdf - ok
20:47:50.0606 6080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:47:50.0607 6080 msisadrv - ok
20:47:50.0634 6080 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:47:50.0636 6080 MSiSCSI - ok
20:47:50.0638 6080 msiserver - ok
20:47:50.0648 6080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:47:50.0649 6080 MSKSSRV - ok
20:47:50.0666 6080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:47:50.0667 6080 MSPCLOCK - ok
20:47:50.0674 6080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:47:50.0676 6080 MSPQM - ok
20:47:50.0728 6080 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:47:50.0734 6080 MsRPC - ok
20:47:50.0782 6080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:47:50.0783 6080 mssmbios - ok
20:47:50.0795 6080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:47:50.0796 6080 MSTEE - ok
20:47:50.0807 6080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:47:50.0808 6080 MTConfig - ok
20:47:50.0851 6080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:47:50.0852 6080 Mup - ok
20:47:50.0883 6080 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:47:50.0891 6080 napagent - ok
20:47:50.0926 6080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:47:50.0931 6080 NativeWifiP - ok
20:47:50.0987 6080 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:47:50.0999 6080 NDIS - ok
20:47:51.0024 6080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:47:51.0028 6080 NdisCap - ok
20:47:51.0041 6080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:47:51.0043 6080 NdisTapi - ok
20:47:51.0081 6080 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:47:51.0083 6080 Ndisuio - ok
20:47:51.0125 6080 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:47:51.0128 6080 NdisWan - ok
20:47:51.0152 6080 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:47:51.0154 6080 NDProxy - ok
20:47:51.0176 6080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:47:51.0178 6080 NetBIOS - ok
20:47:51.0199 6080 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:47:51.0259 6080 NetBT - ok
20:47:51.0294 6080 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:47:51.0295 6080 Netlogon - ok
20:47:51.0329 6080 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:47:51.0336 6080 Netman - ok
20:47:51.0367 6080 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:47:51.0375 6080 netprofm - ok
20:47:51.0440 6080 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:47:51.0443 6080 NetTcpPortSharing - ok
20:47:51.0466 6080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:47:51.0472 6080 nfrd960 - ok
20:47:51.0499 6080 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:47:51.0551 6080 NlaSvc - ok
20:47:51.0565 6080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:47:51.0566 6080 Npfs - ok
20:47:51.0574 6080 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:47:51.0577 6080 nsi - ok
20:47:51.0591 6080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:47:51.0592 6080 nsiproxy - ok
20:47:51.0662 6080 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:47:51.0684 6080 Ntfs - ok
20:47:51.0778 6080 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
20:47:51.0779 6080 NuidFltr - ok
20:47:51.0789 6080 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:47:51.0790 6080 Null - ok
20:47:52.0225 6080 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:47:52.0270 6080 nvlddmkm - ok
20:47:52.0368 6080 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:47:52.0431 6080 nvraid - ok
20:47:52.0464 6080 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:47:52.0517 6080 nvstor - ok
20:47:52.0546 6080 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
20:47:52.0580 6080 nvsvc - ok
20:47:52.0621 6080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:47:52.0622 6080 nv_agp - ok
20:47:52.0663 6080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:47:52.0672 6080 ohci1394 - ok
20:47:52.0741 6080 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:52.0744 6080 ose - ok
20:47:52.0959 6080 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:47:53.0049 6080 osppsvc - ok
20:47:53.0143 6080 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:47:53.0149 6080 p2pimsvc - ok
20:47:53.0177 6080 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:47:53.0185 6080 p2psvc - ok
20:47:53.0232 6080 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:47:53.0234 6080 Parport - ok
20:47:53.0279 6080 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:47:53.0280 6080 partmgr - ok
20:47:53.0301 6080 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:47:53.0305 6080 PcaSvc - ok
20:47:53.0350 6080 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:47:53.0353 6080 pci - ok
20:47:53.0378 6080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:47:53.0380 6080 pciide - ok
20:47:53.0398 6080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:47:53.0402 6080 pcmcia - ok
20:47:53.0422 6080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:47:53.0423 6080 pcw - ok
20:47:53.0461 6080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:47:53.0470 6080 PEAUTH - ok
20:47:53.0518 6080 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:47:53.0521 6080 PerfHost - ok
20:47:53.0613 6080 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:47:53.0646 6080 pla - ok
20:47:53.0704 6080 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:47:53.0749 6080 PlugPlay - ok
20:47:53.0786 6080 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:47:53.0788 6080 PNRPAutoReg - ok
20:47:53.0809 6080 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:47:53.0814 6080 PNRPsvc - ok
20:47:53.0865 6080 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
20:47:53.0866 6080 Point64 - ok
20:47:53.0898 6080 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:47:53.0954 6080 PolicyAgent - ok
20:47:53.0984 6080 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:47:53.0986 6080 Power - ok
20:47:54.0019 6080 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:47:54.0022 6080 PptpMiniport - ok
20:47:54.0045 6080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:47:54.0047 6080 Processor - ok
