Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.AH with automatic reboots after 1 minute


  • This topic is locked This topic is locked
27 replies to this topic

#1 kesposito

kesposito

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 04 June 2012 - 03:58 PM

Hello, this is my first time in this forum. My first indication of a problem with my computer was that MSE was not started, and would not start when I attempted to do so. I uninstalled MSE, and then reinstalled it. During the quick scan it attempted during the installation, it let me know it found the serious threat of Sirefef.AH. I told it to remove the problem and it began to do so, but before it was done, a windows message popped up: "Windows has encountered a critical problem and will restart in automatically in one minute. Please save your work." I then have approximately 60 seconds to do anything before the computer reboot itself. Now, it is giving me this error and reboot every time I restart the computer. It does this even in safe mode. I did manage to download the TDSSKILLER .zip file to my phone, then copied the file to the infected computer, extracted it, got it installed and started the scan before the computer rebooted itself.

I have searched through this forum for help but I can seem to find anyone else with the problem of having only a 60 second window to fix this malware issue.

I am running Windows 7 on a 32-bit system. Thank you in advance for your help!!

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:48 AM

Posted 04 June 2012 - 08:15 PM

:welcome:

Lets give it a try. You will need a USB Flash drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 AM

Posted 04 June 2012 - 08:26 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 kesposito

kesposito
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 04 June 2012 - 09:14 PM

Ok, thanks for your help! Here is the Farbar scan results log:

Can't wait for the next step...I'm dying to get back into my computer and REALLY appreciate this guidance.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-06-2012
Ran by SYSTEM at 04-06-2012 19:11:09
Running from F:\
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13605408 2009-03-06] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-03-06] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [96800 2009-03-06] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Bert\...\Run: [Hudl Mercury] "C:\Program Files\Hudl Mercury\HudlMercury.exe" -startup [3373056 2012-01-05] (Agile Sports Technologies)
HKU\Kelli\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.64.12
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Bert\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Kelli\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Kelli\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kelli\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

================================ Services (Whitelisted) ==================

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 IntuitUpdateServiceV4; "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
2 KjsUpdateService2; "C:\Program Files\Common Files\AppLifeUpdateService2\kjsausvc.exe" [12800 2011-08-02] (Kinetic Jump Software, LLC)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 NVIDIA Performance Driver Service; "C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe" [3575808 2008-12-11] ()
2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)

