Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • This topic is locked This topic is locked
25 replies to this topic

#1 BP42

BP42

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 04 June 2012 - 10:10 AM

Hi,

Like many others, I have been having trouble with a redirect virus. Google, Bing, and Yahoo all redirect to other pages like Scour.com. I have tried Malwarebytes, TDSSKiller, FixTDSS, and aswMBR. They aren't detecting anything.
Below is the DDS log. Any help is appreciated.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Owner at 14:02:07 on 2012-05-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1083 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9GE64GE\Defogger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar = Preserve
uWindow Title = Windows Internet Explorer provided by Comcast
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7000b6ca-4388-4d95-893d-6659c2d4d1ce} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Updater For Xfinity.com Toolbar 3.1: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - c:\program files\xfinitytb\auxi\xfinityAu.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [SpeedItUpEX] c:\program files\speeditup free\SpeedItUp.exe -MINI
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SupportSoft] rundll32.exe "c:\users\owner\appdata\local\windows live\supportsoft\maxvnt.dll",DllRegisterServer
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [<NO NAME>]
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0674107A-2CD4-4F44-868E-9E5F828F0DC8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{78EC75C6-FF4E-40DF-9031-8DB717C17A3B} : DhcpNameServer = 68.87.64.150 68.87.75.198
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-5-27 26872]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-7 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-7 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-7 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-7 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-12-29 50256]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-9-28 36432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-4-18 677128]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-30 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-30 12:27:57 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{726b3561-7433-4723-88e8-3b8e00eedfca}\offreg.dll
2012-05-30 12:07:14 -------- d-----w- c:\users\owner\appdata\local\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 12:07:02 -------- d-----w- c:\users\owner\appdata\local\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-29 17:29:54 -------- d-----w- c:\users\owner\appdata\local\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 17:29:42 -------- d-----w- c:\users\owner\appdata\local\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 15:04:52 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{726b3561-7433-4723-88e8-3b8e00eedfca}\mpengine.dll
2012-05-29 15:00:02 -------- d-----w- c:\users\owner\appdata\local\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 14:59:45 -------- d-----w- c:\users\owner\appdata\local\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-28 22:24:53 -------- d-----w- c:\users\owner\appdata\local\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 22:24:36 -------- d-----w- c:\users\owner\appdata\local\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 15:50:41 -------- d-----w- c:\users\owner\appdata\local\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 15:50:24 -------- d-----w- c:\users\owner\appdata\local\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 15:35:55 -------- d-----w- c:\users\owner\appdata\local\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 15:35:43 -------- d-----w- c:\users\owner\appdata\local\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 11:03:48 -------- d-----w- c:\users\owner\appdata\local\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 11:03:35 -------- d-----w- c:\users\owner\appdata\local\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 10:52:51 -------- d-----w- c:\users\owner\appdata\local\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 10:52:29 -------- d-----w- c:\users\owner\appdata\local\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 10:50:12 -------- d-----w- c:\windows\pss
2012-05-28 10:17:18 -------- d-----w- c:\users\owner\appdata\local\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 10:16:54 -------- d-----w- c:\users\owner\appdata\local\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-28 01:32:43 -------- d-----w- c:\users\owner\appdata\local\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-28 01:32:28 -------- d-----w- c:\users\owner\appdata\local\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-28 01:09:57 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-05-28 01:09:57 -------- d-----w- c:\users\owner\appdata\roaming\FixTDSS
2012-05-27 13:42:27 -------- d-----w- c:\users\owner\appdata\local\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 13:42:13 -------- d-----w- c:\users\owner\appdata\local\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-27 03:00:39 -------- d-----w- c:\users\owner\appdata\local\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-27 03:00:29 -------- d-----w- c:\users\owner\appdata\local\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-27 01:28:10 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2012-05-27 01:28:04 -------- d-----w- c:\programdata\Malwarebytes
2012-05-27 01:28:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-27 01:28:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-26 22:14:08 -------- d-----w- c:\users\owner\appdata\local\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 22:13:55 -------- d-----w- c:\users\owner\appdata\local\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-25 18:37:13 -------- d-----w- c:\users\owner\appdata\local\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 18:36:57 -------- d-----w- c:\users\owner\appdata\local\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-24 15:05:57 -------- d-----w- c:\users\owner\appdata\local\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 15:05:44 -------- d-----w- c:\users\owner\appdata\local\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-23 16:07:39 -------- d-----w- c:\users\owner\appdata\local\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 16:07:29 -------- d-----w- c:\users\owner\appdata\local\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-22 14:57:12 -------- d-----w- c:\users\owner\appdata\local\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 14:56:54 -------- d-----w- c:\users\owner\appdata\local\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-21 14:04:23 -------- d-----w- c:\users\owner\appdata\local\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-21 14:04:07 -------- d-----w- c:\users\owner\appdata\local\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-20 14:56:40 -------- d-----w- c:\users\owner\appdata\local\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-20 14:56:22 -------- d-----w- c:\users\owner\appdata\local\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-19 20:13:55 -------- d-----w- c:\users\owner\appdata\local\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 20:13:42 -------- d-----w- c:\users\owner\appdata\local\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-18 16:05:43 -------- d-----w- c:\users\owner\appdata\local\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 16:05:26 -------- d-----w- c:\users\owner\appdata\local\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-17 14:27:26 -------- d-----w- c:\users\owner\appdata\local\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-17 14:27:15 -------- d-----w- c:\users\owner\appdata\local\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-16 15:12:01 -------- d-----w- c:\users\owner\appdata\local\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 15:11:48 -------- d-----w- c:\users\owner\appdata\local\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-15 15:33:00 -------- d-----w- c:\users\owner\appdata\local\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 15:32:40 -------- d-----w- c:\users\owner\appdata\local\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-14 15:19:16 -------- d-----w- c:\users\owner\appdata\local\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-14 15:19:04 -------- d-----w- c:\users\owner\appdata\local\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-13 23:09:43 -------- d-----w- c:\users\owner\appdata\local\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-13 23:09:18 -------- d-----w- c:\users\owner\appdata\local\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-11 16:54:20 -------- d-----w- c:\users\owner\appdata\local\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 16:54:09 -------- d-----w- c:\users\owner\appdata\local\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 16:15:54 -------- d-----w- c:\users\owner\appdata\local\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 16:15:37 -------- d-----w- c:\users\owner\appdata\local\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-10 15:11:05 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 15:11:04 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 15:11:03 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 15:11:02 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 15:11:02 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 15:11:02 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 15:11:02 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-10 15:11:01 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-05-10 15:10:59 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 15:10:59 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 15:10:58 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 15:10:58 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 15:10:58 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 15:10:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 15:10:52 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 15:10:52 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 15:03:10 -------- d-----w- c:\users\owner\appdata\local\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 15:02:58 -------- d-----w- c:\users\owner\appdata\local\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-09 15:05:06 -------- d-----w- c:\users\owner\appdata\local\{8A731D00-BF68-4C67-AA6C-0925D6B301EE}
2012-05-09 15:04:46 -------- d-----w- c:\users\owner\appdata\local\{F829484C-13AD-46E4-B065-30ABBF3B94C3}
2012-05-08 15:15:26 -------- d-----w- c:\users\owner\appdata\local\{F2C83039-8D9D-4853-A493-C674A1BA458D}
2012-05-08 15:15:10 -------- d-----w- c:\users\owner\appdata\local\{85429D4C-8E76-427A-8800-78A5D6A48A97}
2012-05-07 16:08:43 -------- d-----w- c:\users\owner\appdata\local\{14D41652-B07A-4C5B-AA32-1DB365D0BE8A}
2012-05-07 16:08:26 -------- d-----w- c:\users\owner\appdata\local\{5BD0BCEA-645D-4EC1-85FE-FF54BBDFAD39}
2012-05-06 15:57:16 -------- d-----w- c:\users\owner\appdata\local\{366D94C1-F6F5-4EC0-B66D-2F2DCF30B979}
2012-05-06 15:56:57 -------- d-----w- c:\users\owner\appdata\local\{937ED48F-8222-4E07-A4CC-F93504792C1A}
2012-05-05 21:59:18 -------- d-----w- c:\users\owner\appdata\local\{1AA4487E-7305-4AC7-8727-7BEC4D5F1A46}
2012-05-05 21:59:02 -------- d-----w- c:\users\owner\appdata\local\{7A045ABE-6F10-406B-9B55-22432C5FD013}
2012-05-05 02:09:55 -------- d-----w- c:\users\owner\appdata\local\{5712321B-44BB-483F-9499-C262D3831056}
2012-05-05 02:09:37 -------- d-----w- c:\users\owner\appdata\local\{949617AB-2BD5-4A59-9E22-705BE3EA52F7}
2012-05-04 16:10:30 -------- d-----w- c:\users\owner\appdata\local\{64832811-062A-4AAF-81B3-971776DBC459}
2012-05-04 16:10:17 -------- d-----w- c:\users\owner\appdata\local\{22984FDD-F820-481A-8D97-8B74FBEDAEC6}
2012-05-03 15:24:24 -------- d-----w- c:\users\owner\appdata\local\{70C2F704-6964-4A1C-BBCE-9B24B3478EDA}
2012-05-03 15:24:11 -------- d-----w- c:\users\owner\appdata\local\{3581B6F3-A654-4606-8D4D-AFB663637CF3}
2012-05-02 16:04:49 -------- d-----w- c:\users\owner\appdata\local\{DCE96656-D23C-401F-B390-6541BA195E56}
2012-05-02 16:04:36 -------- d-----w- c:\users\owner\appdata\local\{D88A6CBC-EA67-420B-A456-4C7EA0D16B58}
2012-05-01 15:19:44 -------- d-----w- c:\users\owner\appdata\local\{53E812F7-762D-4EBE-B327-AAC8D76D772A}
2012-05-01 15:19:33 -------- d-----w- c:\users\owner\appdata\local\{EC95A482-5CFB-4CF6-8AE2-0F50782F21D1}
.
==================== Find3M ====================
.
.
============= FINISH: 14:03:43.36 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 05 June 2012 - 02:44 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BP42

BP42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 05 June 2012 - 03:30 PM

Hi Gringo,

After running Combofix, my web searches no longer appear to be redirecting. However, I am unable to use the back button after I click on a link. It won't leave the page that I'm on. I also now have an extra Internet Explorer icon.
Below are the Security Check and Combofix logs.

Thank you for your help so far.



Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java™ 6 Update 7
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Reader 9 Adobe Reader out of date!
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
Trend Micro Internet Security UfSeAgnt.exe
Trend Micro BM TMBMSRV.exe
Trend Micro Internet Security SfCtlCom.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````






ComboFix 12-06-05.03 - Owner 06/05/2012 15:23:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1629 [GMT -4:00]
Running from: c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M831FFJG\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsProtectionI.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\Tmp\removesgp.exe
c:\program files\Search Guard PlusU\Tmp\removesgp0.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\ie3sh.exe
c:\users\Owner\AppData\Local\Windows Live\SupportSoft\maxvnt.dll
c:\users\Public\RemoveSGP.exe
c:\users\Public\RemoveSGP0.exe
c:\windows\favicon.ico
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\service
c:\windows\system32\service\01042010_TIS17_SfFniAU.log
c:\windows\system32\service\01072010_TIS17_SfFniAU.log
c:\windows\system32\service\01082010_TIS17_SfFniAU.log
c:\windows\system32\service\02012010_TIS17_SfFniAU.log
c:\windows\system32\service\02032010_TIS17_SfFniAU.log
c:\windows\system32\service\02062009_TIS17_SfFniAU.log
c:\windows\system32\service\02092009_TIS17_SfFniAU.log
c:\windows\system32\service\02112010_TIS17_SfFniAU.log
c:\windows\system32\service\03042010_TIS17_SfFniAU.log
c:\windows\system32\service\03102010_TIS17_SfFniAU.log
c:\windows\system32\service\03112009_TIS17_SfFniAU.log
c:\windows\system32\service\03122009_TIS17_SfFniAU.log
c:\windows\system32\service\04012012_TIS17_SfFniAU.log
c:\windows\system32\service\04062012_TIS17_SfFniAU.log
c:\windows\system32\service\04072009_TIS17_SfFniAU.log
c:\windows\system32\service\04092011_TIS17_SfFniAU.log
c:\windows\system32\service\05122009_TIS17_SfFniAU.log
c:\windows\system32\service\06032010_TIS17_SfFniAU.log
c:\windows\system32\service\06062009_TIS17_SfFniAU.log
c:\windows\system32\service\06092009_TIS17_SfFniAU.log
c:\windows\system32\service\06102011_TIS17_SfFniAU.log
c:\windows\system32\service\07032011_TIS17_SfFniAU.log
c:\windows\system32\service\07042010_TIS17_SfFniAU.log
c:\windows\system32\service\07062011_TIS17_SfFniAU.log
c:\windows\system32\service\07082010_TIS17_SfFniAU.log
c:\windows\system32\service\07092011_TIS17_SfFniAU.log
c:\windows\system32\service\09072009_TIS17_SfFniAU.log
c:\windows\system32\service\09092009_TIS17_SfFniAU.log
c:\windows\system32\service\10012010_TIS17_SfFniAU.log
c:\windows\system32\service\10032012_TIS17_SfFniAU.log
c:\windows\system32\service\10052010_TIS17_SfFniAU.log
c:\windows\system32\service\10062010_TIS17_SfFniAU.log
c:\windows\system32\service\10072009_TIS17_SfFniAU.log
c:\windows\system32\service\10082010_TIS17_SfFniAU.log
c:\windows\system32\service\10112010_TIS17_SfFniAU.log
c:\windows\system32\service\11022012_TIS17_SfFniAU.log
c:\windows\system32\service\11072010_TIS17_SfFniAU.log
c:\windows\system32\service\12042010_TIS17_SfFniAU.log
c:\windows\system32\service\12052011_TIS17_SfFniAU.log
c:\windows\system32\service\12062010_TIS17_SfFniAU.log
c:\windows\system32\service\12072010_TIS17_SfFniAU.log
c:\windows\system32\service\13012010_TIS17_SfFniAU.log
c:\windows\system32\service\13092010_TIS17_SfFniAU.log
c:\windows\system32\service\14062010_TIS17_SfFniAU.log
c:\windows\system32\service\14092009_TIS17_SfFniAU.log
c:\windows\system32\service\15082011_TIS17_SfFniAU.log
c:\windows\system32\service\15112009_TIS17_SfFniAU.log
c:\windows\system32\service\15112010_TIS17_SfFniAU.log
c:\windows\system32\service\16032011_TIS17_SfFniAU.log
c:\windows\system32\service\16072009_TIS17_SfFniAU.log
c:\windows\system32\service\17032010_TIS17_SfFniAU.log
c:\windows\system32\service\17082010_TIS17_SfFniAU.log
c:\windows\system32\service\17102010_TIS17_SfFniAU.log
c:\windows\system32\service\17122009_TIS17_SfFniAU.log
c:\windows\system32\service\18042010_TIS17_SfFniAU.log
c:\windows\system32\service\18042012_TIS17_SfFniAU.log
c:\windows\system32\service\18092009_TIS17_SfFniAU.log
c:\windows\system32\service\18112009_TIS17_SfFniAU.log
c:\windows\system32\service\18112011_TIS17_SfFniAU.log
c:\windows\system32\service\19052012_TIS17_SfFniAU.log
c:\windows\system32\service\19082009_TIS17_SfFniAU.log
c:\windows\system32\service\19102009_TIS17_SfFniAU.log
c:\windows\system32\service\20082009_TIS17_SfFniAU.log
c:\windows\system32\service\20092009_TIS17_SfFniAU.log
c:\windows\system32\service\21062009_TIS17_SfFniAU.log
c:\windows\system32\service\21112009_TIS17_SfFniAU.log
c:\windows\system32\service\21122011_TIS17_SfFniAU.log
c:\windows\system32\service\22012010_TIS17_SfFniAU.log
c:\windows\system32\service\22012011_TIS17_SfFniAU.log
c:\windows\system32\service\22052009_TIS17_SfFniAU.log
c:\windows\system32\service\22092010_TIS17_SfFniAU.log
c:\windows\system32\service\23032011_TIS17_SfFniAU.log
c:\windows\system32\service\23072009_TIS17_SfFniAU.log
c:\windows\system32\service\24062009_TIS17_SfFniAU.log
c:\windows\system32\service\24112009_TIS17_SfFniAU.log
c:\windows\system32\service\25022010_TIS17_SfFniAU.log
c:\windows\system32\service\25072010_TIS17_SfFniAU.log
c:\windows\system32\service\25082011_TIS17_SfFniAU.log
c:\windows\system32\service\25102011_TIS17_SfFniAU.log
c:\windows\system32\service\26062011_TIS17_SfFniAU.log
c:\windows\system32\service\27012010_TIS17_SfFniAU.log
c:\windows\system32\service\27042010_TIS17_SfFniAU.log
c:\windows\system32\service\27102009_TIS17_SfFniAU.log
c:\windows\system32\service\27102010_TIS17_SfFniAU.log
c:\windows\system32\service\28022012_TIS17_SfFniAU.log
c:\windows\system32\service\28102009_TIS17_SfFniAU.log
c:\windows\system32\service\29012011_TIS17_SfFniAU.log
c:\windows\system32\service\29082009_TIS17_SfFniAU.log
c:\windows\system32\service\29102010_TIS17_SfFniAU.log
c:\windows\system32\service\30012010_TIS17_SfFniAU.log
c:\windows\system32\service\30042011_TIS17_SfFniAU.log
c:\windows\system32\service\30072009_TIS17_SfFniAU.log
c:\windows\system32\service\30112009_TIS17_SfFniAU.log
c:\windows\system32\service\31102009_TIS17_SfFniAU.log
c:\windows\system32\ssblinkx.scr
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 19:34 . 2012-06-05 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-05 17:50 . 2012-06-05 17:50 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4ECA39C8-A359-4F07-B547-416517F6AC8B}\offreg.dll
2012-06-05 17:34 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4ECA39C8-A359-4F07-B547-416517F6AC8B}\mpengine.dll
2012-05-28 01:09 . 2012-05-28 01:09 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-05-28 01:09 . 2012-05-28 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\FixTDSS
2012-05-27 01:28 . 2012-05-27 01:28 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-05-27 01:28 . 2012-05-27 01:28 -------- d-----w- c:\programdata\Malwarebytes
2012-05-27 01:28 . 2012-05-27 01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-27 01:28 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 15:11 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 15:11 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 15:11 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 15:11 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 15:11 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 15:11 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 15:11 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-10 15:11 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-10 15:10 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 15:10 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 15:10 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 15:10 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 15:10 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 15:10 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 15:10 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 15:10 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-18 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-18 189736]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-12-29 983168]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-18 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-07 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7000b6ca-4388-4d95-893d-6659c2d4d1ce} - (no file)
BHO-{e6d0b79e-ecac-411b-8bf6-7a574981af30} - c:\program files\xfinitytb\auxi\xfinityAu.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-SpeedItUpEX - c:\program files\SpeedItup Free\SpeedItUp.exe
HKCU-Run-SupportSoft - c:\users\Owner\AppData\Local\Windows Live\SupportSoft\maxvnt.dll
HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe
AddRemove-sp41099 - c:\hp\Softpaq\sp41099\sp41099.exe
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-05 15:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe?new-tab/?v=18&tid={86ACCC07-3E4F-4a19-AB25-210D5B89DAA6}???????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-06-05 15:44:51
ComboFix-quarantined-files.txt 2012-06-05 19:44
.
Pre-Run: 233,007,157,248 bytes free
Post-Run: 232,985,419,776 bytes free
.
- - End Of File - - F20AF42DA269983119C607A93AC13DC2

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 05 June 2012 - 03:51 PM

Hello BP42,


I want you to run these next to make sure nothing more serious is on the computer then we will work on IE (it is IE with the problem or is it FireFox)

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BP42

BP42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 06 June 2012 - 12:49 PM

Gringo,


I ran both TDSSKiller and aswMBR. TDSSKiller did not find any threats but it wouldn't let me copy and paste the report. The aswMBR log is below.