20:47:54.0070 6080 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:47:54.0075 6080 ProfSvc - ok
20:47:54.0108 6080 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:47:54.0110 6080 ProtectedStorage - ok
20:47:54.0156 6080 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:47:54.0158 6080 Psched - ok
20:47:54.0197 6080 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:47:54.0198 6080 PxHlpa64 - ok
20:47:54.0276 6080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:47:54.0310 6080 ql2300 - ok
20:47:54.0369 6080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:47:54.0375 6080 ql40xx - ok
20:47:54.0408 6080 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:47:54.0414 6080 QWAVE - ok
20:47:54.0422 6080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:47:54.0425 6080 QWAVEdrv - ok
20:47:54.0442 6080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:47:54.0448 6080 RasAcd - ok
20:47:54.0468 6080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:47:54.0470 6080 RasAgileVpn - ok
20:47:54.0489 6080 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:47:54.0494 6080 RasAuto - ok
20:47:54.0511 6080 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:47:54.0513 6080 Rasl2tp - ok
20:47:54.0569 6080 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:47:54.0576 6080 RasMan - ok
20:47:54.0590 6080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:47:54.0599 6080 RasPppoe - ok
20:47:54.0612 6080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:47:54.0617 6080 RasSstp - ok
20:47:54.0637 6080 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:47:54.0642 6080 rdbss - ok
20:47:54.0654 6080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:47:54.0661 6080 rdpbus - ok
20:47:54.0667 6080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:47:54.0671 6080 RDPCDD - ok
20:47:54.0693 6080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:47:54.0695 6080 RDPENCDD - ok
20:47:54.0709 6080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:47:54.0710 6080 RDPREFMP - ok
20:47:54.0757 6080 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:47:54.0761 6080 RDPWD - ok
20:47:54.0804 6080 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:47:54.0807 6080 rdyboost - ok
20:47:54.0835 6080 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:47:54.0838 6080 RemoteAccess - ok
20:47:54.0858 6080 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:47:54.0862 6080 RemoteRegistry - ok
20:47:55.0014 6080 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
20:47:55.0053 6080 RoxMediaDB10 - ok
20:47:55.0081 6080 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:47:55.0084 6080 RpcEptMapper - ok
20:47:55.0106 6080 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:47:55.0108 6080 RpcLocator - ok
20:47:55.0158 6080 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:47:55.0165 6080 RpcSs - ok
20:47:55.0199 6080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:47:55.0200 6080 rspndr - ok
20:47:55.0202 6080 RxFilter - ok
20:47:55.0247 6080 s125bus (ae722fd346b75b776ca75f297347ee8a) C:\Windows\system32\DRIVERS\s125bus.sys
20:47:55.0249 6080 s125bus - ok
20:47:55.0285 6080 s125mdfl (651362aadc145d0028df288182989136) C:\Windows\system32\DRIVERS\s125mdfl.sys
20:47:55.0286 6080 s125mdfl - ok
20:47:55.0334 6080 s125mdm (0744248b0ee7c0f652882ae3b67e6429) C:\Windows\system32\DRIVERS\s125mdm.sys
20:47:55.0337 6080 s125mdm - ok
20:47:55.0394 6080 s125mgmt (51c6262ad6dd5da12543f623b0ee2ebf) C:\Windows\system32\DRIVERS\s125mgmt.sys
20:47:55.0397 6080 s125mgmt - ok
20:47:55.0441 6080 s125obex (5a5b9b10a9545a832b436884a1d1a848) C:\Windows\system32\DRIVERS\s125obex.sys
20:47:55.0493 6080 s125obex - ok
20:47:55.0531 6080 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:47:55.0532 6080 SamSs - ok
20:47:55.0567 6080 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:47:55.0617 6080 sbp2port - ok
20:47:55.0662 6080 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:47:55.0667 6080 SCardSvr - ok
20:47:55.0700 6080 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:47:55.0702 6080 scfilter - ok
20:47:55.0750 6080 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:47:55.0774 6080 Schedule - ok
20:47:55.0806 6080 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:47:55.0808 6080 SCPolicySvc - ok
20:47:55.0849 6080 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:47:55.0853 6080 SDRSVC - ok
20:47:55.0964 6080 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:47:55.0967 6080 SeaPort - ok
20:47:56.0008 6080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:47:56.0013 6080 secdrv - ok
20:47:56.0025 6080 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:47:56.0028 6080 seclogon - ok
20:47:56.0053 6080 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:47:56.0056 6080 SENS - ok
20:47:56.0068 6080 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:47:56.0071 6080 SensrSvc - ok
20:47:56.0089 6080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:47:56.0090 6080 Serenum - ok
20:47:56.0110 6080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:47:56.0114 6080 Serial - ok
20:47:56.0153 6080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:47:56.0155 6080 sermouse - ok
20:47:56.0181 6080 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:47:56.0185 6080 SessionEnv - ok
20:47:56.0189 6080 SessionLauncher - ok
20:47:56.0230 6080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:47:56.0232 6080 sffdisk - ok
20:47:56.0243 6080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:47:56.0250 6080 sffp_mmc - ok
20:47:56.0262 6080 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:47:56.0307 6080 sffp_sd - ok
20:47:56.0312 6080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:47:56.0313 6080 sfloppy - ok
20:47:56.0361 6080 SftService (cf53dcce55e500f51089774e851e7363) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:47:56.0367 6080 SftService - ok
20:47:56.0403 6080 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:47:56.0409 6080 SharedAccess - ok
20:47:56.0462 6080 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:47:56.0468 6080 ShellHWDetection - ok