========================== Drivers (Whitelisted) =============

3 b06bdrv; C:\Windows\System32\drivers\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation)
3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [62464 2010-11-20] (Microsoft Corporation)
3 ebdrv; C:\Windows\System32\drivers\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation)
3 Processor; C:\Windows\System32\drivers\processr.sys [52224 2009-07-13] (Microsoft Corporation)
3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [27264 2010-11-20] (Microsoft Corporation)
3 1394ohci; system32\DRIVERS\1394ohci.sys [x]
3 61883; system32\DRIVERS\61883.sys [x]
0 ACPI; system32\drivers\ACPI.sys [x]
0 amdxata; system32\drivers\amdxata.sys [x]
3 AsyncMac; system32\DRIVERS\asyncmac.sys [x]
0 atapi; system32\drivers\atapi.sys [x]
3 Avc; system32\DRIVERS\avc.sys [x]
3 b57nd60x; system32\DRIVERS\b57nd60x.sys [x]
1 blbdrive; system32\DRIVERS\blbdrive.sys [x]
3 bowser; system32\DRIVERS\bowser.sys [x]
3 BthPan; system32\DRIVERS\bthpan.sys [x]
4 cdfs; system32\DRIVERS\cdfs.sys [x]
1 cdrom; system32\DRIVERS\cdrom.sys [x]
0 CLFS; System32\CLFS.sys [x]
3 CmBatt; system32\DRIVERS\CmBatt.sys [x]
0 CNG; System32\Drivers\cng.sys [x]
0 Compbatt; system32\DRIVERS\compbatt.sys [x]
3 CompositeBus; system32\DRIVERS\CompositeBus.sys [x]
1 CSC; system32\drivers\csc.sys [x]
1 DfsC; System32\Drivers\dfsc.sys [x]
1 discache; System32\drivers\discache.sys [x]
0 Disk; system32\drivers\disk.sys [x]
3 drmkaud; system32\drivers\drmkaud.sys [x]
0 FileInfo; system32\drivers\fileinfo.sys [x]
3 Filetrace; system32\drivers\filetrace.sys [x]
0 FltMgr; system32\drivers\fltmgr.sys [x]
3 FsDepends; System32\drivers\FsDepends.sys [x]
3 fssfltr; system32\DRIVERS\fssfltr.sys [x]
0 fvevol; System32\DRIVERS\fvevol.sys [x]
3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [x]
3 guardian2; System32\Drivers\oz776.sys [x]
3 HdAudAddService; system32\drivers\HdAudio.sys [x]
3 HDAudBus; system32\DRIVERS\HDAudBus.sys [x]
3 HidUsb; system32\DRIVERS\hidusb.sys [x]
3 HSF_DPV; system32\DRIVERS\HSX_DPV.sys [x]
3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [x]
3 htcnprot; system32\DRIVERS\htcnprot.sys [x]
3 HTTP; system32\drivers\HTTP.sys [x]
0 hwpolicy; System32\drivers\hwpolicy.sys [x]
3 i8042prt; system32\DRIVERS\i8042prt.sys [x]
0 intelide; system32\drivers\intelide.sys [x]
3 intelppm; system32\DRIVERS\intelppm.sys [x]
3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [x]
3 IPNAT; System32\drivers\ipnat.sys [x]
3 IRENUM; system32\drivers\irenum.sys [x]
3 kbdclass; system32\DRIVERS\kbdclass.sys [x]
0 KSecDD; System32\Drivers\ksecdd.sys [x]
0 KSecPkg; System32\Drivers\ksecpkg.sys [x]
2 lltdio; system32\DRIVERS\lltdio.sys [x]
2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [x]
3 Modem; system32\drivers\modem.sys [x]
3 monitor; system32\DRIVERS\monitor.sys [x]
3 mouclass; system32\DRIVERS\mouclass.sys [x]
3 mouhid; system32\DRIVERS\mouhid.sys [x]
0 mountmgr; System32\drivers\mountmgr.sys [x]
0 MpFilter; system32\DRIVERS\MpFilter.sys [x]
3 mpsdrv; System32\drivers\mpsdrv.sys [x]
3 mrxsmb; system32\DRIVERS\mrxsmb.sys [x]
3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [x]
3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [x]
3 MSDV; system32\DRIVERS\msdv.sys [x]
0 msisadrv; system32\drivers\msisadrv.sys [x]
3 MSKSSRV; system32\drivers\MSKSSRV.sys [x]
3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [x]
3 MSPQM; system32\drivers\MSPQM.sys [x]
1 mssmbios; system32\DRIVERS\mssmbios.sys [x]
3 MSTEE; system32\drivers\MSTEE.sys [x]
0 Mup; System32\Drivers\mup.sys [x]
3 NativeWifiP; system32\DRIVERS\nwifi.sys [x]
0 NDIS; system32\drivers\ndis.sys [x]
3 NdisCap; system32\DRIVERS\ndiscap.sys [x]
3 NdisTapi; system32\DRIVERS\ndistapi.sys [x]
3 Ndisuio; system32\DRIVERS\ndisuio.sys [x]
3 NdisWan; system32\DRIVERS\ndiswan.sys [x]
1 NetBIOS; system32\DRIVERS\netbios.sys [x]
1 NetBT; System32\DRIVERS\netbt.sys [x]
3 netw5v32; system32\DRIVERS\netw5v32.sys [x]
3 NisDrv; system32\DRIVERS\NisDrvWFP.sys [x]
1 nsiproxy; system32\drivers\nsiproxy.sys [x]
3 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
0 partmgr; System32\drivers\partmgr.sys [x]