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-06 12:56:02
-----------------------------
12:56:02.820 OS Version: Windows 6.0.6002 Service Pack 2
12:56:02.820 Number of processors: 2 586 0x6B02
12:56:02.822 ComputerName: OWNER-PC UserName: Owner
12:56:03.693 Initialize success
12:56:03.784 AVAST engine defs: 12060601
12:56:07.427 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
12:56:07.430 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
12:56:07.461 Disk 0 MBR read successfully
12:56:07.464 Disk 0 MBR scan
12:56:07.467 Disk 0 unknown MBR code
12:56:07.480 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293303 MB offset 63
12:56:07.512 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11938 MB offset 600686415
12:56:07.536 Disk 0 scanning sectors +625137345
12:56:07.656 Disk 0 scanning C:\Windows\system32\drivers
12:56:18.333 Service scanning
12:56:33.081 Modules scanning
12:56:49.898 Disk 0 trace - called modules:
12:56:49.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys dxgkrnl.sys nvlddmkm.sys watchdog.sys
12:56:49.927 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e44ac8]
12:56:49.932 3 CLASSPNP.SYS[807318b3] -> nt!IofCallDriver -> [0x8627f4f0]
12:56:49.937 5 acpi.sys[8060d6bc] -> nt!IofCallDriver -> \Device\00000061[0x86244678]
12:56:50.499 AVAST engine scan C:\Windows
12:57:01.629 AVAST engine scan C:\Windows\system32
12:59:50.412 AVAST engine scan C:\Windows\system32\drivers
13:00:25.320 AVAST engine scan C:\Users\Owner
13:15:09.226 AVAST engine scan C:\ProgramData
13:18:04.777 Scan finished successfully
13:39:37.102 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
13:39:37.110 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 06 June 2012 - 01:07 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 BP42

BP42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 06 June 2012 - 01:28 PM

Gringo,

Here is the OTL.txt



OTL logfile created on: 6/6/2012 2:20:01 PM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 54.61% Memory free
5.96 Gb Paging File | 4.45 Gb Available in Paging File | 74.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.43 Gb Total Space | 217.13 Gb Free Space | 75.81% Space Free | Partition Type: NTFS
Drive D: | 11.66 Gb Total Space | 1.58 Gb Free Space | 13.51% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Users\Owner\Documents\tdsskiller\TDSSKiller.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3c92d4b3ec56936eab8e17ed81940c10\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\5ebaa15cccc356bc3afba0c8f56977f7\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c466fbf8e50c7c11b2fa994707124290\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b4ade6954a61a7626858c123dc951ba6\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - c:\Program Files\Cyberlink\Shared files\richvideops.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SRTSPX) -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS File not found
DRV - (SRTSP) -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Owner\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\Owner\AppData\Local\Temp\aswMBR.sys File not found
DRV - (FixTDSS) -- C:\Windows\System32\drivers\FixTDSS.sys (Symantec Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\System32\drivers\MegaSR.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company)
DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation)
DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation)
DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (kbdhid) -- C:\Windows\System32\drivers\kbdhid.sys (Microsoft Corporation)
DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex)
DRV - (IPMIDRV) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation)
DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation)
DRV - (fdc) -- C:\Windows\System32\drivers\fdc.sys (Microsoft Corporation)
DRV - (flpydisk) -- C:\Windows\System32\drivers\flpydisk.sys (Microsoft Corporation)
DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation)
DRV - (mouhid) -- C:\Windows\System32\drivers\mouhid.sys (Microsoft Corporation)
DRV - (usbuhci) -- C:\Windows\System32\drivers\usbuhci.sys (Microsoft Corporation)
DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys (Microsoft Corporation)
DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys (Microsoft Corporation)
DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys (Microsoft Corporation)
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys (Microsoft Corporation)
DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation)
DRV - (intelppm) -- C:\Windows\System32\drivers\intelppm.sys (Microsoft Corporation)
DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation)
DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys (Microsoft Corporation)
DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation)
DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation)
DRV - (Compbatt) -- C:\Windows\System32\drivers\compbatt.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (intelide) -- C:\Windows\System32\drivers\intelide.sys (Microsoft Corporation)
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation)
DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation)
DRV - (ErrDev) -- C:\Windows\System32\drivers\errdev.sys (Microsoft Corporation)
DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation)
DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic)
DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation)
DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation)
DRV - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation)
DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation)
DRV - (HidUsb) -- C:\Windows\System32\drivers\hidusb.sys (Microsoft Corporation)
DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation)
DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = ComcastSearch
IE - HKLM\..\SearchScopes\{256DBC0A-6867-4511-B430-96D26BA7A778}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{AA2BE316-DC4D-4562-BB53-A9DCF6897679}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfactiv_self_search


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-614560308-1152256820-2873177967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKU\S-1-5-21-614560308-1152256820-2873177967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-614560308-1152256820-2873177967-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-614560308-1152256820-2873177967-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-614560308-1152256820-2873177967-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 11:33:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Owner\AppData\Roaming\Move Networks [2009/11/22 19:07:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/06/05 15:34:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKU\S-1-5-21-614560308-1152256820-2873177967-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-614560308-1152256820-2873177967-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-614560308-1152256820-2873177967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0674107A-2CD4-4F44-868E-9E5F828F0DC8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78EC75C6-FF4E-40DF-9031-8DB717C17A3B}: DhcpNameServer = 68.87.64.150 68.87.75.198
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/06 14:18:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/06/06 12:46:48 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/06/05 15:45:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/05 15:45:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/05 15:22:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/05 15:22:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/05 15:22:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/05 15:21:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/05 15:21:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/05 13:30:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{399B37EE-90E8-4D1E-AF58-941D0E584606}
[2012/06/05 13:30:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
[2012/06/04 08:04:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
[2012/06/04 08:04:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{882E6110-4612-469C-951B-DA98E08FF151}
[2012/06/02 17:35:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{89CAD515-F426-4761-BCD1-15AF511627F6}
[2012/06/02 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
[2012/05/30 14:13:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\gmer
[2012/05/30 08:07:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D498E320-193B-432C-ABD7-9409101FC874}
[2012/05/30 08:07:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
[2012/05/29 13:29:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
[2012/05/29 13:29:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
[2012/05/29 11:00:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D3D3F3DB-1625-417E-9230-1B1835B33909}
[2012/05/29 10:59:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{80421E20-D21B-4338-A303-55D8C2E8CA05}
[2012/05/28 18:24:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A9E154EF-6911-4394-99F5-EF4133354DC5}
[2012/05/28 18:24:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{03E01064-D37E-471E-BF9D-982D762167C7}
[2012/05/28 11:50:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
[2012/05/28 11:50:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
[2012/05/28 11:35:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
[2012/05/28 11:35:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
[2012/05/28 07:03:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A35B7210-3627-47A7-B6A8-766E22E0E314}
[2012/05/28 07:03:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
[2012/05/28 06:52:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
[2012/05/28 06:52:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
[2012/05/28 06:50:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/28 06:25:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\tdsskiller
[2012/05/28 06:17:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
[2012/05/28 06:16:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
[2012/05/27 21:32:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
[2012/05/27 21:32:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
[2012/05/27 21:09:57 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2012/05/27 21:09:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\FixTDSS
[2012/05/27 09:42:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
[2012/05/27 09:42:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{12519133-D875-4451-BCB9-396C049E0847}
[2012/05/26 23:00:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{687CD338-FC0D-4915-9482-1746A48862FA}
[2012/05/26 23:00:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{09029701-0C73-4100-8D1C-F1869E361E21}
[2012/05/26 21:28:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/05/26 21:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/26 21:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/26 21:28:03 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/26 21:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/26 18:14:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
[2012/05/26 18:13:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
[2012/05/25 14:37:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
[2012/05/25 14:36:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
[2012/05/24 11:05:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
[2012/05/24 11:05:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
[2012/05/23 12:07:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
[2012/05/23 12:07:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
[2012/05/22 10:57:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
[2012/05/22 10:56:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
[2012/05/21 10:04:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
[2012/05/21 10:04:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
[2012/05/20 10:56:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
[2012/05/20 10:56:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
[2012/05/19 16:13:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
[2012/05/19 16:13:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
[2012/05/18 12:05:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
[2012/05/18 12:05:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
[2012/05/17 10:27:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
[2012/05/17 10:27:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
[2012/05/16 11:12:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{630C8C69-849D-4E7C-BA38-45152069466B}
[2012/05/16 11:11:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{05314189-94B2-4977-9B67-BC11022DDF73}
[2012/05/15 11:33:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{BA152013-3A16-4E35-9355-62F2484B3C78}
[2012/05/15 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
[2012/05/14 11:19:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
[2012/05/14 11:19:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
[2012/05/13 19:09:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
[2012/05/13 19:09:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D383DD9D-144E-4483-B6BE-94ED6559237B}
[2012/05/11 12:54:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
[2012/05/11 12:54:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
[2012/05/11 12:15:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
[2012/05/11 12:15:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B64150C9-88CE-4A21-B547-031BCAE63616}
[2012/05/10 11:10:59 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/10 11:10:59 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/10 11:10:58 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/10 11:10:58 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/10 11:10:58 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/10 11:10:53 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/10 11:10:52 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/10 11:10:52 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/10 11:03:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
[2012/05/10 11:02:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
[2012/05/09 11:05:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8A731D00-BF68-4C67-AA6C-0925D6B301EE}
[2012/05/09 11:04:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F829484C-13AD-46E4-B065-30ABBF3B94C3}
[2012/05/08 11:15:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F2C83039-8D9D-4853-A493-C674A1BA458D}
[2012/05/08 11:15:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{85429D4C-8E76-427A-8800-78A5D6A48A97}
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/06 14:18:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/06/06 13:45:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 13:45:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 13:39:37 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/06/06 13:39:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/06 12:47:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/06/06 11:50:33 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/06 11:50:33 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/05 15:34:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/30 20:57:12 | 000,002,587 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
[2012/05/30 14:12:21 | 000,294,216 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.zip
[2012/05/30 13:59:48 | 000,000,000 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2012/05/27 21:09:57 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2012/05/26 21:28:04 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/18 12:04:32 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/05/11 12:52:14 | 000,331,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/06 12:53:53 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/06/05 15:22:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/05 15:22:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/05 15:22:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/05 15:22:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/05 15:22:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/30 14:12:05 | 000,294,216 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.zip
[2012/05/30 13:59:48 | 000,000,000 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2012/05/26 21:28:04 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2010/08/28 07:26:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 06 June 2012 - 10:49 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKLM\..\SearchScopes\{AA2BE316-DC4D-4562-BB53-A9DCF6897679}: "URL" = <http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd>
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 BP42

BP42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 07 June 2012 - 09:40 AM

Gingo,
I ran the OTL Script and the report is below. However, when I tried a Google search, it is redirecting again. Also, last night there was a new problem. When I shut the computer down,I got a csc.exe failed box. And then when I turned on the machine this morning, Windows couldn't start and had to do a system restore.



========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA2BE316-DC4D-4562-BB53-A9DCF6897679}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA2BE316-DC4D-4562-BB53-A9DCF6897679}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Owner
->Java cache emptied: 7792853 bytes

User: Public

Total Java Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Owner
->Flash cache emptied: 6484 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.46.2 log created on 06072012_102429

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 07 June 2012 - 12:58 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 BP42

BP42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 09 June 2012 - 09:06 AM

Gringo,

The FRST.txt is below. It is broken up because it was too long.


Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-06-2012 07
Ran by SYSTEM at 09-06-2012 09:41:55
Running from J:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13539872 2008-09-26] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-09-26] (NVIDIA Corporation)
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-09-11] (CyberLink Corp.)
HKLM\...\Run: [TSMAgent] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [1152296 2008-10-17] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer for HP TouchSmart] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [189736 2008-10-17] (CyberLink)
HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [983168 2008-12-29] (Trend Micro Inc.)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM\...\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe [765824 2009-08-27] ()
HKLM\...\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2009-09-09] (CyberLink Corp.)
HKLM\...\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2010-09-23] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [3722416 2011-09-06] (AVAST Software)
HKLM\...\Run: [] [x]
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Owner\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Owner\...\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 [x]
HKU\Owner\...\Run: [SpeedItUpEX] C:\Program Files\SpeedItup Free\SpeedItUp.exe -MINI [x]
HKU\Owner\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Owner\...\Run: [SupportSoft] rundll32.exe "C:\Users\Owner\AppData\Local\Windows Live\SupportSoft\maxvnt.dll",DllRegisterServer [485376 2012-05-25] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Owner\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Owner\...\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 [x]
HKU\Owner\...\Run: [SpeedItUpEX] C:\Program Files\SpeedItup Free\SpeedItUp.exe -MINI [x]
HKU\Owner\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Owner\...\Run: [SupportSoft] rundll32.exe "C:\Users\Owner\AppData\Local\Windows Live\SupportSoft\maxvnt.dll",DllRegisterServer [485376 2012-05-25] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44768 2011-09-06] (AVAST Software)
3 DFSR; C:\Windows\System32\DFSR.exe [2092544 2009-04-10] (Microsoft Corporation)
2 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [68096 2008-01-20] (Microsoft Corporation)
2 SfCtlCom; "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe" [711248 2008-12-29] (Trend Micro Inc.)
2 sprtsvc_ddoctorv2; "C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.)
2 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [337160 2008-12-29] (Trend Micro Inc.)
2 TmProxy; "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe" [677128 2008-12-29] (Trend Micro Inc.)
2 XAudioService; C:\Windows\System32\DRIVERS\xaudio.exe work [403968 2008-09-04] (Conexant Systems, Inc.)
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20568 2011-09-06] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [54616 2011-09-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [34392 2011-09-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [442200 2011-09-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [320856 2011-09-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [52568 2011-09-06] (AVAST Software)
0 FixTDSS; C:\Windows\System32\drivers\FixTDSS.sys [26872 2012-05-27] (Symantec Corporation)
3 HSF_DP; C:\Windows\System32\DRIVERS\HSX_DP.sys [980992 2008-09-10] (Conexant Systems, Inc.)
3 HSXHWBS2; C:\Windows\System32\DRIVERS\HSXHWBS2.sys [266752 2008-09-10] (Conexant Systems, Inc.)
4 iirsp; C:\Windows\system32\drivers\iirsp.sys [41576 2006-11-02] (Intel Corp./ICP vortex GmbH)
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] (Conexant)
3 ndiscm; C:\Windows\System32\DRIVERS\NetMotCM.sys [15360 2004-09-29] (Motorola Inc.)
4 nvsmu; C:\Windows\system32\drivers\nvsmu.sys [15360 2008-05-22] (NVIDIA Corporation)
3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [19072 2005-12-12] (Hewlett-Packard Company)
2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [50256 2010-07-05] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [154192 2010-07-05] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [50256 2010-07-05] (Trend Micro Inc.)
2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36432 2010-07-30] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [80400 2008-12-29] (Trend Micro Inc.)
2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [249424 2010-07-30] (Trend Micro Inc.)
2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1331512 2010-07-30] (Trend Micro Inc.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [x]
1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-09 09:41 - 2012-06-09 09:41 - 00000000 ____D C:\FRST
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Users\Owner\Local Settings\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:04 - 2012-06-08 05:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-08 05:04 - 2012-06-08 05:05 - 00000000 ____D C:\Users\Owner\Local Settings\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-08 05:04 - 2012-06-08 05:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-08 05:04 - 2012-06-08 05:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-08 05:04 - 2012-06-08 05:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-08 05:04 - 2012-06-08 05:05 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-07 06:24 - 2012-06-07 06:24 - 00000000 ____D C:\_OTL
2012-06-07 06:22 - 2012-06-07 06:22 - 00595456 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2012-06-07 06:22 - 2012-06-07 06:22 - 00595456 ____A (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTL.exe
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\Local Settings\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\Local Settings\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:33 - 2012-06-07 05:33 - 00140032 ____A C:\Windows\Minidump\Mini060712-01.dmp
2012-06-06 10:25 - 2012-06-06 10:25 - 00077820 ____A C:\Users\Owner\Desktop\OTL.Txt
2012-06-06 10:25 - 2012-06-06 10:25 - 00077820 ____A C:\Documents and Settings\Owner\Desktop\OTL.Txt
2012-06-06 10:25 - 2012-06-06 10:25 - 00065006 ____A C:\Users\Owner\Desktop\Extras.Txt
2012-06-06 10:25 - 2012-06-06 10:25 - 00065006 ____A C:\Documents and Settings\Owner\Desktop\Extras.Txt
2012-06-06 08:53 - 2012-06-06 09:39 - 00003726 ____A C:\Users\Owner\Desktop\aswMBR.txt
2012-06-06 08:53 - 2012-06-06 09:39 - 00003726 ____A C:\Documents and Settings\Owner\Desktop\aswMBR.txt
2012-06-06 08:53 - 2012-06-06 09:39 - 00000512 ____A C:\Users\Owner\Desktop\MBR.dat
2012-06-06 08:53 - 2012-06-06 09:39 - 00000512 ____A C:\Documents and Settings\Owner\Desktop\MBR.dat
2012-06-06 08:41 - 2012-06-06 11:00 - 00114894 ____A C:\TDSSKiller.2.7.38.0_06.06.2012_12.41.34_log.txt
2012-06-05 12:01 - 2012-06-05 12:01 - 00016040 ____A C:\Users\Owner\Desktop\combolog.txt
2012-06-05 12:01 - 2012-06-05 12:01 - 00016040 ____A C:\Documents and Settings\Owner\Desktop\combolog.txt
2012-06-05 11:44 - 2012-06-05 11:44 - 00016040 ____A C:\ComboFix.txt
2012-06-05 11:21 - 2012-06-05 11:45 - 00000000 ____D C:\Qoobox
2012-06-05 11:08 - 2012-06-05 11:08 - 00001172 ____A C:\Users\Owner\Desktop\checkup.txt
2012-06-05 11:08 - 2012-06-05 11:08 - 00001172 ____A C:\Documents and Settings\Owner\Desktop\checkup.txt
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\Local Settings\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\Local Settings\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-02 13:35 - 2012-06-02 13:36 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:35 - 2012-06-02 13:36 - 00000000 ____D C:\Users\Owner\Local Settings\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:35 - 2012-06-02 13:36 - 00000000 ____D C:\Users\Owner\AppData\Local\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:35 - 2012-06-02 13:36 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:35 - 2012-06-02 13:36 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:35 - 2012-06-02 13:36 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Users\Owner\Local Settings\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-05-30 12:42 - 2012-05-30 12:42 - 00198881 ____A C:\Users\Owner\Desktop\ark.txt
2012-05-30 12:42 - 2012-05-30 12:42 - 00198881 ____A C:\Documents and Settings\Owner\Desktop\ark.txt
2012-05-30 12:38 - 2012-05-30 12:38 - 00198881 ____A C:\Users\Owner\Desktop\gmerlog.log
2012-05-30 12:38 - 2012-05-30 12:38 - 00198881 ____A C:\Documents and Settings\Owner\Desktop\gmerlog.log
2012-05-30 10:13 - 2012-05-30 10:13 - 00000000 ____D C:\Users\Owner\Desktop\gmer
2012-05-30 10:13 - 2012-05-30 10:13 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\gmer
2012-05-30 10:12 - 2012-05-30 10:12 - 00294216 ____A C:\Users\Owner\Desktop\gmer.zip
2012-05-30 10:12 - 2012-05-30 10:12 - 00294216 ____A C:\Documents and Settings\Owner\Desktop\gmer.zip
2012-05-30 10:09 - 2012-05-30 10:09 - 00017433 ____A C:\Users\Owner\Desktop\Attach.txt
2012-05-30 10:09 - 2012-05-30 10:09 - 00017433 ____A C:\Documents and Settings\Owner\Desktop\Attach.txt
2012-05-30 10:08 - 2012-05-30 10:08 - 00023019 ____A C:\Users\Owner\Desktop\DDS.txt
2012-05-30 10:08 - 2012-05-30 10:08 - 00023019 ____A C:\Documents and Settings\Owner\Desktop\DDS.txt
2012-05-30 10:01 - 2012-05-30 10:01 - 00607260 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2012-05-30 10:01 - 2012-05-30 10:01 - 00607260 ____R (Swearware) C:\Documents and Settings\Owner\Downloads\dds.scr
2012-05-30 09:59 - 2012-05-30 09:59 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-05-30 09:59 - 2012-05-30 09:59 - 00000472 ____A C:\Documents and Settings\Owner\Desktop\defogger_disable.log
2012-05-30 09:59 - 2012-05-30 09:59 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-05-30 09:59 - 2012-05-30 09:59 - 00000000 ____A C:\Documents and Settings\Owner\defogger_reenable
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\Local Settings\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\Local Settings\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-29 09:29 - 2012-05-29 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:29 - 2012-05-29 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:29 - 2012-05-29 09:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:29 - 2012-05-29 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:29 - 2012-05-29 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:29 - 2012-05-29 09:30 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Users\Owner\Local Settings\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Users\Owner\Local Settings\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 06:59 - 2012-05-29 07:00 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-29 06:59 - 2012-05-29 07:00 - 00000000 ____D C:\Users\Owner\Local Settings\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-29 06:59 - 2012-05-29 07:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-29 06:59 - 2012-05-29 07:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-29 06:59 - 2012-05-29 07:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-29 06:59 - 2012-05-29 07:00 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-28 14:24 - 2012-05-28 14:25 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 14:24 - 2012-05-28 14:25 - 00000000 ____D C:\Users\Owner\Local Settings\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 14:24 - 2012-05-28 14:25 - 00000000 ____D C:\Users\Owner\AppData\Local\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 14:24 - 2012-05-28 14:25 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 14:24 - 2012-05-28 14:25 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 14:24 - 2012-05-28 14:25 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Users\Owner\Local Settings\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\Local Settings\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\Local Settings\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:35 - 2012-05-28 07:36 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:35 - 2012-05-28 07:36 - 00000000 ____D C:\Users\Owner\Local Settings\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:35 - 2012-05-28 07:36 - 00000000 ____D C:\Users\Owner\AppData\Local\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:35 - 2012-05-28 07:36 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:35 - 2012-05-28 07:36 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:35 - 2012-05-28 07:36 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Users\Owner\Local Settings\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\Local Settings\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\Local Settings\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 02:52 - 2012-05-28 02:53 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:52 - 2012-05-28 02:53 - 00000000 ____D C:\Users\Owner\Local Settings\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:52 - 2012-05-28 02:53 - 00000000 ____D C:\Users\Owner\AppData\Local\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:52 - 2012-05-28 02:53 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:52 - 2012-05-28 02:53 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:52 - 2012-05-28 02:53 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Users\Owner\Local Settings\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:50 - 2012-05-28 02:50 - 00000000 ____D C:\Windows\pss
2012-05-28 02:25 - 2012-05-28 02:26 - 00114828 ____A C:\TDSSKiller.2.7.38.0_28.05.2012_06.25.59_log.txt
2012-05-28 02:25 - 2012-05-28 02:25 - 00000000 ____D C:\Users\Owner\My Documents\tdsskiller
2012-05-28 02:25 - 2012-05-28 02:25 - 00000000 ____D C:\Users\Owner\Documents\tdsskiller
2012-05-28 02:25 - 2012-05-28 02:25 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\tdsskiller
2012-05-28 02:25 - 2012-05-28 02:25 - 00000000 ____D C:\Documents and Settings\Owner\Documents\tdsskiller
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Users\Owner\Local Settings\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Users\Owner\AppData\Local\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:16 - 2012-05-28 02:17 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-28 02:16 - 2012-05-28 02:17 - 00000000 ____D C:\Users\Owner\Local Settings\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-28 02:16 - 2012-05-28 02:17 - 00000000 ____D C:\Users\Owner\AppData\Local\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-28 02:16 - 2012-05-28 02:17 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-28 02:16 - 2012-05-28 02:17 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-28 02:16 - 2012-05-28 02:17 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\Local Settings\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\Local Settings\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:09 - 2012-05-27 17:09 - 00026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-05-27 17:09 - 2012-05-27 17:09 - 00000000 ____D C:\Users\Owner\Application Data\FixTDSS
2012-05-27 17:09 - 2012-05-27 17:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FixTDSS
2012-05-27 17:09 - 2012-05-27 17:09 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\FixTDSS
2012-05-27 17:09 - 2012-05-27 17:09 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Roaming\FixTDSS
2012-05-27 07:41 - 2012-05-27 07:42 - 00114540 ____A C:\TDSSKiller.2.7.37.0_27.05.2012_11.41.31_log.txt
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\Local Settings\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\Local Settings\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\Local Settings\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\Local Settings\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 17:28 - 2012-05-26 17:28 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-26 17:28 - 2012-05-26 17:28 - 00000868 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-26 17:28 - 2012-05-26 17:28 - 00000868 ____A C:\Documents and Settings\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-26 17:28 - 2012-05-26 17:28 - 00000868 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Users\Owner\Application Data\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Roaming\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Documents and Settings\All Users\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-05-26 17:28 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Users\Owner\Local Settings\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:13 - 2012-05-26 14:14 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-26 14:13 - 2012-05-26 14:14 - 00000000 ____D C:\Users\Owner\Local Settings\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-26 14:13 - 2012-05-26 14:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-26 14:13 - 2012-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-26 14:13 - 2012-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-26 14:13 - 2012-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Users\Owner\Local Settings\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:36 - 2012-05-25 10:37 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-25 10:36 - 2012-05-25 10:37 - 00000000 ____D C:\Users\Owner\Local Settings\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-25 10:36 - 2012-05-25 10:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-25 10:36 - 2012-05-25 10:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-25 10:36 - 2012-05-25 10:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-25 10:36 - 2012-05-25 10:37 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-24 07:05 - 2012-05-24 07:06 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:05 - 2012-05-24 07:06 - 00000000 ____D C:\Users\Owner\Local Settings\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:05 - 2012-05-24 07:06 - 00000000 ____D C:\Users\Owner\AppData\Local\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:05 - 2012-05-24 07:06 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:05 - 2012-05-24 07:06 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:05 - 2012-05-24 07:06 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Users\Owner\Local Settings\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\Local Settings\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\Local Settings\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Users\Owner\Local Settings\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:56 - 2012-05-22 06:57 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-22 06:56 - 2012-05-22 06:57 - 00000000 ____D C:\Users\Owner\Local Settings\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-22 06:56 - 2012-05-22 06:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-22 06:56 - 2012-05-22 06:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-22 06:56 - 2012-05-22 06:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-22 06:56 - 2012-05-22 06:57 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\Local Settings\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\Local Settings\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\Local Settings\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\Local Settings\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-19 12:13 - 2012-05-19 12:14 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:13 - 2012-05-19 12:14 - 00000000 ____D C:\Users\Owner\Local Settings\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:13 - 2012-05-19 12:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:13 - 2012-05-19 12:14 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:13 - 2012-05-19 12:14 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:13 - 2012-05-19 12:14 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Users\Owner\Local Settings\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\Local Settings\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\Local Settings\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Users\Owner\Local Settings\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Users\Owner\Local Settings\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Users\Owner\Local Settings\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Users\Owner\AppData\Local\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Users\Owner\Local Settings\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\Local Settings\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\Local Settings\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\Local Settings\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\Local Settings\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:15 - 2012-05-11 08:16 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:15 - 2012-05-11 08:16 - 00000000 ____D C:\Users\Owner\Local Settings\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:15 - 2012-05-11 08:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:15 - 2012-05-11 08:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:15 - 2012-05-11 08:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:15 - 2012-05-11 08:16 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Users\Owner\Local Settings\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-10 07:57 - 2012-05-10 07:57 - 00000162 ___AH C:\Users\Owner\My Documents\~$resume2.docx
2012-05-10 07:57 - 2012-05-10 07:57 - 00000162 ___AH C:\Users\Owner\Documents\~$resume2.docx
2012-05-10 07:57 - 2012-05-10 07:57 - 00000162 ___AH C:\Documents and Settings\Owner\My Documents\~$resume2.docx
2012-05-10 07:57 - 2012-05-10 07:57 - 00000162 ___AH C:\Documents and Settings\Owner\Documents\~$resume2.docx
2012-05-10 07:11 - 2012-03-30 04:39 - 00905600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 07:11 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 07:10 - 2012-04-03 00:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 07:10 - 2012-04-03 00:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 07:10 - 2012-04-02 05:36 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 07:10 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-05-10 07:10 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-10 07:10 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-05-10 07:10 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-05-10 07:10 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Users\Owner\Local Settings\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:02 - 2012-05-10 07:03 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-10 07:02 - 2012-05-10 07:03 - 00000000 ____D C:\Users\Owner\Local Settings\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-10 07:02 - 2012-05-10 07:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-10 07:02 - 2012-05-10 07:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-10 07:02 - 2012-05-10 07:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-10 07:02 - 2012-05-10 07:03 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}