20:47:56.0481 6080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:47:56.0489 6080 SiSRaid2 - ok
20:47:56.0512 6080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:47:56.0514 6080 SiSRaid4 - ok
20:47:56.0543 6080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:47:56.0545 6080 Smb - ok
20:47:56.0581 6080 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:47:56.0584 6080 SNMPTRAP - ok
20:47:56.0599 6080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:47:56.0600 6080 spldr - ok
20:47:56.0631 6080 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:47:56.0691 6080 Spooler - ok
20:47:56.0838 6080 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:47:56.0860 6080 sppsvc - ok
20:47:56.0904 6080 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:47:56.0906 6080 sppuinotify - ok
20:47:56.0968 6080 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:47:56.0974 6080 srv - ok
20:47:57.0023 6080 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:47:57.0030 6080 srv2 - ok
20:47:57.0050 6080 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:47:57.0054 6080 srvnet - ok
20:47:57.0071 6080 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:47:57.0075 6080 SSDPSRV - ok
20:47:57.0093 6080 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:47:57.0097 6080 SstpSvc - ok
20:47:57.0184 6080 Stereo Service (29662881a46db66730c62a4f1bfa3dc2) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:47:57.0187 6080 Stereo Service - ok
20:47:57.0210 6080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:47:57.0211 6080 stexstor - ok
20:47:57.0270 6080 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:47:57.0319 6080 stisvc - ok
20:47:57.0381 6080 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:47:57.0384 6080 stllssvr - ok
20:47:57.0418 6080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:47:57.0424 6080 swenum - ok
20:47:57.0458 6080 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:47:57.0467 6080 swprv - ok
20:47:57.0561 6080 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:47:57.0601 6080 SysMain - ok
20:47:57.0678 6080 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:47:57.0682 6080 TabletInputService - ok
20:47:57.0704 6080 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:47:57.0711 6080 TapiSrv - ok
20:47:57.0733 6080 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:47:57.0736 6080 TBS - ok
20:47:57.0852 6080 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:47:57.0929 6080 Tcpip - ok
20:47:58.0044 6080 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:47:58.0083 6080 TCPIP6 - ok
20:47:58.0159 6080 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:47:58.0217 6080 tcpipreg - ok
20:47:58.0233 6080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:47:58.0234 6080 TDPIPE - ok
20:47:58.0270 6080 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:47:58.0272 6080 TDTCP - ok
20:47:58.0308 6080 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:47:58.0310 6080 tdx - ok
20:47:58.0361 6080 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:47:58.0400 6080 TermDD - ok
20:47:58.0432 6080 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:47:58.0483 6080 TermService - ok
20:47:58.0492 6080 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:47:58.0493 6080 Themes - ok
20:47:58.0504 6080 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:47:58.0505 6080 THREADORDER - ok
20:47:58.0604 6080 TomTomHOMEService (39bd95a9fe72aaf5c675ad146be456a9) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
20:47:58.0605 6080 TomTomHOMEService - ok
20:47:58.0640 6080 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:47:58.0644 6080 TrkWks - ok
20:47:58.0699 6080 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:47:58.0701 6080 TrustedInstaller - ok
20:47:58.0741 6080 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:47:58.0776 6080 tssecsrv - ok
20:47:58.0827 6080 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:47:58.0829 6080 TsUsbFlt - ok
20:47:58.0864 6080 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:47:58.0866 6080 tunnel - ok
20:47:58.0913 6080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:47:58.0915 6080 uagp35 - ok
20:47:58.0937 6080 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:47:58.0943 6080 udfs - ok
20:47:58.0962 6080 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:47:58.0965 6080 UI0Detect - ok
20:47:59.0002 6080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:47:59.0007 6080 uliagpkx - ok
20:47:59.0024 6080 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:47:59.0065 6080 umbus - ok
20:47:59.0079 6080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:47:59.0081 6080 UmPass - ok
20:47:59.0104 6080 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:47:59.0111 6080 upnphost - ok
20:47:59.0147 6080 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:47:59.0148 6080 USBAAPL64 - ok
20:47:59.0165 6080 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:47:59.0213 6080 usbaudio - ok
20:47:59.0269 6080 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:47:59.0329 6080 usbccgp - ok
20:47:59.0370 6080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:47:59.0373 6080 usbcir - ok
20:47:59.0390 6080 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:47:59.0448 6080 usbehci - ok
20:47:59.0466 6080 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:47:59.0500 6080 usbhub - ok
20:47:59.0536 6080 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:47:59.0538 6080 usbohci - ok
20:47:59.0555 6080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:47:59.0559 6080 usbprint - ok
20:47:59.0582 6080 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:47:59.0586 6080 usbscan - ok
20:47:59.0621 6080 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:47:59.0665 6080 USBSTOR - ok
20:47:59.0700 6080 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:47:59.0701 6080 usbuhci - ok
20:47:59.0718 6080 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:47:59.0721 6080 UxSms - ok