0 pci; system32\drivers\pci.sys [x]
0 pcw; System32\drivers\pcw.sys [x]
2 PEAUTH; system32\drivers\peauth.sys [x]
3 pneteth; system32\DRIVERS\pneteth.sys [x]
3 PptpMiniport; system32\DRIVERS\raspptp.sys [x]
1 Psched; system32\DRIVERS\pacer.sys [x]
3 RasAcd; System32\DRIVERS\rasacd.sys [x]
3 RasAgileVpn; system32\DRIVERS\AgileVpn.sys [x]
3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [x]
3 RasPppoe; system32\DRIVERS\raspppoe.sys [x]
3 RasSstp; system32\DRIVERS\rassstp.sys [x]
1 rdbss; system32\DRIVERS\rdbss.sys [x]
3 rdpbus; system32\DRIVERS\rdpbus.sys [x]
1 RDPCDD; System32\DRIVERS\RDPCDD.sys [x]
3 RDPDR; System32\drivers\rdpdr.sys [x]
1 RDPENCDD; system32\drivers\rdpencdd.sys [x]
1 RDPREFMP; system32\drivers\rdprefmp.sys [x]
0 rdyboost; System32\drivers\rdyboost.sys [x]
3 RFCOMM; system32\DRIVERS\rfcomm.sys [x]
2 rimmptsk; system32\DRIVERS\rimmptsk.sys [x]
2 rimsptsk; system32\DRIVERS\rimsptsk.sys [x]
3 RimUsb; System32\Drivers\RimUsb.sys [x]
2 rismxdp; system32\DRIVERS\rixdptsk.sys [x]
2 rspndr; system32\DRIVERS\rspndr.sys [x]
0 sbp2port; system32\DRIVERS\sbp2port.sys [x]
3 scfilter; System32\DRIVERS\scfilter.sys [x]
3 sdbus; system32\DRIVERS\sdbus.sys [x]
3 sffdisk; system32\DRIVERS\sffdisk.sys [x]
3 sffp_sd; system32\DRIVERS\sffp_sd.sys [x]
3 Smb; system32\DRIVERS\smb.sys [x]
3 srv; System32\DRIVERS\srv.sys [x]
3 srv2; System32\DRIVERS\srv2.sys [x]
3 SrvHsfHDA; system32\DRIVERS\VSTAZL3.SYS [x]
3 SrvHsfV92; system32\DRIVERS\VSTDPV3.SYS [x]
3 SrvHsfWinac; system32\DRIVERS\VSTCNXT3.SYS [x]
3 srvnet; System32\DRIVERS\srvnet.sys [x]
3 StillCam; system32\DRIVERS\serscan.sys [x]
0 storflt; system32\drivers\vmstorfl.sys [x]
3 swenum; system32\DRIVERS\swenum.sys [x]
0 Tcpip; System32\drivers\tcpip.sys [x]
3 TCPIP6; system32\DRIVERS\tcpip.sys [x]
2 tcpipreg; System32\drivers\tcpipreg.sys [x]
3 TDPIPE; system32\drivers\tdpipe.sys [x]
3 TDTCP; system32\drivers\tdtcp.sys [x]
1 tdx; system32\DRIVERS\tdx.sys [x]
1 TermDD; system32\DRIVERS\termdd.sys [x]
3 tssecsrv; System32\DRIVERS\tssecsrv.sys [x]
3 TsUsbFlt; System32\drivers\tsusbflt.sys [x]
3 tunnel; system32\DRIVERS\tunnel.sys [x]
4 udfs; system32\DRIVERS\udfs.sys [x]
3 umbus; system32\DRIVERS\umbus.sys [x]
3 USBAAPL; System32\Drivers\usbaapl.sys [x]
3 usbccgp; system32\DRIVERS\usbccgp.sys [x]
3 usbehci; system32\DRIVERS\usbehci.sys [x]
3 usbhub; system32\DRIVERS\usbhub.sys [x]
3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [x]
3 usbuhci; system32\DRIVERS\usbuhci.sys [x]
0 vdrvroot; system32\drivers\vdrvroot.sys [x]
3 vga; system32\DRIVERS\vgapnp.sys [x]
0 volmgr; system32\drivers\volmgr.sys [x]
0 volmgrx; System32\drivers\volmgrx.sys [x]
0 volsnap; system32\drivers\volsnap.sys [x]
3 WANARP; system32\DRIVERS\wanarp.sys [x]
1 Wanarpv6; system32\DRIVERS\wanarp.sys [x]
0 Wdf01000; system32\drivers\Wdf01000.sys [x]
1 WfpLwf; system32\DRIVERS\wfplwf.sys [x]
3 WIMMount; system32\drivers\wimmount.sys [x]
3 winachsf; system32\DRIVERS\HSX_CNXT.sys [x]
3 WinUsb; system32\DRIVERS\WinUSB.sys [x]
3 WmiAcpi; system32\DRIVERS\wmiacpi.sys [x]
3 WudfPf; system32\drivers\WudfPf.sys [x]
3 WUDFRd; system32\DRIVERS\WUDFRd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-04 19:11 - 2012-06-04 19:11 - 0000000 ____D C:\FRST
2012-06-04 12:31 - 2012-06-04 12:31 - 0007314 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_13.31.27_log.txt
2012-06-04 12:24 - 2012-06-04 12:28 - 0000000 ____D C:\Users\Kelli\Desktop\tdsskiller
2012-06-04 12:24 - 2012-06-04 12:22 - 2108959 ____A C:\Users\Kelli\Desktop\tdsskiller.zip
2012-06-04 12:18 - 2012-06-04 12:18 - 31849472 ____A C:\Windows\Installer\15b77.msi
2012-06-04 12:18 - 2012-06-04 12:18 - 0027499 ____A (Altiris) C:\Windows\Installer\MSI626D.tmp
2012-06-04 12:18 - 2012-06-04 12:18 - 0000000 ____D C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-06-04 12:18 - 2012-06-04 12:18 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-06-04 12:11 - 2012-06-04 12:09 - 0000458 ____A C:\script.zip
2012-06-04 12:11 - 2012-06-04 12:07 - 0725408 ____A (Enigma Software Group USA, LLC.) C:\SpyHunter-Installer.exe
2012-06-04 11:22 - 2012-06-04 11:16 - 0509440 ____A (iS3, Inc.) C:\SZSetupAV.exe