#12 BP42

BP42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 09 June 2012 - 09:07 AM

============ 3 Months Modified Files and Folders ===============

2012-06-09 05:36 - 2009-12-03 21:33 - 01039098 ____A C:\Windows\ntbtlog.txt
2012-06-09 05:36 - 2006-11-02 05:01 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 05:36 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-09 05:36 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 05:36 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-08 10:54 - 2009-03-11 15:59 - 01426310 ____A C:\Windows\WindowsUpdate.log
2012-06-08 05:08 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Users\Owner\Local Settings\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:05 - 2012-06-08 05:05 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{0AC195A9-18BF-4C35-B9FD-C28051E2533A}
2012-06-08 05:05 - 2012-06-08 05:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-08 05:05 - 2012-06-08 05:04 - 00000000 ____D C:\Users\Owner\Local Settings\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-08 05:05 - 2012-06-08 05:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-08 05:05 - 2012-06-08 05:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-08 05:05 - 2012-06-08 05:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-08 05:05 - 2012-06-08 05:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{736D3CD1-F20C-4AAE-A207-6255AB7DEA98}
2012-06-08 05:04 - 2010-01-28 03:25 - 00000000 ____D C:\Users\Owner\Tracing
2012-06-08 05:04 - 2010-01-28 03:25 - 00000000 ____D C:\Documents and Settings\Owner\Tracing
2012-06-07 09:31 - 2009-10-04 11:35 - 00000000 ____D C:\Program Files\SGPSA
2012-06-07 09:31 - 2009-10-04 11:35 - 00000000 ____D C:\Program Files\Search Guard PlusU
2012-06-07 09:31 - 2009-10-04 11:35 - 00000000 ____D C:\Program Files\Search Guard Plus
2012-06-07 09:31 - 2009-04-18 07:59 - 00000000 ____D C:\users\Owner
2012-06-07 09:31 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2012-06-07 09:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2012-06-07 09:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2012-06-07 09:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2012-06-07 09:31 - 2006-11-02 02:22 - 46661632 ____A C:\Windows\System32\config\software_previous
2012-06-07 09:30 - 2006-11-02 03:17 - 00000000 __SHD C:\$Recycle.Bin
2012-06-07 09:29 - 2006-11-02 02:22 - 36962304 ____A C:\Windows\System32\config\system_previous
2012-06-07 09:02 - 2006-11-02 02:22 - 39059456 ____A C:\Windows\System32\config\components_previous
2012-06-07 09:02 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-06-07 06:24 - 2012-06-07 06:24 - 00000000 ____D C:\_OTL
2012-06-07 06:22 - 2012-06-07 06:22 - 00595456 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2012-06-07 06:22 - 2012-06-07 06:22 - 00595456 ____A (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTL.exe
2012-06-07 05:44 - 2009-07-25 05:01 - 00000000 ____D C:\Users\Owner\Application Data\HpUpdate
2012-06-07 05:44 - 2009-07-25 05:01 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2012-06-07 05:44 - 2009-07-25 05:01 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\HpUpdate
2012-06-07 05:44 - 2009-07-25 05:01 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Roaming\HpUpdate
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\Local Settings\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\Local Settings\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{C8BD8CDF-C171-4A25-A2FB-2F89C6D56BFA}
2012-06-07 05:41 - 2012-06-07 05:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{5376347E-C08D-4B64-B89F-AD75490A4BDE}
2012-06-07 05:38 - 2010-12-24 21:34 - 00001802 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-06-07 05:38 - 2010-12-24 21:34 - 00001802 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk
2012-06-07 05:38 - 2010-12-24 21:34 - 00001802 ____A C:\Documents and Settings\Public\Desktop\avast! Free Antivirus.lnk
2012-06-07 05:38 - 2010-12-24 21:34 - 00001802 ____A C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2012-06-07 05:38 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt
2012-06-07 05:33 - 2012-06-07 05:33 - 00140032 ____A C:\Windows\Minidump\Mini060712-01.dmp
2012-06-07 05:33 - 2010-08-06 19:23 - 00000000 ____D C:\Windows\Minidump
2012-06-07 05:32 - 2011-05-08 16:11 - 223403323 ____A C:\Windows\MEMORY.DMP
2012-06-07 05:32 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-06 17:36 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-06-06 17:36 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-06-06 11:00 - 2012-06-06 08:41 - 00114894 ____A C:\TDSSKiller.2.7.38.0_06.06.2012_12.41.34_log.txt
2012-06-06 10:25 - 2012-06-06 10:25 - 00077820 ____A C:\Users\Owner\Desktop\OTL.Txt
2012-06-06 10:25 - 2012-06-06 10:25 - 00077820 ____A C:\Documents and Settings\Owner\Desktop\OTL.Txt
2012-06-06 10:25 - 2012-06-06 10:25 - 00065006 ____A C:\Users\Owner\Desktop\Extras.Txt
2012-06-06 10:25 - 2012-06-06 10:25 - 00065006 ____A C:\Documents and Settings\Owner\Desktop\Extras.Txt
2012-06-06 09:39 - 2012-06-06 08:53 - 00003726 ____A C:\Users\Owner\Desktop\aswMBR.txt
2012-06-06 09:39 - 2012-06-06 08:53 - 00003726 ____A C:\Documents and Settings\Owner\Desktop\aswMBR.txt
2012-06-06 09:39 - 2012-06-06 08:53 - 00000512 ____A C:\Users\Owner\Desktop\MBR.dat
2012-06-06 09:39 - 2012-06-06 08:53 - 00000512 ____A C:\Documents and Settings\Owner\Desktop\MBR.dat
2012-06-06 07:44 - 2008-01-20 18:47 - 00249658 ____A C:\Windows\PFRO.log
2012-06-05 12:01 - 2012-06-05 12:01 - 00016040 ____A C:\Users\Owner\Desktop\combolog.txt
2012-06-05 12:01 - 2012-06-05 12:01 - 00016040 ____A C:\Documents and Settings\Owner\Desktop\combolog.txt
2012-06-05 11:45 - 2012-06-05 11:21 - 00000000 ____D C:\Qoobox
2012-06-05 11:45 - 2006-11-02 03:18 - 00000000 __RHD C:\users\Default
2012-06-05 11:44 - 2012-06-05 11:44 - 00016040 ____A C:\ComboFix.txt
2012-06-05 11:08 - 2012-06-05 11:08 - 00001172 ____A C:\Users\Owner\Desktop\checkup.txt
2012-06-05 11:08 - 2012-06-05 11:08 - 00001172 ____A C:\Documents and Settings\Owner\Desktop\checkup.txt
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{9EDA3771-CE13-4452-84F1-E1256DEC51D9}
2012-06-05 09:30 - 2012-06-05 09:30 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{399B37EE-90E8-4D1E-AF58-941D0E584606}
2012-06-04 06:12 - 2009-05-11 06:47 - 00000052 ____A C:\Windows\System32\DOErrors.log
2012-06-04 04:49 - 2009-04-18 08:00 - 00000000 ____D C:\Users\Owner\AppData\LocalLow
2012-06-04 04:49 - 2009-04-18 08:00 - 00000000 ____D C:\Documents and Settings\Owner\AppData\LocalLow
2012-06-04 04:48 - 2006-11-02 04:52 - 00123522 ____A C:\Windows\setupact.log
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\Local Settings\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\Local Settings\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{882E6110-4612-469C-951B-DA98E08FF151}
2012-06-04 04:04 - 2012-06-04 04:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{3B95F846-5A86-46D6-A63C-B2D965FE1413}
2012-06-02 13:36 - 2012-06-02 13:35 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:36 - 2012-06-02 13:35 - 00000000 ____D C:\Users\Owner\Local Settings\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:36 - 2012-06-02 13:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:36 - 2012-06-02 13:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:36 - 2012-06-02 13:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:36 - 2012-06-02 13:35 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{89CAD515-F426-4761-BCD1-15AF511627F6}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Users\Owner\Local Settings\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-06-02 13:35 - 2012-06-02 13:35 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{7FEBB3F4-AB61-4169-BDA4-02192191C2C9}
2012-05-30 16:57 - 2009-09-10 12:24 - 00002587 ____A C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
2012-05-30 16:57 - 2009-09-10 12:24 - 00002587 ____A C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
2012-05-30 12:42 - 2012-05-30 12:42 - 00198881 ____A C:\Users\Owner\Desktop\ark.txt
2012-05-30 12:42 - 2012-05-30 12:42 - 00198881 ____A C:\Documents and Settings\Owner\Desktop\ark.txt
2012-05-30 12:38 - 2012-05-30 12:38 - 00198881 ____A C:\Users\Owner\Desktop\gmerlog.log
2012-05-30 12:38 - 2012-05-30 12:38 - 00198881 ____A C:\Documents and Settings\Owner\Desktop\gmerlog.log
2012-05-30 10:13 - 2012-05-30 10:13 - 00000000 ____D C:\Users\Owner\Desktop\gmer
2012-05-30 10:13 - 2012-05-30 10:13 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\gmer
2012-05-30 10:12 - 2012-05-30 10:12 - 00294216 ____A C:\Users\Owner\Desktop\gmer.zip
2012-05-30 10:12 - 2012-05-30 10:12 - 00294216 ____A C:\Documents and Settings\Owner\Desktop\gmer.zip
2012-05-30 10:09 - 2012-05-30 10:09 - 00017433 ____A C:\Users\Owner\Desktop\Attach.txt
2012-05-30 10:09 - 2012-05-30 10:09 - 00017433 ____A C:\Documents and Settings\Owner\Desktop\Attach.txt
2012-05-30 10:08 - 2012-05-30 10:08 - 00023019 ____A C:\Users\Owner\Desktop\DDS.txt
2012-05-30 10:08 - 2012-05-30 10:08 - 00023019 ____A C:\Documents and Settings\Owner\Desktop\DDS.txt
2012-05-30 10:01 - 2012-05-30 10:01 - 00607260 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2012-05-30 10:01 - 2012-05-30 10:01 - 00607260 ____R (Swearware) C:\Documents and Settings\Owner\Downloads\dds.scr
2012-05-30 09:59 - 2012-05-30 09:59 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-05-30 09:59 - 2012-05-30 09:59 - 00000472 ____A C:\Documents and Settings\Owner\Desktop\defogger_disable.log
2012-05-30 09:59 - 2012-05-30 09:59 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-05-30 09:59 - 2012-05-30 09:59 - 00000000 ____A C:\Documents and Settings\Owner\defogger_reenable
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\Local Settings\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\Local Settings\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D498E320-193B-432C-ABD7-9409101FC874}
2012-05-30 04:07 - 2012-05-30 04:07 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{CBEBF731-93F6-46D9-BAAE-7F51151A76DB}
2012-05-29 09:30 - 2012-05-29 09:29 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:30 - 2012-05-29 09:29 - 00000000 ____D C:\Users\Owner\Local Settings\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:30 - 2012-05-29 09:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:30 - 2012-05-29 09:29 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:30 - 2012-05-29 09:29 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:30 - 2012-05-29 09:29 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{1B5E8CE8-1DCD-4473-8C66-AAED5910A679}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Users\Owner\Local Settings\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 09:29 - 2012-05-29 09:29 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{8CA1CB7E-88B2-4A94-96BD-BE3ED966E897}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Users\Owner\Local Settings\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 07:00 - 2012-05-29 07:00 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D3D3F3DB-1625-417E-9230-1B1835B33909}
2012-05-29 07:00 - 2012-05-29 06:59 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-29 07:00 - 2012-05-29 06:59 - 00000000 ____D C:\Users\Owner\Local Settings\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-29 07:00 - 2012-05-29 06:59 - 00000000 ____D C:\Users\Owner\AppData\Local\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-29 07:00 - 2012-05-29 06:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-29 07:00 - 2012-05-29 06:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-29 07:00 - 2012-05-29 06:59 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{80421E20-D21B-4338-A303-55D8C2E8CA05}
2012-05-28 14:25 - 2012-05-28 14:24 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 14:25 - 2012-05-28 14:24 - 00000000 ____D C:\Users\Owner\Local Settings\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 14:25 - 2012-05-28 14:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 14:25 - 2012-05-28 14:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{A9E154EF-6911-4394-99F5-EF4133354DC5}2012-05-28 14:25 - 2012-05-28 14:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 14:25 - 2012-05-28 14:24 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{A9E154EF-6911-4394-99F5-EF4133354DC5}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Users\Owner\Local Settings\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 14:24 - 2012-05-28 14:24 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{03E01064-D37E-471E-BF9D-982D762167C7}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\Local Settings\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\Local Settings\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F799860F-B0C7-4D78-8807-6CBAE6716E5F}
2012-05-28 07:50 - 2012-05-28 07:50 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{026CA66B-5E46-4F94-B32D-DCF5F329243A}
2012-05-28 07:36 - 2012-05-28 07:35 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:36 - 2012-05-28 07:35 - 00000000 ____D C:\Users\Owner\Local Settings\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:36 - 2012-05-28 07:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:36 - 2012-05-28 07:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:36 - 2012-05-28 07:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:36 - 2012-05-28 07:35 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{EDE4EEB0-8C5E-4D30-A8F8-53D838792D37}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Users\Owner\Local Settings\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 07:35 - 2012-05-28 07:35 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{EF1FC2A5-2D06-4FB7-8BCD-7740B25FCA29}
2012-05-28 07:33 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\ShellNew
2012-05-28 05:47 - 2012-02-10 12:53 - 00004400 ____A C:\Windows\IE9_main.log
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\Local Settings\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\Local Settings\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{A35B7210-3627-47A7-B6A8-766E22E0E314}
2012-05-28 03:03 - 2012-05-28 03:03 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{3798E524-3F7D-48C3-AA7A-50A48FEFACB4}
2012-05-28 02:53 - 2012-05-28 02:52 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:53 - 2012-05-28 02:52 - 00000000 ____D C:\Users\Owner\Local Settings\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:53 - 2012-05-28 02:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:53 - 2012-05-28 02:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:53 - 2012-05-28 02:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:53 - 2012-05-28 02:52 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6D049CA2-DBE9-418A-A666-BEE925FD399E}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Users\Owner\Local Settings\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:52 - 2012-05-28 02:52 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{8BA2C5F7-98B5-47DB-AA4D-167B9F70386D}
2012-05-28 02:50 - 2012-05-28 02:50 - 00000000 ____D C:\Windows\pss
2012-05-28 02:26 - 2012-05-28 02:25 - 00114828 ____A C:\TDSSKiller.2.7.38.0_28.05.2012_06.25.59_log.txt
2012-05-28 02:25 - 2012-05-28 02:25 - 00000000 ____D C:\Users\Owner\My Documents\tdsskiller
2012-05-28 02:25 - 2012-05-28 02:25 - 00000000 ____D C:\Users\Owner\Documents\tdsskiller
2012-05-28 02:25 - 2012-05-28 02:25 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\tdsskiller
2012-05-28 02:25 - 2012-05-28 02:25 - 00000000 ____D C:\Documents and Settings\Owner\Documents\tdsskiller
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Users\Owner\Local Settings\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Users\Owner\AppData\Local\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:17 - 2012-05-28 02:17 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{4BEA83E0-6E1A-43D5-A3C1-7DAB66CA98C0}
2012-05-28 02:17 - 2012-05-28 02:16 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-28 02:17 - 2012-05-28 02:16 - 00000000 ____D C:\Users\Owner\Local Settings\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-28 02:17 - 2012-05-28 02:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-28 02:17 - 2012-05-28 02:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-28 02:17 - 2012-05-28 02:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-28 02:17 - 2012-05-28 02:16 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B43EDDEB-122D-4B4A-8467-A46B6DC01CAF}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\Local Settings\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\Local Settings\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{E81BE0B8-1A32-4AD0-8BE1-B7AB41AE2C4F}
2012-05-27 17:32 - 2012-05-27 17:32 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{DD0ED733-2CCD-4E77-9B34-F6234E8E1BDD}
2012-05-27 17:09 - 2012-05-27 17:09 - 00026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-05-27 17:09 - 2012-05-27 17:09 - 00000000 ____D C:\Users\Owner\Application Data\FixTDSS
2012-05-27 17:09 - 2012-05-27 17:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FixTDSS
2012-05-27 17:09 - 2012-05-27 17:09 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\FixTDSS
2012-05-27 17:09 - 2012-05-27 17:09 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Roaming\FixTDSS
2012-05-27 07:42 - 2012-05-27 07:41 - 00114540 ____A C:\TDSSKiller.2.7.37.0_27.05.2012_11.41.31_log.txt
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\Local Settings\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\Local Settings\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F137AFDC-7D3B-4D30-8EEE-67DC3A9C30D2}
2012-05-27 05:42 - 2012-05-27 05:42 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{12519133-D875-4451-BCB9-396C049E0847}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\Local Settings\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\Local Settings\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{687CD338-FC0D-4915-9482-1746A48862FA}
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{09029701-0C73-4100-8D1C-F1869E361E21}
2012-05-26 18:57 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\L2Schemas
2012-05-26 17:28 - 2012-05-26 17:28 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-26 17:28 - 2012-05-26 17:28 - 00000868 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-26 17:28 - 2012-05-26 17:28 - 00000868 ____A C:\Documents and Settings\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-26 17:28 - 2012-05-26 17:28 - 00000868 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Users\Owner\Application Data\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Roaming\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Documents and Settings\All Users\Malwarebytes
2012-05-26 17:28 - 2012-05-26 17:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Users\Owner\Local Settings\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:14 - 2012-05-26 14:14 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{5577A308-B0B6-426C-B3CC-2C9FC9E6D315}
2012-05-26 14:14 - 2012-05-26 14:13 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-26 14:14 - 2012-05-26 14:13 - 00000000 ____D C:\Users\Owner\Local Settings\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-26 14:14 - 2012-05-26 14:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-26 14:14 - 2012-05-26 14:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-26 14:14 - 2012-05-26 14:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-26 14:14 - 2012-05-26 14:13 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{49B8C554-B9DE-48E1-B471-D6ECD304A25A}
2012-05-25 17:11 - 2010-10-30 05:41 - 00000000 ____D C:\Users\Owner\Local Settings\Windows Live
2012-05-25 17:11 - 2010-10-30 05:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\Windows Live
2012-05-25 17:11 - 2010-10-30 05:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2012-05-25 17:11 - 2010-10-30 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Windows Live
2012-05-25 17:11 - 2010-10-30 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Live
2012-05-25 17:11 - 2010-10-30 05:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\Windows Live
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Users\Owner\Local Settings\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:37 - 2012-05-25 10:37 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{DE3B0F3F-C109-4A62-BBEC-4A9A91FEFDDE}
2012-05-25 10:37 - 2012-05-25 10:36 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-25 10:37 - 2012-05-25 10:36 - 00000000 ____D C:\Users\Owner\Local Settings\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-25 10:37 - 2012-05-25 10:36 - 00000000 ____D C:\Users\Owner\AppData\Local\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-25 10:37 - 2012-05-25 10:36 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-25 10:37 - 2012-05-25 10:36 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-25 10:37 - 2012-05-25 10:36 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{9A6C2756-7B01-4A8F-87FF-DD930CA85B80}
2012-05-24 07:06 - 2012-05-24 07:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:06 - 2012-05-24 07:05 - 00000000 ____D C:\Users\Owner\Local Settings\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:06 - 2012-05-24 07:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:06 - 2012-05-24 07:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:06 - 2012-05-24 07:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:06 - 2012-05-24 07:05 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B81B44F9-E225-484A-8EA8-639193A9AB2E}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Users\Owner\Local Settings\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-24 07:05 - 2012-05-24 07:05 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{A3508624-5C68-4583-9F36-B97EE5ABCBE2}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\Local Settings\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\Local Settings\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{85577C96-6CF1-4A1D-B8E1-C36C46A9ADFE}