20:47:59.0760 6080 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:47:59.0762 6080 VaultSvc - ok
20:47:59.0774 6080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:47:59.0776 6080 vdrvroot - ok
20:47:59.0829 6080 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:47:59.0836 6080 vds - ok
20:47:59.0851 6080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:47:59.0853 6080 vga - ok
20:47:59.0870 6080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:47:59.0873 6080 VgaSave - ok
20:47:59.0897 6080 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:47:59.0901 6080 vhdmp - ok
20:47:59.0915 6080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:47:59.0916 6080 viaide - ok
20:47:59.0935 6080 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:47:59.0992 6080 volmgr - ok
20:48:00.0051 6080 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:48:00.0112 6080 volmgrx - ok
20:48:00.0158 6080 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:48:00.0208 6080 volsnap - ok
20:48:00.0234 6080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:48:00.0236 6080 vsmraid - ok
20:48:00.0305 6080 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:48:00.0335 6080 VSS - ok
20:48:00.0400 6080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:48:00.0401 6080 vwifibus - ok
20:48:00.0440 6080 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:48:00.0447 6080 W32Time - ok
20:48:00.0468 6080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:48:00.0470 6080 WacomPen - ok
20:48:00.0488 6080 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:48:00.0491 6080 WANARP - ok
20:48:00.0495 6080 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:48:00.0497 6080 Wanarpv6 - ok
20:48:00.0575 6080 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:48:00.0603 6080 WatAdminSvc - ok
20:48:00.0669 6080 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:48:00.0701 6080 wbengine - ok
20:48:00.0761 6080 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:48:00.0774 6080 WbioSrvc - ok
20:48:00.0826 6080 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:48:00.0881 6080 wcncsvc - ok
20:48:00.0888 6080 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:48:00.0889 6080 WcsPlugInService - ok
20:48:00.0898 6080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:48:00.0899 6080 Wd - ok
20:48:00.0928 6080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:48:00.0933 6080 Wdf01000 - ok
20:48:00.0954 6080 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:48:00.0959 6080 WdiServiceHost - ok
20:48:00.0963 6080 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:48:00.0965 6080 WdiSystemHost - ok
20:48:00.0982 6080 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:48:01.0008 6080 WebClient - ok
20:48:01.0022 6080 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:48:01.0025 6080 Wecsvc - ok
20:48:01.0035 6080 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:48:01.0037 6080 wercplsupport - ok
20:48:01.0075 6080 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:48:01.0083 6080 WerSvc - ok
20:48:01.0105 6080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:48:01.0109 6080 WfpLwf - ok
20:48:01.0145 6080 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
20:48:01.0195 6080 WimFltr - ok
20:48:01.0208 6080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:48:01.0209 6080 WIMMount - ok
20:48:01.0212 6080 WinHttpAutoProxySvc - ok
20:48:01.0272 6080 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:48:01.0276 6080 Winmgmt - ok
20:48:01.0353 6080 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:48:01.0384 6080 WinRM - ok
20:48:01.0475 6080 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:48:01.0477 6080 WinUsb - ok
20:48:01.0519 6080 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:48:01.0534 6080 Wlansvc - ok
20:48:01.0658 6080 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:48:01.0729 6080 wlidsvc - ok
20:48:01.0783 6080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:48:01.0785 6080 WmiAcpi - ok
20:48:01.0817 6080 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:48:01.0820 6080 wmiApSrv - ok
20:48:01.0833 6080 WMPNetworkSvc - ok
20:48:01.0875 6080 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:48:01.0882 6080 WPCSvc - ok
20:48:01.0923 6080 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:48:01.0927 6080 WPDBusEnum - ok
20:48:01.0950 6080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:48:01.0952 6080 ws2ifsl - ok
20:48:01.0957 6080 WSearch - ok
20:48:02.0079 6080 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:48:02.0125 6080 wuauserv - ok
20:48:02.0209 6080 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:48:02.0211 6080 WudfPf - ok
20:48:02.0227 6080 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:48:02.0230 6080 WUDFRd - ok
20:48:02.0244 6080 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:48:02.0248 6080 wudfsvc - ok
20:48:02.0280 6080 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:48:02.0293 6080 WwanSvc - ok
20:48:02.0406 6080 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:48:02.0411 6080 YahooAUService - ok
20:48:02.0441 6080 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:48:02.0692 6080 \Device\Harddisk0\DR0 - ok
20:48:02.0698 6080 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
20:48:04.0625 6080 \Device\Harddisk6\DR6 - ok
20:48:04.0629 6080 Boot (0x1200) (1eb1d9e645fa39996bd0f0bd47594921) \Device\Harddisk0\DR0\Partition0
20:48:04.0631 6080 \Device\Harddisk0\DR0\Partition0 - ok
20:48:04.0646 6080 Boot (0x1200) (4e8a774af3e7c25583bd0cd0c5690122) \Device\Harddisk0\DR0\Partition1
20:48:04.0649 6080 \Device\Harddisk0\DR0\Partition1 - ok
20:48:04.0654 6080 Boot (0x1200) (ecc441b67953c64b51cf82382435c35c) \Device\Harddisk6\DR6\Partition0
20:48:04.0655 6080 \Device\Harddisk6\DR6\Partition0 - ok
20:48:04.0655 6080 ============================================================
20:48:04.0655 6080 Scan finished
20:48:04.0655 6080 ============================================================
20:48:04.0660 7064 Detected object count: 0
20:48:04.0660 7064 Actual detected object count: 0
20:48:25.0542 6332 Deinitialize success