2012-06-04 11:07 - 2012-06-04 12:17 - 1374248 ____A C:\Windows\ntbtlog.txt
2012-06-04 10:30 - 2012-06-04 10:30 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-04 05:02 - 2012-06-04 05:02 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-03 09:37 - 2012-06-03 09:37 - 0000000 ____D C:\Users\Bert\AppData\Local\{6E8C2816-3640-4B88-A366-B3ED14DCCC21}
2012-06-03 09:36 - 2012-06-03 09:37 - 0000000 ____D C:\Users\Bert\AppData\Local\{744F6E65-FA48-4565-A6D4-03F4D52ED380}
2012-06-03 09:35 - 2012-06-03 09:35 - 0000000 ____D C:\Users\Bert\AppData\Local\{11980566-F5C2-4EF2-BFD7-E68573667423}
2012-06-03 09:34 - 2012-06-03 09:34 - 0000000 ____D C:\Users\Bert\AppData\Local\{305E955E-A341-4371-A703-6A7EC7848E9C}
2012-06-03 09:31 - 2012-06-03 09:52 - 0001297 ____A C:\Users\Public\Desktop\Hudl Video Editor.lnk
2012-06-03 09:31 - 2012-06-03 09:52 - 0000000 ____D C:\Program Files\AviSynth 2.5
2012-06-03 09:30 - 2012-06-03 15:30 - 0000000 ____D C:\Users\Bert\AppData\Local\Hudl Mercury Projects
2012-06-03 09:30 - 2012-06-03 09:32 - 0000000 ____D C:\Users\Bert\AppData\Roaming\Agile Sports Technologies
2012-06-03 09:30 - 2012-06-03 09:30 - 31181896 ____A (Agile Sports Technologies ) C:\Users\Bert\Downloads\HudlVideoEditor_1.29.10-setup.exe
2012-06-03 09:30 - 2012-06-03 09:30 - 0000000 ____D C:\Program Files\Agile Sports Technologies
2012-06-03 09:29 - 2012-06-03 09:52 - 0000000 ____D C:\Program Files\ffdshow
2012-06-03 09:29 - 2012-06-03 09:29 - 0000000 ____D C:\Program Files\Common Files\AppLifeUpdateService2
2012-06-03 09:29 - 2010-12-21 22:41 - 0080896 ____A C:\Windows\System32\ff_vfw.dll
2012-06-03 09:28 - 2012-06-03 09:28 - 0000000 ____D C:\Program Files\Hudl Mercury
2012-06-03 09:21 - 2012-06-03 09:22 - 14986128 ____A (Agile Sports Technologies, Inc. ) C:\Users\Bert\Downloads\HudlMercury_1.2.2-setup.exe
2012-06-03 09:21 - 2012-06-03 09:21 - 0000000 ____D C:\Users\Bert\AppData\Local\{4B96D6F3-FDAB-4900-84D4-3D212336D578}
2012-06-02 18:30 - 2012-06-02 18:31 - 0000000 ____D C:\Users\Melissa\AppData\Local\Htc
2012-06-02 18:29 - 2012-06-02 18:31 - 0000000 ____D C:\Users\Melissa\AppData\Roaming\HTC
2012-05-30 09:40 - 2012-05-30 09:40 - 0242176 ____A C:\Users\Rachel\Documents\7thGradeYearEndPoolParty.pub
2012-05-23 17:01 - 2012-05-23 17:01 - 0017821 ____A C:\Users\Rachel\Desktop\Rachel.docx
2012-05-23 06:21 - 2012-05-23 06:21 - 0001040 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-05-23 06:21 - 2012-05-23 06:21 - 0000000 ____D C:\Windows\Installer\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}
2012-05-23 06:16 - 2012-05-23 06:16 - 30331684 ____A C:\Windows\Installer\3619ccc.msi
2012-05-23 06:15 - 2012-05-23 06:15 - 15234048 ____A C:\Windows\Installer\361982c.msi
2012-05-23 06:15 - 2012-05-23 06:15 - 0032256 ____A C:\Windows\Installer\361980e.msi
2012-05-22 20:18 - 2012-05-22 20:24 - 10328064 ____A C:\Users\Rachel\Desktop\CLASSIFIED.pub
2012-05-22 14:11 - 2012-05-22 14:11 - 0015127 ____A C:\Users\Kelli\Documents\Rachel5-22-12.docx
2012-05-21 19:34 - 2012-05-21 19:41 - 0000000 ____D C:\Users\Kelli\Documents\Fax
2012-05-21 19:34 - 2012-05-21 19:34 - 0000000 ___RD C:\Users\Kelli\Documents\Scanned Documents
2012-05-20 15:49 - 2012-05-20 16:01 - 0000000 ____D C:\Users\Kelli\Documents\Microsoft Office 2010 Download
2012-05-19 12:27 - 2012-05-19 12:27 - 0000000 ____D C:\Users\Kelli\AppData\Local\{47C723D1-69DB-4028-9BE9-7F7AE3811C61}
2012-05-19 12:26 - 2012-05-19 12:27 - 0000000 ____D C:\Users\Kelli\AppData\Local\{8D397F3F-8B36-4EDF-AC07-D2165EFE1E52}
2012-05-16 15:01 - 2012-05-16 15:01 - 0000000 ____D C:\Windows\Installer\{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}
2012-05-16 15:01 - 2012-05-16 15:01 - 0000000 ____A C:\Windows\Installer\wix{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}.SchedServiceConfig.rmi
2012-05-16 15:01 - 2012-03-08 17:32 - 0039272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-05-16 14:49 - 2012-05-16 14:49 - 8979968 ____A C:\Windows\Installer\1ae2c275.msi