2012-05-23 08:07 - 2012-05-23 08:07 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{1B7EF9B9-8CF8-44CC-B1E5-C1DA7EFE4D58}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Users\Owner\Local Settings\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:57 - 2012-05-22 06:57 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{0FED124C-DAA6-4CE1-B98A-60309F1E1E1E}
2012-05-22 06:57 - 2012-05-22 06:56 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-22 06:57 - 2012-05-22 06:56 - 00000000 ____D C:\Users\Owner\Local Settings\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-22 06:57 - 2012-05-22 06:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-22 06:57 - 2012-05-22 06:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-22 06:57 - 2012-05-22 06:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-22 06:57 - 2012-05-22 06:56 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F1DB6BF4-A2E2-485B-8996-AE77206CF742}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\Local Settings\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\Local Settings\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{FC05B268-7CBA-4CC8-B7A1-A73DD48DB741}
2012-05-21 06:04 - 2012-05-21 06:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{45E40D52-7B28-4CA4-AB3B-411613AD4858}
2012-05-20 09:17 - 2012-05-09 08:45 - 00024923 ____A C:\Users\Owner\My Documents\CBresume2.docx
2012-05-20 09:17 - 2012-05-09 08:45 - 00024923 ____A C:\Users\Owner\Documents\CBresume2.docx
2012-05-20 09:17 - 2012-05-09 08:45 - 00024923 ____A C:\Documents and Settings\Owner\My Documents\CBresume2.docx
2012-05-20 09:17 - 2012-05-09 08:45 - 00024923 ____A C:\Documents and Settings\Owner\Documents\CBresume2.docx
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\Local Settings\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\Local Settings\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{91E32FCF-E91E-43D0-8E6F-0D97F00462E2}
2012-05-20 06:56 - 2012-05-20 06:56 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6D4C397F-CA4F-4FB1-93D4-BE935F73B738}
2012-05-19 12:14 - 2012-05-19 12:13 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:14 - 2012-05-19 12:13 - 00000000 ____D C:\Users\Owner\Local Settings\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:14 - 2012-05-19 12:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:14 - 2012-05-19 12:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:14 - 2012-05-19 12:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:14 - 2012-05-19 12:13 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B0F91EF8-2CDF-4765-890C-CEA663103A94}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Users\Owner\Local Settings\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-19 12:13 - 2012-05-19 12:13 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{0E354617-C529-4BC8-AC3B-097DAA9812D8}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D1D86C04-DFEA-4DA4-8150-A56F748622F7}
2012-05-18 08:05 - 2012-05-18 08:05 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{3A7933E8-22DA-4960-97EC-C54E84CC7CB5}
2012-05-18 08:04 - 2009-04-18 08:02 - 00000322 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\Local Settings\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\Local Settings\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{72E0CB58-24F4-4B54-9384-850417EDCF1D}
2012-05-17 06:27 - 2012-05-17 06:27 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{1E9512A9-C8A6-444A-8A4B-6D03DFFA8CA7}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Users\Owner\Local Settings\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:12 - 2012-05-16 07:12 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{630C8C69-849D-4E7C-BA38-45152069466B}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Users\Owner\Local Settings\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-16 07:11 - 2012-05-16 07:11 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{05314189-94B2-4977-9B67-BC11022DDF73}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Users\Owner\Local Settings\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Users\Owner\AppData\Local\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:33 - 2012-05-15 07:33 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{BA152013-3A16-4E35-9355-62F2484B3C78}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Users\Owner\Local Settings\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-15 07:32 - 2012-05-15 07:32 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{BBA65F2C-0B67-4408-99DD-ECA8CB6EA897}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{EBE39864-C054-4D5E-86A6-B4F131C18E20}
2012-05-14 07:19 - 2012-05-14 07:19 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{9BD467BD-A7DE-4391-9970-EBF8F91A7348}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\Local Settings\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\Local Settings\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D383DD9D-144E-4483-B6BE-94ED6559237B}
2012-05-13 15:09 - 2012-05-13 15:09 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{09278300-4FDA-4C32-B02D-074D13DFEFDC}
2012-05-11 09:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\Local Settings\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\Local Settings\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{FE020456-12D1-4D77-96BF-8A3B43D2CDBD}
2012-05-11 08:54 - 2012-05-11 08:54 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6B5AC01A-5A9F-4C7E-870D-791EC2F18B45}
2012-05-11 08:52 - 2006-11-02 04:47 - 00331504 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 08:50 - 2008-11-06 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 08:49 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2012-05-11 08:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-11 08:34 - 2009-05-14 13:07 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 08:34 - 2009-05-14 13:07 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-05-11 08:34 - 2009-05-14 13:07 - 00000000 ____D C:\Documents and Settings\All Users\Microsoft Help
2012-05-11 08:34 - 2009-05-14 13:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-05-11 08:31 - 2006-11-02 02:24 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-05-11 08:16 - 2012-05-11 08:15 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:16 - 2012-05-11 08:15 - 00000000 ____D C:\Users\Owner\Local Settings\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:16 - 2012-05-11 08:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:16 - 2012-05-11 08:15 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:16 - 2012-05-11 08:15 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:16 - 2012-05-11 08:15 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{09C8479E-6D7E-4EFF-8EDF-C2FD0196E0E9}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Users\Owner\Local Settings\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-11 08:15 - 2012-05-11 08:15 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B64150C9-88CE-4A21-B547-031BCAE63616}
2012-05-10 07:57 - 2012-05-10 07:57 - 00000162 ___AH C:\Users\Owner\My Documents\~$resume2.docx
2012-05-10 07:57 - 2012-05-10 07:57 - 00000162 ___AH C:\Users\Owner\Documents\~$resume2.docx
2012-05-10 07:57 - 2012-05-10 07:57 - 00000162 ___AH C:\Documents and Settings\Owner\My Documents\~$resume2.docx
2012-05-10 07:57 - 2012-05-10 07:57 - 00000162 ___AH C:\Documents and Settings\Owner\Documents\~$resume2.docx
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Users\Owner\Local Settings\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:03 - 2012-05-10 07:03 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{643BEB00-01BC-4303-9A1A-B9E8C297E4F6}
2012-05-10 07:03 - 2012-05-10 07:02 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-10 07:03 - 2012-05-10 07:02 - 00000000 ____D C:\Users\Owner\Local Settings\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-10 07:03 - 2012-05-10 07:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-10 07:03 - 2012-05-10 07:02 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-10 07:03 - 2012-05-10 07:02 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-10 07:03 - 2012-05-10 07:02 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{AD0D8E23-16C9-4D71-9867-3F9B3C92822D}
2012-05-09 17:08 - 2012-05-09 17:04 - 00003374 ____A C:\Users\Owner\My Documents\CBresume2.txt
2012-05-09 17:08 - 2012-05-09 17:04 - 00003374 ____A C:\Users\Owner\Documents\CBresume2.txt
2012-05-09 17:08 - 2012-05-09 17:04 - 00003374 ____A C:\Documents and Settings\Owner\My Documents\CBresume2.txt
2012-05-09 17:08 - 2012-05-09 17:04 - 00003374 ____A C:\Documents and Settings\Owner\Documents\CBresume2.txt
2012-05-09 16:58 - 2012-05-09 16:58 - 00058880 ____A C:\Users\Owner\My Documents\CBresume2.doc
2012-05-09 16:58 - 2012-05-09 16:58 - 00058880 ____A C:\Users\Owner\Documents\CBresume2.doc
2012-05-09 16:58 - 2012-05-09 16:58 - 00058880 ____A C:\Documents and Settings\Owner\My Documents\CBresume2.doc
2012-05-09 16:58 - 2012-05-09 16:58 - 00058880 ____A C:\Documents and Settings\Owner\Documents\CBresume2.doc
2012-05-09 07:05 - 2012-05-09 07:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8A731D00-BF68-4C67-AA6C-0925D6B301EE}
2012-05-09 07:05 - 2012-05-09 07:05 - 00000000 ____D C:\Users\Owner\Local Settings\{8A731D00-BF68-4C67-AA6C-0925D6B301EE}
2012-05-09 07:05 - 2012-05-09 07:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{8A731D00-BF68-4C67-AA6C-0925D6B301EE}
2012-05-09 07:05 - 2012-05-09 07:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{8A731D00-BF68-4C67-AA6C-0925D6B301EE}
2012-05-09 07:05 - 2012-05-09 07:05 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{8A731D00-BF68-4C67-AA6C-0925D6B301EE}
2012-05-09 07:05 - 2012-05-09 07:05 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{8A731D00-BF68-4C67-AA6C-0925D6B301EE}
2012-05-09 07:05 - 2012-05-09 07:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F829484C-13AD-46E4-B065-30ABBF3B94C3}
2012-05-09 07:05 - 2012-05-09 07:04 - 00000000 ____D C:\Users\Owner\Local Settings\{F829484C-13AD-46E4-B065-30ABBF3B94C3}
2012-05-09 07:05 - 2012-05-09 07:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{F829484C-13AD-46E4-B065-30ABBF3B94C3}
2012-05-09 07:05 - 2012-05-09 07:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F829484C-13AD-46E4-B065-30ABBF3B94C3}
2012-05-09 07:05 - 2012-05-09 07:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F829484C-13AD-46E4-B065-30ABBF3B94C3}
2012-05-09 07:05 - 2012-05-09 07:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F829484C-13AD-46E4-B065-30ABBF3B94C3}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F2C83039-8D9D-4853-A493-C674A1BA458D}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{85429D4C-8E76-427A-8800-78A5D6A48A97}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Users\Owner\Local Settings\{F2C83039-8D9D-4853-A493-C674A1BA458D}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Users\Owner\Local Settings\{85429D4C-8E76-427A-8800-78A5D6A48A97}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{F2C83039-8D9D-4853-A493-C674A1BA458D}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{85429D4C-8E76-427A-8800-78A5D6A48A97}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F2C83039-8D9D-4853-A493-C674A1BA458D}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{85429D4C-8E76-427A-8800-78A5D6A48A97}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F2C83039-8D9D-4853-A493-C674A1BA458D}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{85429D4C-8E76-427A-8800-78A5D6A48A97}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F2C83039-8D9D-4853-A493-C674A1BA458D}
2012-05-08 07:15 - 2012-05-08 07:15 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{85429D4C-8E76-427A-8800-78A5D6A48A97}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{5BD0BCEA-645D-4EC1-85FE-FF54BBDFAD39}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{14D41652-B07A-4C5B-AA32-1DB365D0BE8A}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Users\Owner\Local Settings\{5BD0BCEA-645D-4EC1-85FE-FF54BBDFAD39}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Users\Owner\Local Settings\{14D41652-B07A-4C5B-AA32-1DB365D0BE8A}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{5BD0BCEA-645D-4EC1-85FE-FF54BBDFAD39}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{14D41652-B07A-4C5B-AA32-1DB365D0BE8A}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{5BD0BCEA-645D-4EC1-85FE-FF54BBDFAD39}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{14D41652-B07A-4C5B-AA32-1DB365D0BE8A}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{5BD0BCEA-645D-4EC1-85FE-FF54BBDFAD39}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{14D41652-B07A-4C5B-AA32-1DB365D0BE8A}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{5BD0BCEA-645D-4EC1-85FE-FF54BBDFAD39}
2012-05-07 08:08 - 2012-05-07 08:08 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{14D41652-B07A-4C5B-AA32-1DB365D0BE8A}
2012-05-06 07:57 - 2012-05-06 07:57 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{366D94C1-F6F5-4EC0-B66D-2F2DCF30B979}
2012-05-06 07:57 - 2012-05-06 07:57 - 00000000 ____D C:\Users\Owner\Local Settings\{366D94C1-F6F5-4EC0-B66D-2F2DCF30B979}
2012-05-06 07:57 - 2012-05-06 07:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{366D94C1-F6F5-4EC0-B66D-2F2DCF30B979}
2012-05-06 07:57 - 2012-05-06 07:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{366D94C1-F6F5-4EC0-B66D-2F2DCF30B979}
2012-05-06 07:57 - 2012-05-06 07:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{366D94C1-F6F5-4EC0-B66D-2F2DCF30B979}
2012-05-06 07:57 - 2012-05-06 07:57 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{366D94C1-F6F5-4EC0-B66D-2F2DCF30B979}
2012-05-06 07:57 - 2012-05-06 07:56 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{937ED48F-8222-4E07-A4CC-F93504792C1A}
2012-05-06 07:57 - 2012-05-06 07:56 - 00000000 ____D C:\Users\Owner\Local Settings\{937ED48F-8222-4E07-A4CC-F93504792C1A}
2012-05-06 07:57 - 2012-05-06 07:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{937ED48F-8222-4E07-A4CC-F93504792C1A}
2012-05-06 07:57 - 2012-05-06 07:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{937ED48F-8222-4E07-A4CC-F93504792C1A}
2012-05-06 07:57 - 2012-05-06 07:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{937ED48F-8222-4E07-A4CC-F93504792C1A}
2012-05-06 07:57 - 2012-05-06 07:56 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{937ED48F-8222-4E07-A4CC-F93504792C1A}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{7A045ABE-6F10-406B-9B55-22432C5FD013}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{1AA4487E-7305-4AC7-8727-7BEC4D5F1A46}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Users\Owner\Local Settings\{7A045ABE-6F10-406B-9B55-22432C5FD013}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Users\Owner\Local Settings\{1AA4487E-7305-4AC7-8727-7BEC4D5F1A46}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Users\Owner\AppData\Local\{7A045ABE-6F10-406B-9B55-22432C5FD013}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Users\Owner\AppData\Local\{1AA4487E-7305-4AC7-8727-7BEC4D5F1A46}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{7A045ABE-6F10-406B-9B55-22432C5FD013}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{1AA4487E-7305-4AC7-8727-7BEC4D5F1A46}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{7A045ABE-6F10-406B-9B55-22432C5FD013}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{1AA4487E-7305-4AC7-8727-7BEC4D5F1A46}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{7A045ABE-6F10-406B-9B55-22432C5FD013}
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{1AA4487E-7305-4AC7-8727-7BEC4D5F1A46}
2012-05-04 18:10 - 2012-05-04 18:09 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{5712321B-44BB-483F-9499-C262D3831056}
2012-05-04 18:10 - 2012-05-04 18:09 - 00000000 ____D C:\Users\Owner\Local Settings\{5712321B-44BB-483F-9499-C262D3831056}
2012-05-04 18:10 - 2012-05-04 18:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{5712321B-44BB-483F-9499-C262D3831056}
2012-05-04 18:10 - 2012-05-04 18:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{5712321B-44BB-483F-9499-C262D3831056}
2012-05-04 18:10 - 2012-05-04 18:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{5712321B-44BB-483F-9499-C262D3831056}
2012-05-04 18:10 - 2012-05-04 18:09 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{5712321B-44BB-483F-9499-C262D3831056}
2012-05-04 18:09 - 2012-05-04 18:09 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{949617AB-2BD5-4A59-9E22-705BE3EA52F7}
2012-05-04 18:09 - 2012-05-04 18:09 - 00000000 ____D C:\Users\Owner\Local Settings\{949617AB-2BD5-4A59-9E22-705BE3EA52F7}
2012-05-04 18:09 - 2012-05-04 18:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{949617AB-2BD5-4A59-9E22-705BE3EA52F7}
2012-05-04 18:09 - 2012-05-04 18:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{949617AB-2BD5-4A59-9E22-705BE3EA52F7}
2012-05-04 18:09 - 2012-05-04 18:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{949617AB-2BD5-4A59-9E22-705BE3EA52F7}
2012-05-04 18:09 - 2012-05-04 18:09 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{949617AB-2BD5-4A59-9E22-705BE3EA52F7}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{64832811-062A-4AAF-81B3-971776DBC459}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{22984FDD-F820-481A-8D97-8B74FBEDAEC6}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Users\Owner\Local Settings\{64832811-062A-4AAF-81B3-971776DBC459}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Users\Owner\Local Settings\{22984FDD-F820-481A-8D97-8B74FBEDAEC6}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{64832811-062A-4AAF-81B3-971776DBC459}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{22984FDD-F820-481A-8D97-8B74FBEDAEC6}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{64832811-062A-4AAF-81B3-971776DBC459}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{22984FDD-F820-481A-8D97-8B74FBEDAEC6}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{64832811-062A-4AAF-81B3-971776DBC459}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{22984FDD-F820-481A-8D97-8B74FBEDAEC6}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{64832811-062A-4AAF-81B3-971776DBC459}
2012-05-04 08:10 - 2012-05-04 08:10 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{22984FDD-F820-481A-8D97-8B74FBEDAEC6}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{70C2F704-6964-4A1C-BBCE-9B24B3478EDA}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3581B6F3-A654-4606-8D4D-AFB663637CF3}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Users\Owner\Local Settings\{70C2F704-6964-4A1C-BBCE-9B24B3478EDA}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Users\Owner\Local Settings\{3581B6F3-A654-4606-8D4D-AFB663637CF3}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{70C2F704-6964-4A1C-BBCE-9B24B3478EDA}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{3581B6F3-A654-4606-8D4D-AFB663637CF3}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{70C2F704-6964-4A1C-BBCE-9B24B3478EDA}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{3581B6F3-A654-4606-8D4D-AFB663637CF3}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{70C2F704-6964-4A1C-BBCE-9B24B3478EDA}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{3581B6F3-A654-4606-8D4D-AFB663637CF3}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{70C2F704-6964-4A1C-BBCE-9B24B3478EDA}
2012-05-03 07:24 - 2012-05-03 07:24 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{3581B6F3-A654-4606-8D4D-AFB663637CF3}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{DCE96656-D23C-401F-B390-6541BA195E56}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D88A6CBC-EA67-420B-A456-4C7EA0D16B58}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Users\Owner\Local Settings\{DCE96656-D23C-401F-B390-6541BA195E56}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Users\Owner\Local Settings\{D88A6CBC-EA67-420B-A456-4C7EA0D16B58}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{DCE96656-D23C-401F-B390-6541BA195E56}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{D88A6CBC-EA67-420B-A456-4C7EA0D16B58}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{DCE96656-D23C-401F-B390-6541BA195E56}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D88A6CBC-EA67-420B-A456-4C7EA0D16B58}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{DCE96656-D23C-401F-B390-6541BA195E56}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D88A6CBC-EA67-420B-A456-4C7EA0D16B58}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{DCE96656-D23C-401F-B390-6541BA195E56}
2012-05-02 08:04 - 2012-05-02 08:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D88A6CBC-EA67-420B-A456-4C7EA0D16B58}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{EC95A482-5CFB-4CF6-8AE2-0F50782F21D1}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{53E812F7-762D-4EBE-B327-AAC8D76D772A}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\{EC95A482-5CFB-4CF6-8AE2-0F50782F21D1}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\{53E812F7-762D-4EBE-B327-AAC8D76D772A}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{EC95A482-5CFB-4CF6-8AE2-0F50782F21D1}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{53E812F7-762D-4EBE-B327-AAC8D76D772A}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{EC95A482-5CFB-4CF6-8AE2-0F50782F21D1}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{53E812F7-762D-4EBE-B327-AAC8D76D772A}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{EC95A482-5CFB-4CF6-8AE2-0F50782F21D1}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{53E812F7-762D-4EBE-B327-AAC8D76D772A}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{EC95A482-5CFB-4CF6-8AE2-0F50782F21D1}
2012-05-01 07:19 - 2012-05-01 07:19 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{53E812F7-762D-4EBE-B327-AAC8D76D772A}
2012-04-30 07:28 - 2012-04-30 07:28 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8A6F3D78-D631-4ABE-B2B5-0AB2C0683FAD}
2012-04-30 07:28 - 2012-04-30 07:28 - 00000000 ____D C:\Users\Owner\Local Settings\{8A6F3D78-D631-4ABE-B2B5-0AB2C0683FAD}
2012-04-30 07:28 - 2012-04-30 07:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{8A6F3D78-D631-4ABE-B2B5-0AB2C0683FAD}
2012-04-30 07:28 - 2012-04-30 07:28 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{8A6F3D78-D631-4ABE-B2B5-0AB2C0683FAD}