ComboFix 12-05-20.09 - John 05/20/2012 21:08:40.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6475 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\15fc9c67-6e4d-42b6-b215-fee7bb01b1c7.dll
c:\programdata\PCDr\5907\Downloads\a0b7da8a-c390-46f6-b2b6-21325fedceac.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-21 02:14 . 2012-05-21 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 00:42 . 2012-05-21 00:43 -------- d-----w- C:\FRST
2012-05-18 04:09 . 2012-05-18 04:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-18 04:09 . 2012-05-18 04:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-17 02:03 . 2012-05-17 02:03 -------- d-----w- c:\users\John\AppData\Local\Dassault Systemes
2012-05-12 18:04 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 18:04 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 18:04 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 18:04 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 18:04 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 18:04 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 18:03 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 18:00 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 18:00 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 18:00 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 18:00 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 18:00 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 17:58 . 2012-05-12 17:58 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-11 18:22 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-05 05:41 . 2012-05-12 18:41 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-12 18:41 . 2012-04-06 01:34 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-12 18:41 . 2011-06-09 23:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2011-11-22 00:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 07:57 . 2010-08-17 01:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-11 23:15 . 2012-03-11 23:15 47616 ----a-w- c:\windows\SysWow64\pdf995mon64.dll
2012-03-01 06:46 . 2012-04-13 08:01 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 08:01 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 08:01 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 08:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 08:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 08:01 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 08:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 08:02 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 08:02 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 08:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 08:02 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 08:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 08:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-22 18:29 . 2010-07-27 22:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 18:29 . 2010-01-05 23:04 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 18:29 . 2010-01-05 23:04 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 18:29 . 2010-01-05 23:04 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 18:29 . 2010-01-05 23:04 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 18:29 . 2010-01-05 23:04 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 18:29 . 2010-01-05 23:04 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 18:29 . 2010-01-05 23:04 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-22 18:29 . 2010-01-05 23:04 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 257696]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 DraftSight API Service;DraftSight API Service;c:\program files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-01-24 78336]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:41]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1406567025-3271937370-2143371598-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 02:03]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1406567025-3271937370-2143371598-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 02:03]
.
2012-05-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-05-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2012-05-20 21:21:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-21 02:21
.
Pre-Run: 375,773,614,080 bytes free
Post-Run: 375,658,438,656 bytes free
.
- - End Of File - - 095271184C36ED5A8CE4FB57DD909E07