2012-05-16 14:49 - 2012-05-16 14:49 - 4426240 ___RA C:\Windows\Installer\1ae2c1b9.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 3734016 ___RA C:\Windows\Installer\1ae2c266.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 3312128 ___RA C:\Windows\Installer\1ae2c21e.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 2932224 ___RA C:\Windows\Installer\1ae2c1d2.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 2146304 ___RA C:\Windows\Installer\1ae2c2bf.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 14624256 ___RA C:\Windows\Installer\1ae2c255.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 1139712 ___RA C:\Windows\Installer\1ae2c1ed.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0715264 ___RA C:\Windows\Installer\1ae2c1fa.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0625664 ___RA C:\Windows\Installer\1ae2c29f.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0468480 ___RA C:\Windows\Installer\1ae2c2ae.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0136704 ___RA C:\Windows\Installer\1ae2c1dc.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0065536 ____A C:\Windows\Installer\1ae2c2d0.msi
2012-05-16 14:49 - 2012-05-16 14:49 - 0060416 ___RA C:\Windows\Installer\1ae2c2ca.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0029184 ___RA C:\Windows\Installer\1ae2c291.msp
2012-05-16 14:47 - 2012-05-16 14:47 - 0000000 ____D C:\Users\Kelli\AppData\Local\{801644B6-343E-41F8-AC2E-60E881D2EF3D}
2012-05-16 14:47 - 2012-05-16 14:47 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1115B90A-4CF3-44AF-AB04-ABB3D78C0223}
2012-05-16 14:36 - 2012-05-16 14:36 - 0000000 ____D C:\Users\Kelli\AppData\Local\{5D7F7C64-5A96-4799-B1C0-5F1D27F29F88}
2012-05-16 14:35 - 2012-05-16 14:36 - 0000000 ____D C:\Users\Kelli\AppData\Local\{0F18DFBA-A87C-4917-8748-82A41B647DDB}
2012-05-16 14:34 - 2012-05-16 14:34 - 0000000 ____D C:\Users\Kelli\AppData\Local\{8AECE474-C474-4A94-AE55-9C99B52E504B}
2012-05-16 14:33 - 2012-05-16 14:34 - 0000000 ____D C:\Users\Kelli\AppData\Local\{A3E81AE0-9950-4ACB-80D2-A83257B98DC1}
2012-05-16 14:22 - 2012-05-16 14:22 - 0000000 ____D C:\Users\Kelli\AppData\Local\{9AA56D47-A443-4EDC-B58A-4E0E249E8069}
2012-05-16 14:22 - 2012-05-16 14:22 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7697EE3C-E1AC-4802-84F7-E307AA6836C5}
2012-05-16 14:21 - 2012-05-16 14:21 - 0000000 ____D C:\Users\Kelli\AppData\Local\{B2C21F45-E9B6-4A73-BDAC-A14AF54D452E}
2012-05-16 14:20 - 2012-05-16 14:21 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1E93C5EE-4B37-480B-8F9B-7AAE1BE533C4}
2012-05-16 14:19 - 2012-05-16 14:19 - 0000000 ____D C:\Users\Kelli\AppData\Local\{2E216F8F-FA4A-4671-8980-C5C5A90A523A}
2012-05-16 14:18 - 2012-05-16 14:19 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7F54632B-40F2-4142-9C9A-0BB8A2E85D27}
2012-05-16 14:15 - 2012-05-16 14:15 - 0000000 ____D C:\Users\Kelli\AppData\Local\{99558411-43F0-47C4-9763-9E466B92A8F7}
2012-05-16 14:15 - 2012-05-16 14:15 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1BD4802C-49A6-47F4-B9DA-3937BCBA4879}
2012-05-13 08:51 - 2012-05-13 08:51 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\HP
2012-05-11 15:18 - 2012-05-11 15:18 - 0000000 ____D C:\Users\Kelli\AppData\Local\{C15E797E-7449-40FD-9008-CAEC5DF624D7}
2012-05-11 15:17 - 2012-05-11 15:18 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7ADB05BE-88D9-43FC-8302-662BF61E0D6B}
2012-05-11 15:09 - 2012-05-11 15:09 - 0000000 ____D C:\Users\Kelli\AppData\Local\{85DE1CE0-BA61-4DB7-BD08-DBB19E64BABE}
2012-05-11 15:08 - 2012-05-11 15:09 - 0000000 ____D C:\Users\Kelli\AppData\Local\{FF690BA9-1FDB-41FA-AB85-295562FB3F61}
2012-05-11 02:01 - 2012-05-11 02:01 - 20343808 ___RA C:\Windows\Installer\2f510dc.msp
2012-05-10 14:43 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 14:43 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 14:43 - 2012-03-30 18:36 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 14:43 - 2012-03-30 02:23 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 14:43 - 2012-03-16 23:27 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 14:43 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 06:37 - 2012-05-09 06:37 - 0000000 ____D C:\Windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
2012-05-09 06:37 - 2012-05-09 06:37 - 0000000 ____D C:\Program Files\Hewlett-Packard