2012-04-30 07:28 - 2012-04-30 07:28 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{8A6F3D78-D631-4ABE-B2B5-0AB2C0683FAD}
2012-04-30 07:28 - 2012-04-30 07:28 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{8A6F3D78-D631-4ABE-B2B5-0AB2C0683FAD}
2012-04-30 07:28 - 2012-04-30 07:27 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0CF97421-E0D3-4A87-8571-F5902EFC63CA}
2012-04-30 07:28 - 2012-04-30 07:27 - 00000000 ____D C:\Users\Owner\Local Settings\{0CF97421-E0D3-4A87-8571-F5902EFC63CA}
2012-04-30 07:28 - 2012-04-30 07:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{0CF97421-E0D3-4A87-8571-F5902EFC63CA}
2012-04-30 07:28 - 2012-04-30 07:27 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{0CF97421-E0D3-4A87-8571-F5902EFC63CA}
2012-04-30 07:28 - 2012-04-30 07:27 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{0CF97421-E0D3-4A87-8571-F5902EFC63CA}
2012-04-30 07:28 - 2012-04-30 07:27 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{0CF97421-E0D3-4A87-8571-F5902EFC63CA}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{94870C2C-2395-4798-9AAA-7E561E3817BA}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{795642F7-EBD2-4C62-B729-AADB821E8361}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\{94870C2C-2395-4798-9AAA-7E561E3817BA}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Users\Owner\Local Settings\{795642F7-EBD2-4C62-B729-AADB821E8361}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{94870C2C-2395-4798-9AAA-7E561E3817BA}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{795642F7-EBD2-4C62-B729-AADB821E8361}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{94870C2C-2395-4798-9AAA-7E561E3817BA}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{795642F7-EBD2-4C62-B729-AADB821E8361}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{94870C2C-2395-4798-9AAA-7E561E3817BA}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{795642F7-EBD2-4C62-B729-AADB821E8361}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{94870C2C-2395-4798-9AAA-7E561E3817BA}
2012-04-29 09:30 - 2012-04-29 09:30 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{795642F7-EBD2-4C62-B729-AADB821E8361}
2012-04-28 07:33 - 2012-04-28 07:33 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{726F50A7-A7BA-49D3-8BFD-B5BB965C0DB7}
2012-04-28 07:33 - 2012-04-28 07:33 - 00000000 ____D C:\Users\Owner\Local Settings\{726F50A7-A7BA-49D3-8BFD-B5BB965C0DB7}
2012-04-28 07:33 - 2012-04-28 07:33 - 00000000 ____D C:\Users\Owner\AppData\Local\{726F50A7-A7BA-49D3-8BFD-B5BB965C0DB7}
2012-04-28 07:33 - 2012-04-28 07:33 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{726F50A7-A7BA-49D3-8BFD-B5BB965C0DB7}
2012-04-28 07:33 - 2012-04-28 07:33 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{726F50A7-A7BA-49D3-8BFD-B5BB965C0DB7}
2012-04-28 07:33 - 2012-04-28 07:33 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{726F50A7-A7BA-49D3-8BFD-B5BB965C0DB7}
2012-04-28 07:33 - 2012-04-28 07:32 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{5E015988-9858-4E39-9DFC-C455F2AA0A11}
2012-04-28 07:33 - 2012-04-28 07:32 - 00000000 ____D C:\Users\Owner\Local Settings\{5E015988-9858-4E39-9DFC-C455F2AA0A11}
2012-04-28 07:33 - 2012-04-28 07:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{5E015988-9858-4E39-9DFC-C455F2AA0A11}
2012-04-28 07:33 - 2012-04-28 07:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{5E015988-9858-4E39-9DFC-C455F2AA0A11}
2012-04-28 07:33 - 2012-04-28 07:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{5E015988-9858-4E39-9DFC-C455F2AA0A11}
2012-04-28 07:33 - 2012-04-28 07:32 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{5E015988-9858-4E39-9DFC-C455F2AA0A11}
2012-04-27 06:26 - 2012-04-27 06:26 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{862CAD6E-704B-4CF2-80B9-B23D5553AE3A}
2012-04-27 06:26 - 2012-04-27 06:26 - 00000000 ____D C:\Users\Owner\Local Settings\{862CAD6E-704B-4CF2-80B9-B23D5553AE3A}
2012-04-27 06:26 - 2012-04-27 06:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{862CAD6E-704B-4CF2-80B9-B23D5553AE3A}
2012-04-27 06:26 - 2012-04-27 06:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{862CAD6E-704B-4CF2-80B9-B23D5553AE3A}
2012-04-27 06:26 - 2012-04-27 06:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{862CAD6E-704B-4CF2-80B9-B23D5553AE3A}
2012-04-27 06:26 - 2012-04-27 06:26 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{862CAD6E-704B-4CF2-80B9-B23D5553AE3A}
2012-04-27 06:26 - 2012-04-27 06:25 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8E52BC6D-FB92-47AA-8E40-84044A2CA84B}
2012-04-27 06:26 - 2012-04-27 06:25 - 00000000 ____D C:\Users\Owner\Local Settings\{8E52BC6D-FB92-47AA-8E40-84044A2CA84B}
2012-04-27 06:26 - 2012-04-27 06:25 - 00000000 ____D C:\Users\Owner\AppData\Local\{8E52BC6D-FB92-47AA-8E40-84044A2CA84B}
2012-04-27 06:26 - 2012-04-27 06:25 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{8E52BC6D-FB92-47AA-8E40-84044A2CA84B}
2012-04-27 06:26 - 2012-04-27 06:25 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{8E52BC6D-FB92-47AA-8E40-84044A2CA84B}
2012-04-27 06:26 - 2012-04-27 06:25 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{8E52BC6D-FB92-47AA-8E40-84044A2CA84B}
2012-04-26 08:23 - 2012-04-26 08:22 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0FFDD209-6F1B-4B2F-AB1C-19FC07F49606}
2012-04-26 08:23 - 2012-04-26 08:22 - 00000000 ____D C:\Users\Owner\Local Settings\{0FFDD209-6F1B-4B2F-AB1C-19FC07F49606}
2012-04-26 08:23 - 2012-04-26 08:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{0FFDD209-6F1B-4B2F-AB1C-19FC07F49606}
2012-04-26 08:23 - 2012-04-26 08:22 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{0FFDD209-6F1B-4B2F-AB1C-19FC07F49606}
2012-04-26 08:23 - 2012-04-26 08:22 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{0FFDD209-6F1B-4B2F-AB1C-19FC07F49606}
2012-04-26 08:23 - 2012-04-26 08:22 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{0FFDD209-6F1B-4B2F-AB1C-19FC07F49606}
2012-04-26 08:22 - 2012-04-26 08:22 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3453FBE3-54FF-427B-A381-6ACC7245FC39}
2012-04-26 08:22 - 2012-04-26 08:22 - 00000000 ____D C:\Users\Owner\Local Settings\{3453FBE3-54FF-427B-A381-6ACC7245FC39}
2012-04-26 08:22 - 2012-04-26 08:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{3453FBE3-54FF-427B-A381-6ACC7245FC39}
2012-04-26 08:22 - 2012-04-26 08:22 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{3453FBE3-54FF-427B-A381-6ACC7245FC39}
2012-04-26 08:22 - 2012-04-26 08:22 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{3453FBE3-54FF-427B-A381-6ACC7245FC39}
2012-04-26 08:22 - 2012-04-26 08:22 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{3453FBE3-54FF-427B-A381-6ACC7245FC39}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F2851FA1-DDD7-40B3-BF9E-7C4228A659F3}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{9B76009F-0F6F-4746-A9E5-B66178A2A9A4}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Users\Owner\Local Settings\{F2851FA1-DDD7-40B3-BF9E-7C4228A659F3}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Users\Owner\Local Settings\{9B76009F-0F6F-4746-A9E5-B66178A2A9A4}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{F2851FA1-DDD7-40B3-BF9E-7C4228A659F3}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{9B76009F-0F6F-4746-A9E5-B66178A2A9A4}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F2851FA1-DDD7-40B3-BF9E-7C4228A659F3}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{9B76009F-0F6F-4746-A9E5-B66178A2A9A4}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F2851FA1-DDD7-40B3-BF9E-7C4228A659F3}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{9B76009F-0F6F-4746-A9E5-B66178A2A9A4}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F2851FA1-DDD7-40B3-BF9E-7C4228A659F3}
2012-04-25 06:43 - 2012-04-25 06:43 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{9B76009F-0F6F-4746-A9E5-B66178A2A9A4}
2012-04-24 08:05 - 2012-04-24 08:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B6B50FBD-6AA6-45C8-9BE8-366402BA3A42}
2012-04-24 08:05 - 2012-04-24 08:04 - 00000000 ____D C:\Users\Owner\Local Settings\{B6B50FBD-6AA6-45C8-9BE8-366402BA3A42}
2012-04-24 08:05 - 2012-04-24 08:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{B6B50FBD-6AA6-45C8-9BE8-366402BA3A42}
2012-04-24 08:05 - 2012-04-24 08:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B6B50FBD-6AA6-45C8-9BE8-366402BA3A42}
2012-04-24 08:05 - 2012-04-24 08:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B6B50FBD-6AA6-45C8-9BE8-366402BA3A42}
2012-04-24 08:05 - 2012-04-24 08:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B6B50FBD-6AA6-45C8-9BE8-366402BA3A42}
2012-04-24 08:04 - 2012-04-24 08:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{994A416A-EBC1-4EE4-AE97-B7B1419B4B56}
2012-04-24 08:04 - 2012-04-24 08:04 - 00000000 ____D C:\Users\Owner\Local Settings\{994A416A-EBC1-4EE4-AE97-B7B1419B4B56}
2012-04-24 08:04 - 2012-04-24 08:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{994A416A-EBC1-4EE4-AE97-B7B1419B4B56}
2012-04-24 08:04 - 2012-04-24 08:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{994A416A-EBC1-4EE4-AE97-B7B1419B4B56}
2012-04-24 08:04 - 2012-04-24 08:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{994A416A-EBC1-4EE4-AE97-B7B1419B4B56}
2012-04-24 08:04 - 2012-04-24 08:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{994A416A-EBC1-4EE4-AE97-B7B1419B4B56}
2012-04-23 12:21 - 2012-04-23 12:21 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8BA40C26-594B-4ACF-88FD-74025FC85D41}
2012-04-23 12:21 - 2012-04-23 12:21 - 00000000 ____D C:\Users\Owner\Local Settings\{8BA40C26-594B-4ACF-88FD-74025FC85D41}
2012-04-23 12:21 - 2012-04-23 12:21 - 00000000 ____D C:\Users\Owner\AppData\Local\{8BA40C26-594B-4ACF-88FD-74025FC85D41}
2012-04-23 12:21 - 2012-04-23 12:21 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{8BA40C26-594B-4ACF-88FD-74025FC85D41}
2012-04-23 12:21 - 2012-04-23 12:21 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{8BA40C26-594B-4ACF-88FD-74025FC85D41}
2012-04-23 12:21 - 2012-04-23 12:21 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{8BA40C26-594B-4ACF-88FD-74025FC85D41}
2012-04-23 12:21 - 2012-04-23 12:20 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{861BD1AB-F476-4CA4-BA8A-A176DCD43355}
2012-04-23 12:21 - 2012-04-23 12:20 - 00000000 ____D C:\Users\Owner\Local Settings\{861BD1AB-F476-4CA4-BA8A-A176DCD43355}
2012-04-23 12:21 - 2012-04-23 12:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{861BD1AB-F476-4CA4-BA8A-A176DCD43355}
2012-04-23 12:21 - 2012-04-23 12:20 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{861BD1AB-F476-4CA4-BA8A-A176DCD43355}
2012-04-23 12:21 - 2012-04-23 12:20 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{861BD1AB-F476-4CA4-BA8A-A176DCD43355}
2012-04-23 12:21 - 2012-04-23 12:20 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{861BD1AB-F476-4CA4-BA8A-A176DCD43355}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{E170C87F-E8D8-4AA7-9D0E-5962807871C9}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{2637BE53-5ECC-41EB-A996-106D179A96BA}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Users\Owner\Local Settings\{E170C87F-E8D8-4AA7-9D0E-5962807871C9}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Users\Owner\Local Settings\{2637BE53-5ECC-41EB-A996-106D179A96BA}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{E170C87F-E8D8-4AA7-9D0E-5962807871C9}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{2637BE53-5ECC-41EB-A996-106D179A96BA}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{E170C87F-E8D8-4AA7-9D0E-5962807871C9}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{2637BE53-5ECC-41EB-A996-106D179A96BA}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{E170C87F-E8D8-4AA7-9D0E-5962807871C9}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{2637BE53-5ECC-41EB-A996-106D179A96BA}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{E170C87F-E8D8-4AA7-9D0E-5962807871C9}
2012-04-22 11:00 - 2012-04-22 11:00 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{2637BE53-5ECC-41EB-A996-106D179A96BA}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6225AB99-02BC-4835-B02E-6C26F8C3B99B}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{5AF92703-F0E0-499D-B30B-616E23309D19}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Users\Owner\Local Settings\{6225AB99-02BC-4835-B02E-6C26F8C3B99B}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Users\Owner\Local Settings\{5AF92703-F0E0-499D-B30B-616E23309D19}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{6225AB99-02BC-4835-B02E-6C26F8C3B99B}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{5AF92703-F0E0-499D-B30B-616E23309D19}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6225AB99-02BC-4835-B02E-6C26F8C3B99B}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{5AF92703-F0E0-499D-B30B-616E23309D19}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6225AB99-02BC-4835-B02E-6C26F8C3B99B}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{5AF92703-F0E0-499D-B30B-616E23309D19}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6225AB99-02BC-4835-B02E-6C26F8C3B99B}
2012-04-22 07:37 - 2012-04-22 07:37 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{5AF92703-F0E0-499D-B30B-616E23309D19}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{CC32F652-17A2-4848-BDCE-EF339BEF010B}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6E6326F7-A065-45D7-836C-4D1DB4EE17E8}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Users\Owner\Local Settings\{CC32F652-17A2-4848-BDCE-EF339BEF010B}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Users\Owner\Local Settings\{6E6326F7-A065-45D7-836C-4D1DB4EE17E8}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{CC32F652-17A2-4848-BDCE-EF339BEF010B}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{6E6326F7-A065-45D7-836C-4D1DB4EE17E8}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{CC32F652-17A2-4848-BDCE-EF339BEF010B}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6E6326F7-A065-45D7-836C-4D1DB4EE17E8}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{CC32F652-17A2-4848-BDCE-EF339BEF010B}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6E6326F7-A065-45D7-836C-4D1DB4EE17E8}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{CC32F652-17A2-4848-BDCE-EF339BEF010B}
2012-04-21 06:54 - 2012-04-21 06:54 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6E6326F7-A065-45D7-836C-4D1DB4EE17E8}
2012-04-20 10:38 - 2012-04-20 10:38 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{7EAFACE8-2685-4C09-8E33-647445D677C2}
2012-04-20 10:38 - 2012-04-20 10:38 - 00000000 ____D C:\Users\Owner\Local Settings\{7EAFACE8-2685-4C09-8E33-647445D677C2}
2012-04-20 10:38 - 2012-04-20 10:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{7EAFACE8-2685-4C09-8E33-647445D677C2}
2012-04-20 10:38 - 2012-04-20 10:38 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{7EAFACE8-2685-4C09-8E33-647445D677C2}
2012-04-20 10:38 - 2012-04-20 10:38 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{7EAFACE8-2685-4C09-8E33-647445D677C2}
2012-04-20 10:38 - 2012-04-20 10:38 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{7EAFACE8-2685-4C09-8E33-647445D677C2}
2012-04-20 10:38 - 2012-04-20 10:37 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B107E34F-BB37-4B05-AEB6-B08A8D987BE4}
2012-04-20 10:38 - 2012-04-20 10:37 - 00000000 ____D C:\Users\Owner\Local Settings\{B107E34F-BB37-4B05-AEB6-B08A8D987BE4}
2012-04-20 10:38 - 2012-04-20 10:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{B107E34F-BB37-4B05-AEB6-B08A8D987BE4}
2012-04-20 10:38 - 2012-04-20 10:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B107E34F-BB37-4B05-AEB6-B08A8D987BE4}
2012-04-20 10:38 - 2012-04-20 10:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B107E34F-BB37-4B05-AEB6-B08A8D987BE4}
2012-04-20 10:38 - 2012-04-20 10:37 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B107E34F-BB37-4B05-AEB6-B08A8D987BE4}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{A3323E2A-0FBB-494F-A001-F5432F9F9ABF}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{020624D7-6046-4238-AEA1-558DEE37EC81}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Users\Owner\Local Settings\{A3323E2A-0FBB-494F-A001-F5432F9F9ABF}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Users\Owner\Local Settings\{020624D7-6046-4238-AEA1-558DEE37EC81}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{A3323E2A-0FBB-494F-A001-F5432F9F9ABF}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{020624D7-6046-4238-AEA1-558DEE37EC81}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{A3323E2A-0FBB-494F-A001-F5432F9F9ABF}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{020624D7-6046-4238-AEA1-558DEE37EC81}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{A3323E2A-0FBB-494F-A001-F5432F9F9ABF}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{020624D7-6046-4238-AEA1-558DEE37EC81}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{A3323E2A-0FBB-494F-A001-F5432F9F9ABF}
2012-04-19 17:10 - 2012-04-19 17:10 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{020624D7-6046-4238-AEA1-558DEE37EC81}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{CFD6F7C9-B1A3-42D3-8236-A898BE6B0916}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B79D991F-AD0C-486A-B221-FCF641A02DA2}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Users\Owner\Local Settings\{CFD6F7C9-B1A3-42D3-8236-A898BE6B0916}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Users\Owner\Local Settings\{B79D991F-AD0C-486A-B221-FCF641A02DA2}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{CFD6F7C9-B1A3-42D3-8236-A898BE6B0916}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{B79D991F-AD0C-486A-B221-FCF641A02DA2}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{CFD6F7C9-B1A3-42D3-8236-A898BE6B0916}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B79D991F-AD0C-486A-B221-FCF641A02DA2}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{CFD6F7C9-B1A3-42D3-8236-A898BE6B0916}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B79D991F-AD0C-486A-B221-FCF641A02DA2}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{CFD6F7C9-B1A3-42D3-8236-A898BE6B0916}
2012-04-19 09:11 - 2012-04-19 09:11 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B79D991F-AD0C-486A-B221-FCF641A02DA2}
2012-04-18 07:17 - 2012-04-18 07:16 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{56AB6543-30C0-4CC2-B9BC-4BC3DDC4BED7}
2012-04-18 07:17 - 2012-04-18 07:16 - 00000000 ____D C:\Users\Owner\Local Settings\{56AB6543-30C0-4CC2-B9BC-4BC3DDC4BED7}
2012-04-18 07:17 - 2012-04-18 07:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{56AB6543-30C0-4CC2-B9BC-4BC3DDC4BED7}
2012-04-18 07:17 - 2012-04-18 07:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{56AB6543-30C0-4CC2-B9BC-4BC3DDC4BED7}
2012-04-18 07:17 - 2012-04-18 07:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{56AB6543-30C0-4CC2-B9BC-4BC3DDC4BED7}
2012-04-18 07:17 - 2012-04-18 07:16 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{56AB6543-30C0-4CC2-B9BC-4BC3DDC4BED7}
2012-04-18 07:16 - 2012-04-18 07:16 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{FDA1B6A9-A895-4673-8F86-C559790D054F}
2012-04-18 07:16 - 2012-04-18 07:16 - 00000000 ____D C:\Users\Owner\Local Settings\{FDA1B6A9-A895-4673-8F86-C559790D054F}
2012-04-18 07:16 - 2012-04-18 07:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{FDA1B6A9-A895-4673-8F86-C559790D054F}
2012-04-18 07:16 - 2012-04-18 07:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{FDA1B6A9-A895-4673-8F86-C559790D054F}
2012-04-18 07:16 - 2012-04-18 07:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{FDA1B6A9-A895-4673-8F86-C559790D054F}
2012-04-18 07:16 - 2012-04-18 07:16 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{FDA1B6A9-A895-4673-8F86-C559790D054F}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D73FECE7-CD5F-4F23-BE9C-A6970DD40D9F}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{330AAB7A-57D8-4C81-91BE-530582E82D98}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Users\Owner\Local Settings\{D73FECE7-CD5F-4F23-BE9C-A6970DD40D9F}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Users\Owner\Local Settings\{330AAB7A-57D8-4C81-91BE-530582E82D98}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{D73FECE7-CD5F-4F23-BE9C-A6970DD40D9F}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{330AAB7A-57D8-4C81-91BE-530582E82D98}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D73FECE7-CD5F-4F23-BE9C-A6970DD40D9F}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{330AAB7A-57D8-4C81-91BE-530582E82D98}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D73FECE7-CD5F-4F23-BE9C-A6970DD40D9F}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{330AAB7A-57D8-4C81-91BE-530582E82D98}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D73FECE7-CD5F-4F23-BE9C-A6970DD40D9F}
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{330AAB7A-57D8-4C81-91BE-530582E82D98}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6E504C55-3CE9-44B7-ACAB-BCFD51A3882A}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{268ABAF6-31B7-4D54-9430-F814FC48BA56}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Users\Owner\Local Settings\{6E504C55-3CE9-44B7-ACAB-BCFD51A3882A}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Users\Owner\Local Settings\{268ABAF6-31B7-4D54-9430-F814FC48BA56}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{6E504C55-3CE9-44B7-ACAB-BCFD51A3882A}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{268ABAF6-31B7-4D54-9430-F814FC48BA56}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6E504C55-3CE9-44B7-ACAB-BCFD51A3882A}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{268ABAF6-31B7-4D54-9430-F814FC48BA56}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6E504C55-3CE9-44B7-ACAB-BCFD51A3882A}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{268ABAF6-31B7-4D54-9430-F814FC48BA56}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6E504C55-3CE9-44B7-ACAB-BCFD51A3882A}