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 20 May 2012 - 11:06 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 21 May 2012 - 08:28 PM

Malwarebytes and ESET logs are below.



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
John :: OPTIMUS [administrator]

5/21/2012 12:02:18 AM
mbam-log-2012-05-21 (00-02-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207245
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET Log:


C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\4ef244d4-454b80cc multiple threats
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\504e4dd6-22eb060e a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1659a8c3-58197137 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\196b589f-7837cb78 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\70e83d9f-4ae12738 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\4f448ca1-3335057d a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6924d4a2-2ee2e8ba a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\62ef66e5-7b034cb2 Java/TrojanDownloader.Agent.NCM trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4d809ea6-1ea8aeff multiple threats
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\45bf372a-52d687f5 multiple threats
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\47a1186c-1953c18c a variant of Java/Exploit.CVE-2011-3544.B trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ac74c85-236982a3 multiple threats
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-62912538 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\2bc3f6b3-18a91a05 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-564dca8b a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\124509c7-2332d889 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1a03c108-5f901c58 multiple threats

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 21 May 2012 - 08:37 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\4ef244d4-454b80cc 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\504e4dd6-22eb060e 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1659a8c3-58197137 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\196b589f-7837cb78 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\70e83d9f-4ae12738 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\4f448ca1-3335057d 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6924d4a2-2ee2e8ba 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\62ef66e5-7b034cb2 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4d809ea6-1ea8aeff 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\45bf372a-52d687f5 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\47a1186c-1953c18c 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ac74c85-236982a3 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-62912538 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\2bc3f6b3-18a91a05 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-564dca8b 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\124509c7-2332d889 
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1a03c108-5f901c58 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.



NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 30 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 21 May 2012 - 10:05 PM

Combofix log is below. Installed new version of Adobe Reader.

However, I have not been able to update Java. Went to Control Panel as instructed, found Java. Update tab is missing. Screenshot is attached.

Aside from not being able to update Java, it looks good so far. Have not seen any redirects today.