============ 3 Months Modified Files and Folders ===============

2012-06-04 19:11 - 2012-06-04 19:11 - 0000000 ____D C:\FRST
2012-06-04 13:36 - 2012-03-27 12:58 - 0000000 ____D C:\Users\Kelli\AppData\Local\Htc
2012-06-04 13:35 - 2012-02-27 19:27 - 0000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-04 13:35 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-04 13:35 - 2009-07-13 20:39 - 0044180 ____A C:\Windows\setupact.log
2012-06-04 13:34 - 2012-01-23 20:13 - 2615783424 __ASH C:\hiberfil.sys
2012-06-04 13:28 - 2009-07-13 20:34 - 0006144 _____ C:\Windows\System32\umstartup.etl
2012-06-04 13:06 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-06-04 12:42 - 2012-02-27 19:27 - 0000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-04 12:32 - 2012-06-04 12:31 - 0007314 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_13.31.27_log.txt
2012-06-04 12:28 - 2012-06-04 12:24 - 0000000 ____D C:\Users\Kelli\Desktop\tdsskiller
2012-06-04 12:25 - 2012-01-24 11:52 - 0000000 ____D C:\Users\Kelli\Documents\Outlook Files
2012-06-04 12:22 - 2012-06-04 12:24 - 2108959 ____A C:\Users\Kelli\Desktop\tdsskiller.zip
2012-06-04 12:18 - 2012-06-04 12:18 - 31849472 ____A C:\Windows\Installer\15b77.msi
2012-06-04 12:18 - 2012-06-04 12:18 - 0027499 ____A (Altiris) C:\Windows\Installer\MSI626D.tmp
2012-06-04 12:18 - 2012-06-04 12:18 - 0000000 ____D C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-06-04 12:18 - 2012-06-04 12:18 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-06-04 12:17 - 2012-06-04 11:07 - 1374248 ____A C:\Windows\ntbtlog.txt
2012-06-04 12:09 - 2012-06-04 12:11 - 0000458 ____A C:\script.zip
2012-06-04 12:07 - 2012-06-04 12:11 - 0725408 ____A (Enigma Software Group USA, LLC.) C:\SpyHunter-Installer.exe
2012-06-04 11:16 - 2012-06-04 11:22 - 0509440 ____A (iS3, Inc.) C:\SZSetupAV.exe
2012-06-04 10:38 - 2012-01-24 10:11 - 0000000 ___HD C:\Config.Msi
2012-06-04 10:38 - 2010-11-20 13:48 - 0032376 ____A C:\Windows\PFRO.log
2012-06-04 10:34 - 2012-03-27 13:07 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Outlook
2012-06-04 10:32 - 2012-01-23 20:16 - 1231868 ____A C:\Windows\WindowsUpdate.log
2012-06-04 10:30 - 2012-06-04 10:30 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-04 10:30 - 2012-05-01 02:03 - 0000000 ____D C:\Windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}
2012-06-04 10:30 - 2012-01-23 22:42 - 0001945 ____A C:\Windows\epplauncher.mif
2012-06-04 10:30 - 2010-11-20 13:01 - 0796052 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-04 10:23 - 2009-07-13 20:34 - 0022016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-04 10:23 - 2009-07-13 20:34 - 0022016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-04 09:53 - 2012-01-24 16:45 - 0000000 ____D C:\Users\Bert\Documents\Outlook Files
2012-06-04 05:02 - 2012-06-04 05:02 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-04 02:44 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-06-03 16:46 - 2012-06-03 09:30 - 0000000 ____D C:\Users\Bert\AppData\Local\Hudl Mercury Projects
2012-06-03 16:43 - 2012-01-24 14:54 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\Adobe
2012-06-03 16:43 - 2012-01-24 14:54 - 0000000 ____D C:\Users\Rachel\AppData\Local\Adobe
2012-06-03 16:38 - 2012-01-24 14:43 - 0000000 ____D C:\Users\Bert\AppData\Local\VirtualStore
2012-06-03 09:52 - 2012-06-03 09:31 - 0001297 ____A C:\Users\Public\Desktop\Hudl Video Editor.lnk
2012-06-03 09:52 - 2012-06-03 09:31 - 0000000 ____D C:\Program Files\AviSynth 2.5
2012-06-03 09:52 - 2012-06-03 09:29 - 0000000 ____D C:\Program Files\ffdshow
2012-06-03 09:37 - 2012-06-03 09:37 - 0000000 ____D C:\Users\Bert\AppData\Local\{6E8C2816-3640-4B88-A366-B3ED14DCCC21}
2012-06-03 09:37 - 2012-06-03 09:36 - 0000000 ____D C:\Users\Bert\AppData\Local\{744F6E65-FA48-4565-A6D4-03F4D52ED380}
2012-06-03 09:37 - 2012-04-09 13:57 - 0000000 ____D C:\Users\Bert\AppData\Local\Windows Live
2012-06-03 09:35 - 2012-06-03 09:35 - 0000000 ____D C:\Users\Bert\AppData\Local\{11980566-F5C2-4EF2-BFD7-E68573667423}
2012-06-03 09:34 - 2012-06-03 09:34 - 0000000 ____D C:\Users\Bert\AppData\Local\{305E955E-A341-4371-A703-6A7EC7848E9C}
2012-06-03 09:32 - 2012-06-03 09:30 - 0000000 ____D C:\Users\Bert\AppData\Roaming\Agile Sports Technologies
2012-06-03 09:30 - 2012-06-03 09:30 - 31181896 ____A (Agile Sports Technologies ) C:\Users\Bert\Downloads\HudlVideoEditor_1.29.10-setup.exe
2012-06-03 09:30 - 2012-06-03 09:30 - 0000000 ____D C:\Program Files\Agile Sports Technologies
2012-06-03 09:29 - 2012-06-03 09:29 - 0000000 ____D C:\Program Files\Common Files\AppLifeUpdateService2
2012-06-03 09:28 - 2012-06-03 09:28 - 0000000 ____D C:\Program Files\Hudl Mercury
2012-06-03 09:22 - 2012-06-03 09:21 - 14986128 ____A (Agile Sports Technologies, Inc. ) C:\Users\Bert\Downloads\HudlMercury_1.2.2-setup.exe
2012-06-03 09:21 - 2012-06-03 09:21 - 0000000 ____D C:\Users\Bert\AppData\Local\{4B96D6F3-FDAB-4900-84D4-3D212336D578}
2012-06-02 18:31 - 2012-06-02 18:30 - 0000000 ____D C:\Users\Melissa\AppData\Local\Htc
2012-06-02 18:31 - 2012-06-02 18:29 - 0000000 ____D C:\Users\Melissa\AppData\Roaming\HTC
2012-06-02 18:29 - 2012-01-24 13:40 - 0125312 ____A C:\Users\Melissa\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-02 04:52 - 2012-03-29 18:37 - 0000000 ____D C:\Users\Bert\AppData\Local\Htc