2012-04-16 07:57 - 2012-04-16 07:57 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{268ABAF6-31B7-4D54-9430-F814FC48BA56}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{C17E8FB6-6778-48A1-AF4D-B17FCFDB40EC}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{1ACB00A6-02D2-4AA3-BCBC-C41B37659DF0}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Users\Owner\Local Settings\{C17E8FB6-6778-48A1-AF4D-B17FCFDB40EC}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Users\Owner\Local Settings\{1ACB00A6-02D2-4AA3-BCBC-C41B37659DF0}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{C17E8FB6-6778-48A1-AF4D-B17FCFDB40EC}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{1ACB00A6-02D2-4AA3-BCBC-C41B37659DF0}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{C17E8FB6-6778-48A1-AF4D-B17FCFDB40EC}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{1ACB00A6-02D2-4AA3-BCBC-C41B37659DF0}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{C17E8FB6-6778-48A1-AF4D-B17FCFDB40EC}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{1ACB00A6-02D2-4AA3-BCBC-C41B37659DF0}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{C17E8FB6-6778-48A1-AF4D-B17FCFDB40EC}
2012-04-15 06:16 - 2012-04-15 06:16 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{1ACB00A6-02D2-4AA3-BCBC-C41B37659DF0}
2012-04-13 06:53 - 2012-04-13 06:53 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{E4A954AB-ECFB-4E37-8EA5-5B5FFB0EEBA9}
2012-04-13 06:53 - 2012-04-13 06:53 - 00000000 ____D C:\Users\Owner\Local Settings\{E4A954AB-ECFB-4E37-8EA5-5B5FFB0EEBA9}
2012-04-13 06:53 - 2012-04-13 06:53 - 00000000 ____D C:\Users\Owner\AppData\Local\{E4A954AB-ECFB-4E37-8EA5-5B5FFB0EEBA9}
2012-04-13 06:53 - 2012-04-13 06:53 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{E4A954AB-ECFB-4E37-8EA5-5B5FFB0EEBA9}
2012-04-13 06:53 - 2012-04-13 06:53 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{E4A954AB-ECFB-4E37-8EA5-5B5FFB0EEBA9}
2012-04-13 06:53 - 2012-04-13 06:53 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{E4A954AB-ECFB-4E37-8EA5-5B5FFB0EEBA9}
2012-04-13 06:52 - 2012-04-13 06:52 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8B987EDA-C3F4-47B4-B9DA-F5FB0C0605C1}
2012-04-13 06:52 - 2012-04-13 06:52 - 00000000 ____D C:\Users\Owner\Local Settings\{8B987EDA-C3F4-47B4-B9DA-F5FB0C0605C1}
2012-04-13 06:52 - 2012-04-13 06:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{8B987EDA-C3F4-47B4-B9DA-F5FB0C0605C1}
2012-04-13 06:52 - 2012-04-13 06:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{8B987EDA-C3F4-47B4-B9DA-F5FB0C0605C1}
2012-04-13 06:52 - 2012-04-13 06:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{8B987EDA-C3F4-47B4-B9DA-F5FB0C0605C1}
2012-04-13 06:52 - 2012-04-13 06:52 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{8B987EDA-C3F4-47B4-B9DA-F5FB0C0605C1}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{43543CA4-1B35-4706-B89D-017E46E0F1A8}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3FF812CA-1616-4BD6-9541-896ED6D60817}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Users\Owner\Local Settings\{43543CA4-1B35-4706-B89D-017E46E0F1A8}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Users\Owner\Local Settings\{3FF812CA-1616-4BD6-9541-896ED6D60817}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{43543CA4-1B35-4706-B89D-017E46E0F1A8}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{3FF812CA-1616-4BD6-9541-896ED6D60817}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{43543CA4-1B35-4706-B89D-017E46E0F1A8}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{3FF812CA-1616-4BD6-9541-896ED6D60817}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{43543CA4-1B35-4706-B89D-017E46E0F1A8}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{3FF812CA-1616-4BD6-9541-896ED6D60817}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{43543CA4-1B35-4706-B89D-017E46E0F1A8}
2012-04-12 08:16 - 2012-04-12 08:16 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{3FF812CA-1616-4BD6-9541-896ED6D60817}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{93C33C59-EF13-4DB1-B9BC-F8885C024E69}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{40CFDB95-1FA4-4B2D-9CFB-0A8EE3FA140E}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Users\Owner\Local Settings\{93C33C59-EF13-4DB1-B9BC-F8885C024E69}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Users\Owner\Local Settings\{40CFDB95-1FA4-4B2D-9CFB-0A8EE3FA140E}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{93C33C59-EF13-4DB1-B9BC-F8885C024E69}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{40CFDB95-1FA4-4B2D-9CFB-0A8EE3FA140E}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{93C33C59-EF13-4DB1-B9BC-F8885C024E69}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{40CFDB95-1FA4-4B2D-9CFB-0A8EE3FA140E}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{93C33C59-EF13-4DB1-B9BC-F8885C024E69}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{40CFDB95-1FA4-4B2D-9CFB-0A8EE3FA140E}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{93C33C59-EF13-4DB1-B9BC-F8885C024E69}
2012-04-12 07:41 - 2012-04-12 07:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{40CFDB95-1FA4-4B2D-9CFB-0A8EE3FA140E}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{96782D74-EDC8-429E-92EB-83A445C4DA30}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{2E70917E-AE70-476C-913A-F27A8B3EAA73}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Users\Owner\Local Settings\{96782D74-EDC8-429E-92EB-83A445C4DA30}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Users\Owner\Local Settings\{2E70917E-AE70-476C-913A-F27A8B3EAA73}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{96782D74-EDC8-429E-92EB-83A445C4DA30}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{2E70917E-AE70-476C-913A-F27A8B3EAA73}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{96782D74-EDC8-429E-92EB-83A445C4DA30}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{2E70917E-AE70-476C-913A-F27A8B3EAA73}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{96782D74-EDC8-429E-92EB-83A445C4DA30}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{2E70917E-AE70-476C-913A-F27A8B3EAA73}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{96782D74-EDC8-429E-92EB-83A445C4DA30}
2012-04-11 06:52 - 2012-04-11 06:52 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{2E70917E-AE70-476C-913A-F27A8B3EAA73}
2012-04-10 07:23 - 2012-04-10 07:22 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0D4A886B-A37F-4749-BF79-C507F042F009}
2012-04-10 07:23 - 2012-04-10 07:22 - 00000000 ____D C:\Users\Owner\Local Settings\{0D4A886B-A37F-4749-BF79-C507F042F009}
2012-04-10 07:23 - 2012-04-10 07:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{0D4A886B-A37F-4749-BF79-C507F042F009}
2012-04-10 07:23 - 2012-04-10 07:22 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{0D4A886B-A37F-4749-BF79-C507F042F009}
2012-04-10 07:23 - 2012-04-10 07:22 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{0D4A886B-A37F-4749-BF79-C507F042F009}
2012-04-10 07:23 - 2012-04-10 07:22 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{0D4A886B-A37F-4749-BF79-C507F042F009}
2012-04-09 07:11 - 2012-04-09 07:11 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{C5CEE533-D313-4C91-9CBA-F02B7D389F5C}
2012-04-09 07:11 - 2012-04-09 07:11 - 00000000 ____D C:\Users\Owner\Local Settings\{C5CEE533-D313-4C91-9CBA-F02B7D389F5C}
2012-04-09 07:11 - 2012-04-09 07:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{C5CEE533-D313-4C91-9CBA-F02B7D389F5C}
2012-04-09 07:11 - 2012-04-09 07:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{C5CEE533-D313-4C91-9CBA-F02B7D389F5C}
2012-04-09 07:11 - 2012-04-09 07:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{C5CEE533-D313-4C91-9CBA-F02B7D389F5C}
2012-04-09 07:11 - 2012-04-09 07:11 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{C5CEE533-D313-4C91-9CBA-F02B7D389F5C}
2012-04-08 11:10 - 2012-04-08 11:10 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6EBEC9C5-177F-4709-9575-6D90F9771C8B}
2012-04-08 11:10 - 2012-04-08 11:10 - 00000000 ____D C:\Users\Owner\Local Settings\{6EBEC9C5-177F-4709-9575-6D90F9771C8B}
2012-04-08 11:10 - 2012-04-08 11:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{6EBEC9C5-177F-4709-9575-6D90F9771C8B}
2012-04-08 11:10 - 2012-04-08 11:10 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6EBEC9C5-177F-4709-9575-6D90F9771C8B}
2012-04-08 11:10 - 2012-04-08 11:10 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6EBEC9C5-177F-4709-9575-6D90F9771C8B}
2012-04-08 11:10 - 2012-04-08 11:10 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6EBEC9C5-177F-4709-9575-6D90F9771C8B}
2012-04-07 10:44 - 2012-04-07 10:44 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{2A36069C-98C7-4C6B-A80D-E85F5FBA999A}
2012-04-07 10:44 - 2012-04-07 10:44 - 00000000 ____D C:\Users\Owner\Local Settings\{2A36069C-98C7-4C6B-A80D-E85F5FBA999A}
2012-04-07 10:44 - 2012-04-07 10:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{2A36069C-98C7-4C6B-A80D-E85F5FBA999A}
2012-04-07 10:44 - 2012-04-07 10:44 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{2A36069C-98C7-4C6B-A80D-E85F5FBA999A}
2012-04-07 10:44 - 2012-04-07 10:44 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{2A36069C-98C7-4C6B-A80D-E85F5FBA999A}
2012-04-07 10:44 - 2012-04-07 10:44 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{2A36069C-98C7-4C6B-A80D-E85F5FBA999A}
2012-04-07 10:43 - 2012-04-07 10:43 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{06EF9D8C-71A3-4971-91CD-AF4D81E8CB01}
2012-04-07 10:43 - 2012-04-07 10:43 - 00000000 ____D C:\Users\Owner\Local Settings\{06EF9D8C-71A3-4971-91CD-AF4D81E8CB01}
2012-04-07 10:43 - 2012-04-07 10:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{06EF9D8C-71A3-4971-91CD-AF4D81E8CB01}
2012-04-07 10:43 - 2012-04-07 10:43 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{06EF9D8C-71A3-4971-91CD-AF4D81E8CB01}
2012-04-07 10:43 - 2012-04-07 10:43 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{06EF9D8C-71A3-4971-91CD-AF4D81E8CB01}
2012-04-07 10:43 - 2012-04-07 10:43 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{06EF9D8C-71A3-4971-91CD-AF4D81E8CB01}
2012-04-06 12:23 - 2012-04-06 12:23 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{EE790968-4E89-414D-9BE5-B5933D0E45BE}
2012-04-06 12:23 - 2012-04-06 12:23 - 00000000 ____D C:\Users\Owner\Local Settings\{EE790968-4E89-414D-9BE5-B5933D0E45BE}
2012-04-06 12:23 - 2012-04-06 12:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{EE790968-4E89-414D-9BE5-B5933D0E45BE}
2012-04-06 12:23 - 2012-04-06 12:23 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{EE790968-4E89-414D-9BE5-B5933D0E45BE}
2012-04-06 12:23 - 2012-04-06 12:23 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{EE790968-4E89-414D-9BE5-B5933D0E45BE}
2012-04-06 12:23 - 2012-04-06 12:23 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{EE790968-4E89-414D-9BE5-B5933D0E45BE}
2012-04-06 12:05 - 2012-04-06 12:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{100DF559-14BF-40BD-8601-F8BB0E630578}
2012-04-06 12:05 - 2012-04-06 12:04 - 00000000 ____D C:\Users\Owner\Local Settings\{100DF559-14BF-40BD-8601-F8BB0E630578}
2012-04-06 12:05 - 2012-04-06 12:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{100DF559-14BF-40BD-8601-F8BB0E630578}
2012-04-06 12:05 - 2012-04-06 12:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{100DF559-14BF-40BD-8601-F8BB0E630578}
2012-04-06 12:05 - 2012-04-06 12:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{100DF559-14BF-40BD-8601-F8BB0E630578}
2012-04-06 12:05 - 2012-04-06 12:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{100DF559-14BF-40BD-8601-F8BB0E630578}
2012-04-06 12:03 - 2012-04-06 12:03 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{BDD3CE37-96EB-4CB5-A5AA-18088EC7EB5D}
2012-04-06 12:03 - 2012-04-06 12:03 - 00000000 ____D C:\Users\Owner\Local Settings\{BDD3CE37-96EB-4CB5-A5AA-18088EC7EB5D}
2012-04-06 12:03 - 2012-04-06 12:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{BDD3CE37-96EB-4CB5-A5AA-18088EC7EB5D}
2012-04-06 12:03 - 2012-04-06 12:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{BDD3CE37-96EB-4CB5-A5AA-18088EC7EB5D}
2012-04-06 12:03 - 2012-04-06 12:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{BDD3CE37-96EB-4CB5-A5AA-18088EC7EB5D}
2012-04-06 12:03 - 2012-04-06 12:03 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{BDD3CE37-96EB-4CB5-A5AA-18088EC7EB5D}
2012-04-05 11:59 - 2012-04-05 11:59 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F76069C2-F158-4BEB-B09A-12EC1EB98085}
2012-04-05 11:59 - 2012-04-05 11:59 - 00000000 ____D C:\Users\Owner\Local Settings\{F76069C2-F158-4BEB-B09A-12EC1EB98085}
2012-04-05 11:59 - 2012-04-05 11:59 - 00000000 ____D C:\Users\Owner\AppData\Local\{F76069C2-F158-4BEB-B09A-12EC1EB98085}
2012-04-05 11:59 - 2012-04-05 11:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F76069C2-F158-4BEB-B09A-12EC1EB98085}
2012-04-05 11:59 - 2012-04-05 11:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F76069C2-F158-4BEB-B09A-12EC1EB98085}
2012-04-05 11:59 - 2012-04-05 11:59 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F76069C2-F158-4BEB-B09A-12EC1EB98085}
2012-04-04 15:11 - 2012-04-04 15:11 - 01543418 ____A C:\Users\Owner\Downloads\m-t0627-03582-00476.jpg
2012-04-04 15:11 - 2012-04-04 15:11 - 01543418 ____A C:\Documents and Settings\Owner\Downloads\m-t0627-03582-00476.jpg
2012-04-04 11:56 - 2012-05-26 17:28 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 08:12 - 2012-04-04 08:11 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{2DF5F3B9-C59F-47F3-9E43-B12A2E914F9B}
2012-04-04 08:12 - 2012-04-04 08:11 - 00000000 ____D C:\Users\Owner\Local Settings\{2DF5F3B9-C59F-47F3-9E43-B12A2E914F9B}
2012-04-04 08:12 - 2012-04-04 08:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{2DF5F3B9-C59F-47F3-9E43-B12A2E914F9B}
2012-04-04 08:12 - 2012-04-04 08:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{2DF5F3B9-C59F-47F3-9E43-B12A2E914F9B}
2012-04-04 08:12 - 2012-04-04 08:11 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{2DF5F3B9-C59F-47F3-9E43-B12A2E914F9B}
2012-04-04 08:12 - 2012-04-04 08:11 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{2DF5F3B9-C59F-47F3-9E43-B12A2E914F9B}
2012-04-03 06:04 - 2012-04-03 06:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{BC90D429-042B-4BEF-89F8-60247912620F}
2012-04-03 06:04 - 2012-04-03 06:04 - 00000000 ____D C:\Users\Owner\Local Settings\{BC90D429-042B-4BEF-89F8-60247912620F}
2012-04-03 06:04 - 2012-04-03 06:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{BC90D429-042B-4BEF-89F8-60247912620F}
2012-04-03 06:04 - 2012-04-03 06:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{BC90D429-042B-4BEF-89F8-60247912620F}
2012-04-03 06:04 - 2012-04-03 06:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{BC90D429-042B-4BEF-89F8-60247912620F}
2012-04-03 06:04 - 2012-04-03 06:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{BC90D429-042B-4BEF-89F8-60247912620F}
2012-04-03 00:16 - 2012-05-10 07:10 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-03 00:16 - 2012-05-10 07:10 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-02 15:02 - 2012-02-18 16:22 - 00015108 ____A C:\Users\Owner\My Documents\tllvr.docx
2012-04-02 15:02 - 2012-02-18 16:22 - 00015108 ____A C:\Users\Owner\Documents\tllvr.docx
2012-04-02 15:02 - 2012-02-18 16:22 - 00015108 ____A C:\Documents and Settings\Owner\My Documents\tllvr.docx
2012-04-02 15:02 - 2012-02-18 16:22 - 00015108 ____A C:\Documents and Settings\Owner\Documents\tllvr.docx
2012-04-02 08:44 - 2012-04-02 08:44 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{1ACD5E9E-971E-4777-BA98-9F805E319A40}
2012-04-02 08:44 - 2012-04-02 08:44 - 00000000 ____D C:\Users\Owner\Local Settings\{1ACD5E9E-971E-4777-BA98-9F805E319A40}
2012-04-02 08:44 - 2012-04-02 08:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{1ACD5E9E-971E-4777-BA98-9F805E319A40}
2012-04-02 08:44 - 2012-04-02 08:44 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{1ACD5E9E-971E-4777-BA98-9F805E319A40}
2012-04-02 08:44 - 2012-04-02 08:44 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{1ACD5E9E-971E-4777-BA98-9F805E319A40}
2012-04-02 08:44 - 2012-04-02 08:44 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{1ACD5E9E-971E-4777-BA98-9F805E319A40}
2012-04-02 05:36 - 2012-05-10 07:10 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-01 16:33 - 2012-04-01 16:33 - 00014210 ____A C:\Users\Owner\My Documents\Tieraentresume.docx
2012-04-01 16:33 - 2012-04-01 16:33 - 00014210 ____A C:\Users\Owner\Documents\Tieraentresume.docx
2012-04-01 16:33 - 2012-04-01 16:33 - 00014210 ____A C:\Documents and Settings\Owner\My Documents\Tieraentresume.docx
2012-04-01 16:33 - 2012-04-01 16:33 - 00014210 ____A C:\Documents and Settings\Owner\Documents\Tieraentresume.docx
2012-04-01 16:32 - 2012-04-01 13:48 - 00012449 ____A C:\Users\Owner\My Documents\Tieracoverent.docx
2012-04-01 16:32 - 2012-04-01 13:48 - 00012449 ____A C:\Users\Owner\Documents\Tieracoverent.docx
2012-04-01 16:32 - 2012-04-01 13:48 - 00012449 ____A C:\Documents and Settings\Owner\My Documents\Tieracoverent.docx
2012-04-01 16:32 - 2012-04-01 13:48 - 00012449 ____A C:\Documents and Settings\Owner\Documents\Tieracoverent.docx
2012-04-01 07:58 - 2012-04-01 07:58 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{2526A71C-7D07-4ACB-A01B-763FCBC7A5D3}
2012-04-01 07:58 - 2012-04-01 07:58 - 00000000 ____D C:\Users\Owner\Local Settings\{2526A71C-7D07-4ACB-A01B-763FCBC7A5D3}
2012-04-01 07:58 - 2012-04-01 07:58 - 00000000 ____D C:\Users\Owner\AppData\Local\{2526A71C-7D07-4ACB-A01B-763FCBC7A5D3}
2012-04-01 07:58 - 2012-04-01 07:58 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{2526A71C-7D07-4ACB-A01B-763FCBC7A5D3}
2012-04-01 07:58 - 2012-04-01 07:58 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{2526A71C-7D07-4ACB-A01B-763FCBC7A5D3}
2012-04-01 07:58 - 2012-04-01 07:58 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{2526A71C-7D07-4ACB-A01B-763FCBC7A5D3}
2012-03-31 10:05 - 2012-03-31 10:04 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3851A78A-D383-4C17-B51E-869415F344F7}
2012-03-31 10:05 - 2012-03-31 10:04 - 00000000 ____D C:\Users\Owner\Local Settings\{3851A78A-D383-4C17-B51E-869415F344F7}
2012-03-31 10:05 - 2012-03-31 10:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{3851A78A-D383-4C17-B51E-869415F344F7}
2012-03-31 10:05 - 2012-03-31 10:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{3851A78A-D383-4C17-B51E-869415F344F7}
2012-03-31 10:05 - 2012-03-31 10:04 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{3851A78A-D383-4C17-B51E-869415F344F7}
2012-03-31 10:05 - 2012-03-31 10:04 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{3851A78A-D383-4C17-B51E-869415F344F7}
2012-03-30 08:35 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2012-03-30 08:26 - 2012-03-30 08:26 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{7968860D-A214-4DC3-8983-BB2E0FF391AD}
2012-03-30 08:26 - 2012-03-30 08:26 - 00000000 ____D C:\Users\Owner\Local Settings\{7968860D-A214-4DC3-8983-BB2E0FF391AD}
2012-03-30 08:26 - 2012-03-30 08:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{7968860D-A214-4DC3-8983-BB2E0FF391AD}
2012-03-30 08:26 - 2012-03-30 08:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{7968860D-A214-4DC3-8983-BB2E0FF391AD}
2012-03-30 08:26 - 2012-03-30 08:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{7968860D-A214-4DC3-8983-BB2E0FF391AD}
2012-03-30 08:26 - 2012-03-30 08:26 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{7968860D-A214-4DC3-8983-BB2E0FF391AD}
2012-03-30 04:39 - 2012-05-10 07:11 - 00905600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 05:30 - 2012-03-29 05:29 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{4A206066-B0CC-4D0F-9893-D4C3A3A22C54}
2012-03-29 05:30 - 2012-03-29 05:29 - 00000000 ____D C:\Users\Owner\Local Settings\{4A206066-B0CC-4D0F-9893-D4C3A3A22C54}
2012-03-29 05:30 - 2012-03-29 05:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{4A206066-B0CC-4D0F-9893-D4C3A3A22C54}
2012-03-29 05:30 - 2012-03-29 05:29 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{4A206066-B0CC-4D0F-9893-D4C3A3A22C54}
2012-03-29 05:30 - 2012-03-29 05:29 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{4A206066-B0CC-4D0F-9893-D4C3A3A22C54}
2012-03-29 05:30 - 2012-03-29 05:29 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{4A206066-B0CC-4D0F-9893-D4C3A3A22C54}
2012-03-28 06:20 - 2012-03-28 06:20 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{50A38BD8-4088-494B-98AE-6030CFFCCFB5}
2012-03-28 06:20 - 2012-03-28 06:20 - 00000000 ____D C:\Users\Owner\Local Settings\{50A38BD8-4088-494B-98AE-6030CFFCCFB5}
2012-03-28 06:20 - 2012-03-28 06:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{50A38BD8-4088-494B-98AE-6030CFFCCFB5}
2012-03-28 06:20 - 2012-03-28 06:20 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{50A38BD8-4088-494B-98AE-6030CFFCCFB5}
2012-03-28 06:20 - 2012-03-28 06:20 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{50A38BD8-4088-494B-98AE-6030CFFCCFB5}
2012-03-28 06:20 - 2012-03-28 06:20 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{50A38BD8-4088-494B-98AE-6030CFFCCFB5}
2012-03-28 06:19 - 2012-03-28 06:19 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{34B88ED2-E64E-4476-8739-D712A970D914}
2012-03-28 06:19 - 2012-03-28 06:19 - 00000000 ____D C:\Users\Owner\Local Settings\{34B88ED2-E64E-4476-8739-D712A970D914}
2012-03-28 06:19 - 2012-03-28 06:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{34B88ED2-E64E-4476-8739-D712A970D914}
2012-03-28 06:19 - 2012-03-28 06:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{34B88ED2-E64E-4476-8739-D712A970D914}
2012-03-28 06:19 - 2012-03-28 06:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{34B88ED2-E64E-4476-8739-D712A970D914}
2012-03-28 06:19 - 2012-03-28 06:19 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{34B88ED2-E64E-4476-8739-D712A970D914}
2012-03-27 06:50 - 2012-03-27 06:50 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{516D9274-E980-4BBA-B906-3B0880BB19F3}
2012-03-27 06:50 - 2012-03-27 06:50 - 00000000 ____D C:\Users\Owner\Local Settings\{516D9274-E980-4BBA-B906-3B0880BB19F3}
2012-03-27 06:50 - 2012-03-27 06:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{516D9274-E980-4BBA-B906-3B0880BB19F3}
2012-03-27 06:50 - 2012-03-27 06:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{516D9274-E980-4BBA-B906-3B0880BB19F3}