ComboFix 12-05-21.05 - John 05/21/2012 20:58:21.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6311 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\4ef244d4-454b80cc"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\504e4dd6-22eb060e"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1659a8c3-58197137"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\196b589f-7837cb78"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\70e83d9f-4ae12738"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\4f448ca1-3335057d"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6924d4a2-2ee2e8ba"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\62ef66e5-7b034cb2"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4d809ea6-1ea8aeff"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\45bf372a-52d687f5"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\47a1186c-1953c18c"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ac74c85-236982a3"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-62912538"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\2bc3f6b3-18a91a05"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-564dca8b"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\124509c7-2332d889"
"c:\users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1a03c108-5f901c58"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\a0b7da8a-c390-46f6-b2b6-21325fedceac.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 02:03 . 2012-05-22 02:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 00:42 . 2012-05-21 00:43 -------- d-----w- C:\FRST
2012-05-18 04:09 . 2012-05-18 04:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-18 04:09 . 2012-05-18 04:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-17 02:03 . 2012-05-17 02:03 -------- d-----w- c:\users\John\AppData\Local\Dassault Systemes
2012-05-12 18:04 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 18:04 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 18:04 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 18:04 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 18:04 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 18:04 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 18:03 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 18:00 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 18:00 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 18:00 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 18:00 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 18:00 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 17:58 . 2012-05-12 17:58 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-11 18:22 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-05 05:41 . 2012-05-12 18:41 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-12 18:41 . 2012-04-06 01:34 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-12 18:41 . 2011-06-09 23:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2011-11-22 00:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 07:57 . 2010-08-17 01:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-11 23:15 . 2012-03-11 23:15 47616 ----a-w- c:\windows\SysWow64\pdf995mon64.dll
2012-03-01 06:46 . 2012-04-13 08:01 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 08:01 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 08:01 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 08:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 08:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 08:01 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 08:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 08:02 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 08:02 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 08:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 08:02 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 08:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 08:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-22 18:29 . 2010-07-27 22:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 18:29 . 2010-01-05 23:04 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 18:29 . 2010-01-05 23:04 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 18:29 . 2010-01-05 23:04 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 18:29 . 2010-01-05 23:04 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 18:29 . 2010-01-05 23:04 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 18:29 . 2010-01-05 23:04 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 18:29 . 2010-01-05 23:04 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-22 18:29 . 2010-01-05 23:04 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-21_02.17.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-27 22:39 . 2012-05-21 02:25 51726 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-21 02:25 27218 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-03 00:24 . 2012-05-21 02:25 15970 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1406567025-3271937370-2143371598-1000_UserData.bin
+ 2010-08-02 20:25 . 2012-05-22 02:04 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-02 20:25 . 2012-05-21 01:39 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-02 20:25 . 2012-05-22 02:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-02 20:25 . 2012-05-21 01:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-22 02:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-21 01:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-21 02:16 . 2012-05-21 02:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-22 02:04 . 2012-05-22 02:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-22 02:04 . 2012-05-22 02:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-21 02:16 . 2012-05-21 02:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-03 10:13 . 2012-05-21 23:18 343880 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:01 . 2012-05-22 02:04 422880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-21 02:16 422880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-04 10:21 . 2012-05-21 00:37 1360328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-04 10:21 . 2012-05-22 02:04 1360328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-03 23:54 . 2012-05-22 02:04 18842355 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1406567025-3271937370-2143371598-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 257696]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 DraftSight API Service;DraftSight API Service;c:\program files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-01-24 78336]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:41]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1406567025-3271937370-2143371598-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 02:03]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1406567025-3271937370-2143371598-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 02:03]
.
2012-05-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-05-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2012-05-21 21:27:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 02:27
ComboFix2.txt 2012-05-21 02:21
.
Pre-Run: 371,406,336,000 bytes free
Post-Run: 373,424,545,792 bytes free
.
- - End Of File - - 2CA1C901971DB46551A71753E42791F5

Attached Files



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 22 May 2012 - 05:56 PM

Please export this registry key



Press the WinKey + R to open a Run box > copy and paste the following command into the run box > OK:

regedit /a "%userprofile%\desktop\output.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy"

A new file called output.txt should appear on your Desktop, please post the contents with your next response.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 22 May 2012 - 06:44 PM

Ran your command. I get a message box asking if I want to allow the program (Registry Editor) to make changes. I click Yes, but then nothing seems to happen. I'm not getting the text file.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 22 May 2012 - 06:48 PM

that means the key doesn't exist for some reason

go to Control Panel > Programs and Features and remove all the old Java programs that are installed,

then go to the following site and download Java version 7 update 4 and install it.

http://java.com/en/download/index.jsp

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 22 May 2012 - 07:06 PM

Okay, installation is done.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 22 May 2012 - 07:53 PM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the DDS and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Shadowchaser1138

Shadowchaser1138
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 22 May 2012 - 09:29 PM

So far, so good. No redirects, and computer seems to start up faster than before. It even seems to have resolved a server connection issue in a game that I'd been having trouble with, which I had thought was unrelated to the spyware problem. I'll look through your links regarding prevention as well.

Thanks again for your help - this one had me really stumped.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users