2012-05-30 09:40 - 2012-05-30 09:40 - 0242176 ____A C:\Users\Rachel\Documents\7thGradeYearEndPoolParty.pub
2012-05-30 06:45 - 2012-04-11 16:33 - 0000000 ____D C:\Users\Rachel\AppData\Local\Htc
2012-05-26 13:36 - 2012-01-24 12:10 - 0000000 ____D C:\Users\Kelli\Documents\Excel
2012-05-24 10:58 - 2012-01-24 12:05 - 0000000 ____D C:\Users\Kelli\Documents\Quicken
2012-05-23 17:01 - 2012-05-23 17:01 - 0017821 ____A C:\Users\Rachel\Desktop\Rachel.docx
2012-05-23 06:21 - 2012-05-23 06:21 - 0001040 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-05-23 06:21 - 2012-05-23 06:21 - 0000000 ____D C:\Windows\Installer\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}
2012-05-23 06:20 - 2012-03-27 12:54 - 0000000 ____D C:\Users\Kelli\AppData\Local\Downloaded Installations
2012-05-23 06:19 - 2012-05-04 15:21 - 0000000 ____D C:\Users\Kelli\Documents\2012 Re-Fi Documents
2012-05-23 06:16 - 2012-05-23 06:16 - 30331684 ____A C:\Windows\Installer\3619ccc.msi
2012-05-23 06:15 - 2012-05-23 06:15 - 15234048 ____A C:\Windows\Installer\361982c.msi
2012-05-23 06:15 - 2012-05-23 06:15 - 0032256 ____A C:\Windows\Installer\361980e.msi
2012-05-23 06:15 - 2012-03-27 12:54 - 0033516 ____A C:\Windows\DPINST.LOG
2012-05-23 06:15 - 2012-03-27 12:54 - 0000000 ____D C:\Windows\Installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F}
2012-05-23 06:15 - 2012-01-24 09:07 - 0000000 ____D C:\Program Files\Common Files\Adobe AIR
2012-05-22 20:24 - 2012-05-22 20:18 - 10328064 ____A C:\Users\Rachel\Desktop\CLASSIFIED.pub
2012-05-22 19:54 - 2012-01-24 14:53 - 0000000 ____D C:\Users\Rachel\AppData\LocalLow
2012-05-22 14:14 - 2012-01-24 12:07 - 0054784 ____A C:\Users\Kelli\Documents\COSTCO SHOPPING LIST.doc
2012-05-22 14:11 - 2012-05-22 14:11 - 0015127 ____A C:\Users\Kelli\Documents\Rachel5-22-12.docx
2012-05-21 20:20 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-05-21 19:41 - 2012-05-21 19:34 - 0000000 ____D C:\Users\Kelli\Documents\Fax
2012-05-21 19:34 - 2012-05-21 19:34 - 0000000 ___RD C:\Users\Kelli\Documents\Scanned Documents
2012-05-21 19:34 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\ModemLogs
2012-05-21 18:55 - 2012-01-24 16:15 - 0001456 ____A C:\Users\Kelli\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-05-20 16:01 - 2012-05-20 15:49 - 0000000 ____D C:\Users\Kelli\Documents\Microsoft Office 2010 Download
2012-05-20 15:39 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-05-20 00:27 - 2012-03-18 14:30 - 0000000 ____D C:\Users\Bert\AppData\Local\ElevatedDiagnostics
2012-05-19 12:27 - 2012-05-19 12:27 - 0000000 ____D C:\Users\Kelli\AppData\Local\{47C723D1-69DB-4028-9BE9-7F7AE3811C61}
2012-05-19 12:27 - 2012-05-19 12:26 - 0000000 ____D C:\Users\Kelli\AppData\Local\{8D397F3F-8B36-4EDF-AC07-D2165EFE1E52}
2012-05-19 12:27 - 2012-01-25 21:34 - 0000000 ____D C:\Users\Kelli\AppData\Local\Windows Live
2012-05-16 15:01 - 2012-05-16 15:01 - 0000000 ____D C:\Windows\Installer\{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}
2012-05-16 15:01 - 2012-05-16 15:01 - 0000000 ____A C:\Windows\Installer\wix{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}.SchedServiceConfig.rmi
2012-05-16 14:58 - 2012-01-25 21:39 - 0000000 ____D C:\Program Files\Windows Live
2012-05-16 14:49 - 2012-05-16 14:49 - 8979968 ____A C:\Windows\Installer\1ae2c275.msi
2012-05-16 14:49 - 2012-05-16 14:49 - 4426240 ___RA C:\Windows\Installer\1ae2c1b9.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 3734016 ___RA C:\Windows\Installer\1ae2c266.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 3312128 ___RA C:\Windows\Installer\1ae2c21e.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 2932224 ___RA C:\Windows\Installer\1ae2c1d2.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 2146304 ___RA C:\Windows\Installer\1ae2c2bf.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 14624256 ___RA C:\Windows\Installer\1ae2c255.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 1139712 ___RA C:\Windows\Installer\1ae2c1ed.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0715264 ___RA C:\Windows\Installer\1ae2c1fa.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0625664 ___RA C:\Windows\Installer\1ae2c29f.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0468480 ___RA C:\Windows\Installer\1ae2c2ae.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0136704 ___RA C:\Windows\Installer\1ae2c1dc.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0065536 ____A C:\Windows\Installer\1ae2c2d0.msi
2012-05-16 14:49 - 2012-05-16 14:49 - 0060416 ___RA C:\Windows\Installer\1ae2c2ca.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0029184 ___RA C:\Windows\Installer\1ae2c291.msp
2012-05-16 14:47 - 2012-05-16 14:47 - 0000000 ____D C:\Users\Kelli\AppData\Local\{801644B6-343E-41F8-AC2E-60E881D2EF3D}
2012-05-16 14:47 - 2012-05-16 14:47 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1115B90A-4CF3-44AF-AB04-ABB3D78C0223}
2012-05-16 14:36 - 2012-05-16 14:36 - 0000000 ____D C:\Users\Kelli\AppData\Local\{5D7F7C64-5A96-4799-B1C0-5F1D27F29F88}
2012-05-16 14:36 - 2012-05-16 14:35 - 0000000 ____D C:\Users\Kelli\AppData\Local\{0F18DFBA-A87C-4917-8748-82A41B647DDB}