2012-03-27 06:50 - 2012-03-27 06:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{516D9274-E980-4BBA-B906-3B0880BB19F3}
2012-03-27 06:50 - 2012-03-27 06:50 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{516D9274-E980-4BBA-B906-3B0880BB19F3}
2012-03-27 06:49 - 2012-03-27 06:49 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{7A4BDEB9-3090-4DFF-A9D5-93EBE0269863}
2012-03-27 06:49 - 2012-03-27 06:49 - 00000000 ____D C:\Users\Owner\Local Settings\{7A4BDEB9-3090-4DFF-A9D5-93EBE0269863}
2012-03-27 06:49 - 2012-03-27 06:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{7A4BDEB9-3090-4DFF-A9D5-93EBE0269863}
2012-03-27 06:49 - 2012-03-27 06:49 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{7A4BDEB9-3090-4DFF-A9D5-93EBE0269863}
2012-03-27 06:49 - 2012-03-27 06:49 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{7A4BDEB9-3090-4DFF-A9D5-93EBE0269863}
2012-03-27 06:49 - 2012-03-27 06:49 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{7A4BDEB9-3090-4DFF-A9D5-93EBE0269863}
2012-03-26 06:41 - 2012-03-26 06:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B6401960-5ED8-42F3-B88D-C5B8EA1F9FD2}
2012-03-26 06:41 - 2012-03-26 06:41 - 00000000 ____D C:\Users\Owner\Local Settings\{B6401960-5ED8-42F3-B88D-C5B8EA1F9FD2}
2012-03-26 06:41 - 2012-03-26 06:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{B6401960-5ED8-42F3-B88D-C5B8EA1F9FD2}
2012-03-26 06:41 - 2012-03-26 06:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B6401960-5ED8-42F3-B88D-C5B8EA1F9FD2}
2012-03-26 06:41 - 2012-03-26 06:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B6401960-5ED8-42F3-B88D-C5B8EA1F9FD2}
2012-03-26 06:41 - 2012-03-26 06:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B6401960-5ED8-42F3-B88D-C5B8EA1F9FD2}
2012-03-26 06:40 - 2012-03-26 06:39 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{C7CBB42D-FA77-4DB0-8044-09537DFA44FD}
2012-03-26 06:40 - 2012-03-26 06:39 - 00000000 ____D C:\Users\Owner\Local Settings\{C7CBB42D-FA77-4DB0-8044-09537DFA44FD}
2012-03-26 06:40 - 2012-03-26 06:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{C7CBB42D-FA77-4DB0-8044-09537DFA44FD}
2012-03-26 06:40 - 2012-03-26 06:39 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{C7CBB42D-FA77-4DB0-8044-09537DFA44FD}
2012-03-26 06:40 - 2012-03-26 06:39 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{C7CBB42D-FA77-4DB0-8044-09537DFA44FD}
2012-03-26 06:40 - 2012-03-26 06:39 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{C7CBB42D-FA77-4DB0-8044-09537DFA44FD}
2012-03-25 08:32 - 2012-03-25 08:32 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{5158C367-5AFD-4E85-9FB9-E616C149EF07}
2012-03-25 08:32 - 2012-03-25 08:32 - 00000000 ____D C:\Users\Owner\Local Settings\{5158C367-5AFD-4E85-9FB9-E616C149EF07}
2012-03-25 08:32 - 2012-03-25 08:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{5158C367-5AFD-4E85-9FB9-E616C149EF07}
2012-03-25 08:32 - 2012-03-25 08:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{5158C367-5AFD-4E85-9FB9-E616C149EF07}
2012-03-25 08:32 - 2012-03-25 08:32 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{5158C367-5AFD-4E85-9FB9-E616C149EF07}
2012-03-25 08:32 - 2012-03-25 08:32 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{5158C367-5AFD-4E85-9FB9-E616C149EF07}
2012-03-25 08:31 - 2012-03-25 08:31 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F9A1A389-D12C-479D-B73E-04E196CAB368}
2012-03-25 08:31 - 2012-03-25 08:31 - 00000000 ____D C:\Users\Owner\Local Settings\{F9A1A389-D12C-479D-B73E-04E196CAB368}
2012-03-25 08:31 - 2012-03-25 08:31 - 00000000 ____D C:\Users\Owner\AppData\Local\{F9A1A389-D12C-479D-B73E-04E196CAB368}
2012-03-25 08:31 - 2012-03-25 08:31 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F9A1A389-D12C-479D-B73E-04E196CAB368}
2012-03-25 08:31 - 2012-03-25 08:31 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F9A1A389-D12C-479D-B73E-04E196CAB368}
2012-03-25 08:31 - 2012-03-25 08:31 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F9A1A389-D12C-479D-B73E-04E196CAB368}
2012-03-24 05:54 - 2012-03-24 05:54 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{E0460815-F651-48A3-91C1-65B9C590EE75}
2012-03-24 05:54 - 2012-03-24 05:54 - 00000000 ____D C:\Users\Owner\Local Settings\{E0460815-F651-48A3-91C1-65B9C590EE75}
2012-03-24 05:54 - 2012-03-24 05:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{E0460815-F651-48A3-91C1-65B9C590EE75}
2012-03-24 05:54 - 2012-03-24 05:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{E0460815-F651-48A3-91C1-65B9C590EE75}
2012-03-24 05:54 - 2012-03-24 05:54 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{E0460815-F651-48A3-91C1-65B9C590EE75}
2012-03-24 05:54 - 2012-03-24 05:54 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{E0460815-F651-48A3-91C1-65B9C590EE75}
2012-03-24 05:52 - 2012-03-24 05:52 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{45D185D5-846D-4C47-B935-23B935A0AEFD}
2012-03-24 05:52 - 2012-03-24 05:52 - 00000000 ____D C:\Users\Owner\Local Settings\{45D185D5-846D-4C47-B935-23B935A0AEFD}
2012-03-24 05:52 - 2012-03-24 05:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{45D185D5-846D-4C47-B935-23B935A0AEFD}
2012-03-24 05:52 - 2012-03-24 05:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{45D185D5-846D-4C47-B935-23B935A0AEFD}
2012-03-24 05:52 - 2012-03-24 05:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{45D185D5-846D-4C47-B935-23B935A0AEFD}
2012-03-24 05:52 - 2012-03-24 05:52 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{45D185D5-846D-4C47-B935-23B935A0AEFD}
2012-03-23 07:20 - 2012-03-23 07:20 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{7E39C5CC-3777-43D5-911D-F2461651E516}
2012-03-23 07:20 - 2012-03-23 07:20 - 00000000 ____D C:\Users\Owner\Local Settings\{7E39C5CC-3777-43D5-911D-F2461651E516}
2012-03-23 07:20 - 2012-03-23 07:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{7E39C5CC-3777-43D5-911D-F2461651E516}
2012-03-23 07:20 - 2012-03-23 07:20 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{7E39C5CC-3777-43D5-911D-F2461651E516}
2012-03-23 07:20 - 2012-03-23 07:20 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{7E39C5CC-3777-43D5-911D-F2461651E516}
2012-03-23 07:20 - 2012-03-23 07:20 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{7E39C5CC-3777-43D5-911D-F2461651E516}
2012-03-23 07:20 - 2012-03-23 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{A6B37FCF-394D-4506-A0FD-CDA6F9EEB664}
2012-03-23 07:20 - 2012-03-23 07:19 - 00000000 ____D C:\Users\Owner\Local Settings\{A6B37FCF-394D-4506-A0FD-CDA6F9EEB664}
2012-03-23 07:20 - 2012-03-23 07:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{A6B37FCF-394D-4506-A0FD-CDA6F9EEB664}
2012-03-23 07:20 - 2012-03-23 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{A6B37FCF-394D-4506-A0FD-CDA6F9EEB664}
2012-03-23 07:20 - 2012-03-23 07:19 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{A6B37FCF-394D-4506-A0FD-CDA6F9EEB664}
2012-03-23 07:20 - 2012-03-23 07:19 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{A6B37FCF-394D-4506-A0FD-CDA6F9EEB664}
2012-03-22 07:09 - 2012-03-22 07:09 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D4EAB1D3-3B25-494D-B5C0-D5070F4A8D20}
2012-03-22 07:09 - 2012-03-22 07:09 - 00000000 ____D C:\Users\Owner\Local Settings\{D4EAB1D3-3B25-494D-B5C0-D5070F4A8D20}
2012-03-22 07:09 - 2012-03-22 07:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{D4EAB1D3-3B25-494D-B5C0-D5070F4A8D20}
2012-03-22 07:09 - 2012-03-22 07:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D4EAB1D3-3B25-494D-B5C0-D5070F4A8D20}
2012-03-22 07:09 - 2012-03-22 07:09 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D4EAB1D3-3B25-494D-B5C0-D5070F4A8D20}
2012-03-22 07:09 - 2012-03-22 07:09 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D4EAB1D3-3B25-494D-B5C0-D5070F4A8D20}
2012-03-22 07:08 - 2012-03-22 07:08 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{66625D67-64CE-4E9C-A79D-2BC6B6BECF20}
2012-03-22 07:08 - 2012-03-22 07:08 - 00000000 ____D C:\Users\Owner\Local Settings\{66625D67-64CE-4E9C-A79D-2BC6B6BECF20}
2012-03-22 07:08 - 2012-03-22 07:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{66625D67-64CE-4E9C-A79D-2BC6B6BECF20}
2012-03-22 07:08 - 2012-03-22 07:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{66625D67-64CE-4E9C-A79D-2BC6B6BECF20}
2012-03-22 07:08 - 2012-03-22 07:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{66625D67-64CE-4E9C-A79D-2BC6B6BECF20}
2012-03-22 07:08 - 2012-03-22 07:08 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{66625D67-64CE-4E9C-A79D-2BC6B6BECF20}
2012-03-21 07:38 - 2012-03-21 07:38 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D04FBB03-BD9B-41AE-B8FA-522C24E60A8D}
2012-03-21 07:38 - 2012-03-21 07:38 - 00000000 ____D C:\Users\Owner\Local Settings\{D04FBB03-BD9B-41AE-B8FA-522C24E60A8D}
2012-03-21 07:38 - 2012-03-21 07:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{D04FBB03-BD9B-41AE-B8FA-522C24E60A8D}
2012-03-21 07:38 - 2012-03-21 07:38 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D04FBB03-BD9B-41AE-B8FA-522C24E60A8D}
2012-03-21 07:38 - 2012-03-21 07:38 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D04FBB03-BD9B-41AE-B8FA-522C24E60A8D}
2012-03-21 07:38 - 2012-03-21 07:38 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D04FBB03-BD9B-41AE-B8FA-522C24E60A8D}
2012-03-20 15:28 - 2012-05-10 07:11 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{292E26A4-7C54-4A1D-A7E7-B14980D9F7CE}
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{0C019B6B-37EA-4C9F-A7A5-043F22B641AB}
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Users\Owner\Local Settings\{292E26A4-7C54-4A1D-A7E7-B14980D9F7CE}
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Users\Owner\Local Settings\{0C019B6B-37EA-4C9F-A7A5-043F22B641AB}
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{292E26A4-7C54-4A1D-A7E7-B14980D9F7CE}
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{0C019B6B-37EA-4C9F-A7A5-043F22B641AB}
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{292E26A4-7C54-4A1D-A7E7-B14980D9F7CE}
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{0C019B6B-37EA-4C9F-A7A5-043F22B641AB}
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{292E26A4-7C54-4A1D-A7E7-B14980D9F7CE}
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{0C019B6B-37EA-4C9F-A7A5-043F22B641AB}
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{292E26A4-7C54-4A1D-A7E7-B14980D9F7CE}
2012-03-20 07:41 - 2012-03-20 07:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{0C019B6B-37EA-4C9F-A7A5-043F22B641AB}
2012-03-19 05:40 - 2012-03-19 05:40 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{A5DDE4E4-5E9D-4DF2-8E9B-86594EA82FFD}
2012-03-19 05:40 - 2012-03-19 05:40 - 00000000 ____D C:\Users\Owner\Local Settings\{A5DDE4E4-5E9D-4DF2-8E9B-86594EA82FFD}
2012-03-19 05:40 - 2012-03-19 05:40 - 00000000 ____D C:\Users\Owner\AppData\Local\{A5DDE4E4-5E9D-4DF2-8E9B-86594EA82FFD}
2012-03-19 05:40 - 2012-03-19 05:40 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{A5DDE4E4-5E9D-4DF2-8E9B-86594EA82FFD}
2012-03-19 05:40 - 2012-03-19 05:40 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{A5DDE4E4-5E9D-4DF2-8E9B-86594EA82FFD}
2012-03-19 05:40 - 2012-03-19 05:40 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{A5DDE4E4-5E9D-4DF2-8E9B-86594EA82FFD}
2012-03-19 05:39 - 2012-03-19 05:39 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F0BBC1D3-FDE0-4935-BA26-C691E8E363D4}
2012-03-19 05:39 - 2012-03-19 05:39 - 00000000 ____D C:\Users\Owner\Local Settings\{F0BBC1D3-FDE0-4935-BA26-C691E8E363D4}
2012-03-19 05:39 - 2012-03-19 05:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{F0BBC1D3-FDE0-4935-BA26-C691E8E363D4}
2012-03-19 05:39 - 2012-03-19 05:39 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F0BBC1D3-FDE0-4935-BA26-C691E8E363D4}
2012-03-19 05:39 - 2012-03-19 05:39 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F0BBC1D3-FDE0-4935-BA26-C691E8E363D4}
2012-03-19 05:39 - 2012-03-19 05:39 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F0BBC1D3-FDE0-4935-BA26-C691E8E363D4}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{77A32015-7460-4149-9E0C-F65479A92924}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{76CC2FFB-C943-4912-B80D-1D7D20C7DAC1}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Users\Owner\Local Settings\{77A32015-7460-4149-9E0C-F65479A92924}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Users\Owner\Local Settings\{76CC2FFB-C943-4912-B80D-1D7D20C7DAC1}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{77A32015-7460-4149-9E0C-F65479A92924}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{76CC2FFB-C943-4912-B80D-1D7D20C7DAC1}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{77A32015-7460-4149-9E0C-F65479A92924}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{76CC2FFB-C943-4912-B80D-1D7D20C7DAC1}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{77A32015-7460-4149-9E0C-F65479A92924}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{76CC2FFB-C943-4912-B80D-1D7D20C7DAC1}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{77A32015-7460-4149-9E0C-F65479A92924}
2012-03-18 07:20 - 2012-03-18 07:20 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{76CC2FFB-C943-4912-B80D-1D7D20C7DAC1}
2012-03-17 07:44 - 2012-03-17 07:44 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{F217F877-9695-4F0C-BB46-2DC506B5AB8F}
2012-03-17 07:44 - 2012-03-17 07:44 - 00000000 ____D C:\Users\Owner\Local Settings\{F217F877-9695-4F0C-BB46-2DC506B5AB8F}
2012-03-17 07:44 - 2012-03-17 07:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{F217F877-9695-4F0C-BB46-2DC506B5AB8F}
2012-03-17 07:44 - 2012-03-17 07:44 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{F217F877-9695-4F0C-BB46-2DC506B5AB8F}
2012-03-17 07:44 - 2012-03-17 07:44 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{F217F877-9695-4F0C-BB46-2DC506B5AB8F}
2012-03-17 07:44 - 2012-03-17 07:44 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{F217F877-9695-4F0C-BB46-2DC506B5AB8F}
2012-03-17 07:43 - 2012-03-17 07:43 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B652AF8B-1C2A-437A-9E31-859AD845B63F}
2012-03-17 07:43 - 2012-03-17 07:43 - 00000000 ____D C:\Users\Owner\Local Settings\{B652AF8B-1C2A-437A-9E31-859AD845B63F}
2012-03-17 07:43 - 2012-03-17 07:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{B652AF8B-1C2A-437A-9E31-859AD845B63F}
2012-03-17 07:43 - 2012-03-17 07:43 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B652AF8B-1C2A-437A-9E31-859AD845B63F}
2012-03-17 07:43 - 2012-03-17 07:43 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B652AF8B-1C2A-437A-9E31-859AD845B63F}
2012-03-17 07:43 - 2012-03-17 07:43 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B652AF8B-1C2A-437A-9E31-859AD845B63F}
2012-03-16 06:41 - 2012-03-16 06:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{E269CB7C-9F51-4955-B744-166239DF796C}
2012-03-16 06:41 - 2012-03-16 06:41 - 00000000 ____D C:\Users\Owner\Local Settings\{E269CB7C-9F51-4955-B744-166239DF796C}
2012-03-16 06:41 - 2012-03-16 06:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{E269CB7C-9F51-4955-B744-166239DF796C}
2012-03-16 06:41 - 2012-03-16 06:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{E269CB7C-9F51-4955-B744-166239DF796C}
2012-03-16 06:41 - 2012-03-16 06:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{E269CB7C-9F51-4955-B744-166239DF796C}
2012-03-16 06:41 - 2012-03-16 06:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{E269CB7C-9F51-4955-B744-166239DF796C}
2012-03-16 06:40 - 2012-03-16 06:39 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{D00DF68D-F175-4428-898A-1D0C8EBE305B}
2012-03-16 06:40 - 2012-03-16 06:39 - 00000000 ____D C:\Users\Owner\Local Settings\{D00DF68D-F175-4428-898A-1D0C8EBE305B}
2012-03-16 06:40 - 2012-03-16 06:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{D00DF68D-F175-4428-898A-1D0C8EBE305B}
2012-03-16 06:40 - 2012-03-16 06:39 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{D00DF68D-F175-4428-898A-1D0C8EBE305B}
2012-03-16 06:40 - 2012-03-16 06:39 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{D00DF68D-F175-4428-898A-1D0C8EBE305B}
2012-03-16 06:40 - 2012-03-16 06:39 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{D00DF68D-F175-4428-898A-1D0C8EBE305B}
2012-03-15 06:42 - 2012-03-15 06:42 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{B4FA781B-0F2B-4FB8-BB1C-5F9AE88DAB94}
2012-03-15 06:42 - 2012-03-15 06:42 - 00000000 ____D C:\Users\Owner\Local Settings\{B4FA781B-0F2B-4FB8-BB1C-5F9AE88DAB94}
2012-03-15 06:42 - 2012-03-15 06:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{B4FA781B-0F2B-4FB8-BB1C-5F9AE88DAB94}
2012-03-15 06:42 - 2012-03-15 06:42 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{B4FA781B-0F2B-4FB8-BB1C-5F9AE88DAB94}
2012-03-15 06:42 - 2012-03-15 06:42 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{B4FA781B-0F2B-4FB8-BB1C-5F9AE88DAB94}
2012-03-15 06:42 - 2012-03-15 06:42 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{B4FA781B-0F2B-4FB8-BB1C-5F9AE88DAB94}
2012-03-15 06:41 - 2012-03-15 06:41 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{48B907E2-DF4D-4F81-9294-51C4BB1DD397}
2012-03-15 06:41 - 2012-03-15 06:41 - 00000000 ____D C:\Users\Owner\Local Settings\{48B907E2-DF4D-4F81-9294-51C4BB1DD397}
2012-03-15 06:41 - 2012-03-15 06:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{48B907E2-DF4D-4F81-9294-51C4BB1DD397}
2012-03-15 06:41 - 2012-03-15 06:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{48B907E2-DF4D-4F81-9294-51C4BB1DD397}
2012-03-15 06:41 - 2012-03-15 06:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{48B907E2-DF4D-4F81-9294-51C4BB1DD397}
2012-03-15 06:41 - 2012-03-15 06:41 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{48B907E2-DF4D-4F81-9294-51C4BB1DD397}
2012-03-14 05:51 - 2012-03-14 05:51 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{3B56787E-4EF8-4148-9BC7-3ADAD14A6BB3}
2012-03-14 05:51 - 2012-03-14 05:51 - 00000000 ____D C:\Users\Owner\Local Settings\{3B56787E-4EF8-4148-9BC7-3ADAD14A6BB3}
2012-03-14 05:51 - 2012-03-14 05:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{3B56787E-4EF8-4148-9BC7-3ADAD14A6BB3}
2012-03-14 05:51 - 2012-03-14 05:51 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{3B56787E-4EF8-4148-9BC7-3ADAD14A6BB3}
2012-03-14 05:51 - 2012-03-14 05:51 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{3B56787E-4EF8-4148-9BC7-3ADAD14A6BB3}
2012-03-14 05:51 - 2012-03-14 05:51 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{3B56787E-4EF8-4148-9BC7-3ADAD14A6BB3}
2012-03-14 05:50 - 2012-03-14 05:50 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{C47C79E9-F3E9-4C5D-B519-F362546DAEA3}
2012-03-14 05:50 - 2012-03-14 05:50 - 00000000 ____D C:\Users\Owner\Local Settings\{C47C79E9-F3E9-4C5D-B519-F362546DAEA3}
2012-03-14 05:50 - 2012-03-14 05:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{C47C79E9-F3E9-4C5D-B519-F362546DAEA3}
2012-03-14 05:50 - 2012-03-14 05:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{C47C79E9-F3E9-4C5D-B519-F362546DAEA3}
2012-03-14 05:50 - 2012-03-14 05:50 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{C47C79E9-F3E9-4C5D-B519-F362546DAEA3}
2012-03-14 05:50 - 2012-03-14 05:50 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{C47C79E9-F3E9-4C5D-B519-F362546DAEA3}
2012-03-13 07:25 - 2012-03-13 07:24 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6BDC6E53-AAC9-44D7-AD0C-FB5C27BE8393}
2012-03-13 07:25 - 2012-03-13 07:24 - 00000000 ____D C:\Users\Owner\Local Settings\{6BDC6E53-AAC9-44D7-AD0C-FB5C27BE8393}
2012-03-13 07:25 - 2012-03-13 07:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{6BDC6E53-AAC9-44D7-AD0C-FB5C27BE8393}
2012-03-13 07:25 - 2012-03-13 07:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6BDC6E53-AAC9-44D7-AD0C-FB5C27BE8393}
2012-03-13 07:25 - 2012-03-13 07:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6BDC6E53-AAC9-44D7-AD0C-FB5C27BE8393}
2012-03-13 07:25 - 2012-03-13 07:24 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6BDC6E53-AAC9-44D7-AD0C-FB5C27BE8393}
2012-03-13 07:23 - 2012-03-13 07:23 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{529290BC-1BD4-464D-9717-B394AC6934BE}
2012-03-13 07:23 - 2012-03-13 07:23 - 00000000 ____D C:\Users\Owner\Local Settings\{529290BC-1BD4-464D-9717-B394AC6934BE}
2012-03-13 07:23 - 2012-03-13 07:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{529290BC-1BD4-464D-9717-B394AC6934BE}
2012-03-13 07:23 - 2012-03-13 07:23 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{529290BC-1BD4-464D-9717-B394AC6934BE}
2012-03-13 07:23 - 2012-03-13 07:23 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{529290BC-1BD4-464D-9717-B394AC6934BE}
2012-03-13 07:23 - 2012-03-13 07:23 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{529290BC-1BD4-464D-9717-B394AC6934BE}
2012-03-12 07:38 - 2012-03-12 07:38 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{6C8AA309-5841-4E73-930B-6CF39A47200D}
2012-03-12 07:38 - 2012-03-12 07:38 - 00000000 ____D C:\Users\Owner\Local Settings\{6C8AA309-5841-4E73-930B-6CF39A47200D}
2012-03-12 07:38 - 2012-03-12 07:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{6C8AA309-5841-4E73-930B-6CF39A47200D}
2012-03-12 07:38 - 2012-03-12 07:38 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{6C8AA309-5841-4E73-930B-6CF39A47200D}
2012-03-12 07:38 - 2012-03-12 07:38 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{6C8AA309-5841-4E73-930B-6CF39A47200D}
2012-03-12 07:38 - 2012-03-12 07:38 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{6C8AA309-5841-4E73-930B-6CF39A47200D}
2012-03-12 07:37 - 2012-03-12 07:37 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8BDDDCA8-A6BC-4C2F-A3F0-93C943988594}
2012-03-12 07:37 - 2012-03-12 07:37 - 00000000 ____D C:\Users\Owner\Local Settings\{8BDDDCA8-A6BC-4C2F-A3F0-93C943988594}
2012-03-12 07:37 - 2012-03-12 07:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{8BDDDCA8-A6BC-4C2F-A3F0-93C943988594}
2012-03-12 07:37 - 2012-03-12 07:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\{8BDDDCA8-A6BC-4C2F-A3F0-93C943988594}
2012-03-12 07:37 - 2012-03-12 07:37 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\{8BDDDCA8-A6BC-4C2F-A3F0-93C943988594}
2012-03-12 07:37 - 2012-03-12 07:37 - 00000000 ____D C:\Documents and Settings\Owner\AppData\Local\{8BDDDCA8-A6BC-4C2F-A3F0-93C943988594}


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-09-12 06:23] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 2941.83 MB
Available physical RAM: 2371.7 MB
Total Pagefile: 2625.66 MB
Available Pagefile: 2444.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.11 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:286.43 GB) (Free:216.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.66 GB) (Free:1.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: (USB20FD) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 3864 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 286 GB 32 KB
Partition 2 Primary 12 GB 286 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C HP NTFS Partition 286 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FACTORY_IMA NTFS Partition 12 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3864 MB 32 KB

======================================================================================================

Disk: 5
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J USB20FD FAT32 Removable 3864 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 05:15

======================= End Of Log ==========================

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 09 June 2012 - 01:47 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 BP42

BP42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 09 June 2012 - 03:58 PM

Gringo,

Below is the Combofix log. I have also tried Google and it seems to be working fine. It didn't redirect and I was able to use the back button.




ComboFix 12-06-09.02 - Owner 06/09/2012 16:29:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1819 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\Tmp\removesgp.exe
c:\program files\Search Guard PlusU\Tmp\removesgp0.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\ie3sh.exe
c:\users\Owner\AppData\Local\Windows Live\SupportSoft\maxvnt.dll
c:\users\Public\RemoveSGP.exe
c:\users\Public\RemoveSGP0.exe
c:\windows\favicon.ico
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\ssblinkx.scr
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 17:41 . 2012-06-09 17:43 -------- d-----w- C:\FRST
2012-06-08 13:09 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D86ECD08-7CCF-4377-B9A4-40B87ECD7508}\mpengine.dll
2012-06-07 14:24 . 2012-06-07 14:24 -------- d-----w- C:\_OTL
2012-05-28 01:09 . 2012-05-28 01:09 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-05-28 01:09 . 2012-05-28 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\FixTDSS
2012-05-27 01:28 . 2012-05-27 01:28 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-05-27 01:28 . 2012-05-27 01:28 -------- d-----w- c:\programdata\Malwarebytes
2012-05-27 01:28 . 2012-05-27 01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-27 01:28 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 08:16 . 2012-05-10 15:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 15:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-10 15:10 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2012-05-10 15:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-10 15:11 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6d0b79e-ecac-411b-8bf6-7a574981af30}]
c:\program files\xfinitytb\auxi\xfinityAu.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [BU]
"SpeedItUpEX"="c:\program files\SpeedItup Free\SpeedItUp.exe" [BU]
"SupportSoft"="c:\users\Owner\AppData\Local\Windows Live\SupportSoft\maxvnt.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-18 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-18 189736]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-12-29 983168]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"FBSSA"="c:\program files\SGPSA\ie3sh.exe" [BU]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-18 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-07 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7000b6ca-4388-4d95-893d-6659c2d4d1ce} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-09 16:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe?new-tab/?v=18&tid={86ACCC07-3E4F-4a19-AB25-210D5B89DAA6}???????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-06-09 16:49:35
ComboFix-quarantined-files.txt 2012-06-09 20:49
ComboFix2.txt 2012-06-05 19:44
.
Pre-Run: 232,674,234,368 bytes free
Post-Run: 232,649,482,240 bytes free
.
- - End Of File - - 7686BDA0B3550B01DD6814D372DD13CD

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 09 June 2012 - 05:20 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.6
Bing Rewards Client Installer
Java™ 6 Update 30
Java™ 6 Update 7
Search Guard Plus (My Web Tattoo)
Search Guard Plus Updater (My Web Tattoo)
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users