2012-05-16 14:34 - 2012-05-16 14:34 - 0000000 ____D C:\Users\Kelli\AppData\Local\{8AECE474-C474-4A94-AE55-9C99B52E504B}
2012-05-16 14:34 - 2012-05-16 14:33 - 0000000 ____D C:\Users\Kelli\AppData\Local\{A3E81AE0-9950-4ACB-80D2-A83257B98DC1}
2012-05-16 14:22 - 2012-05-16 14:22 - 0000000 ____D C:\Users\Kelli\AppData\Local\{9AA56D47-A443-4EDC-B58A-4E0E249E8069}
2012-05-16 14:22 - 2012-05-16 14:22 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7697EE3C-E1AC-4802-84F7-E307AA6836C5}
2012-05-16 14:21 - 2012-05-16 14:21 - 0000000 ____D C:\Users\Kelli\AppData\Local\{B2C21F45-E9B6-4A73-BDAC-A14AF54D452E}
2012-05-16 14:21 - 2012-05-16 14:20 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1E93C5EE-4B37-480B-8F9B-7AAE1BE533C4}
2012-05-16 14:19 - 2012-05-16 14:19 - 0000000 ____D C:\Users\Kelli\AppData\Local\{2E216F8F-FA4A-4671-8980-C5C5A90A523A}
2012-05-16 14:19 - 2012-05-16 14:18 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7F54632B-40F2-4142-9C9A-0BB8A2E85D27}
2012-05-16 14:15 - 2012-05-16 14:15 - 0000000 ____D C:\Users\Kelli\AppData\Local\{99558411-43F0-47C4-9763-9E466B92A8F7}
2012-05-16 14:15 - 2012-05-16 14:15 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1BD4802C-49A6-47F4-B9DA-3937BCBA4879}
2012-05-15 18:44 - 2012-02-21 15:48 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\HpUpdate
2012-05-15 13:41 - 2012-01-24 12:10 - 0000000 ____D C:\Users\Kelli\Documents\Credit Reports
2012-05-13 08:51 - 2012-05-13 08:51 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\HP
2012-05-11 15:18 - 2012-05-11 15:18 - 0000000 ____D C:\Users\Kelli\AppData\Local\{C15E797E-7449-40FD-9008-CAEC5DF624D7}
2012-05-11 15:18 - 2012-05-11 15:17 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7ADB05BE-88D9-43FC-8302-662BF61E0D6B}
2012-05-11 15:09 - 2012-05-11 15:09 - 0000000 ____D C:\Users\Kelli\AppData\Local\{85DE1CE0-BA61-4DB7-BD08-DBB19E64BABE}
2012-05-11 15:09 - 2012-05-11 15:08 - 0000000 ____D C:\Users\Kelli\AppData\Local\{FF690BA9-1FDB-41FA-AB85-295562FB3F61}
2012-05-11 02:48 - 2009-07-13 20:33 - 3811432 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 02:45 - 2012-01-23 22:36 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 02:43 - 2010-11-20 16:23 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-11 02:27 - 2012-01-23 21:45 - 0000000 ____D C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}
2012-05-11 02:27 - 2012-01-23 21:42 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 02:19 - 2012-01-23 22:41 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 02:02 - 2012-01-23 22:36 - 0000000 ____D C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
2012-05-11 02:01 - 2012-05-11 02:01 - 20343808 ___RA C:\Windows\Installer\2f510dc.msp
2012-05-09 06:37 - 2012-05-09 06:37 - 0000000 ____D C:\Windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
2012-05-09 06:37 - 2012-05-09 06:37 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-05-08 18:11 - 2012-01-24 11:51 - 0000000 ____D C:\Users\Kelli\Documents\MY ARTWORK
2012-05-08 16:12 - 2012-01-24 16:48 - 0000000 ____D C:\Users\Bert\Documents\Personal
2012-05-04 20:07 - 2012-05-04 20:01 - 0000000 ____D C:\Users\Kelli\Documents\My Scans
2012-05-04 16:31 - 2012-05-04 16:28 - 0210551 ____A C:\Windows\hpoins21.dat
2012-05-04 16:31 - 2012-01-24 10:09 - 0004527 ____A C:\Users\All Users\hpzinstall.log
2012-05-04 16:31 - 2009-07-13 18:04 - 0000513 ____A C:\Windows\win.ini
2012-05-04 16:30 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\twain_32
2012-05-04 15:43 - 2012-01-24 10:00 - 0000000 ____D C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000005}
2012-05-04 15:31 - 2012-01-24 10:10 - 0000000 ____D C:\Program Files\HP
2012-05-04 15:22 - 2012-05-04 15:25 - 0211006 ____N C:\Windows\hpoins21.dat.temp
2012-05-04 15:08 - 2012-05-04 15:04 - 0043008 ____A C:\Users\Kelli\Documents\ClearConceptsFax.doc
2012-05-04 13:04 - 2012-05-04 13:04 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-04 13:04 - 2012-01-24 08:55 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-03 08:30 - 2012-01-24 11:03 - 0000000 ____D C:\Program Files\Quicken
2012-05-01 11:22 - 2012-05-01 11:22 - 0417700 ____A C:\Users\Kelli\Documents\DISC-Kelli_Esposito.pdf
2012-05-01 11:20 - 2012-05-01 11:20 - 0776797 ____A C:\Users\Kelli\Documents\Values-Kelli_Esposito.pdf
2012-05-01 11:05 - 2012-05-01 11:05 - 0060946 ____A C:\Users\Kelli\Documents\SpiritualGiftsResults.pdf
2012-05-01 08:18 - 2012-05-01 08:18 - 0014521 ____A C:\Users\Kelli\Documents\DUSTING.docx
2012-05-01 08:14 - 2012-01-24 12:07 - 0013046 ____A C:\Users\Kelli\Documents\CommissionJobs.xlsx
2012-05-01 07:12 - 2012-01-23 21:42 - 0000000 ____D C:\Users\Kelli\AppData\Local\Microsoft Help
2012-04-26 15:01 - 2012-01-24 08:56 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Adobe
2012-04-25 16:52 - 2012-01-24 11:23 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Apple Computer
2012-04-24 15:08 - 2012-04-24 15:08 - 0014678 ____A C:\Users\Kelli\Documents\Melissa4-24-12.docx
2012-04-24 15:07 - 2012-04-24 13:10 - 0015167 ____A C:\Users\Kelli\Documents\Rachel4-24-12.docx
2012-04-24 08:36 - 2012-04-24 08:36 - 8637220 ____A C:\Users\Kelli\Documents\Discipline4-12Booklet.pdf
2012-04-23 16:29 - 2012-04-23 16:29 - 0000000 ____D C:\Users\Kelli\Documents\OneNote Notebooks
2012-04-23 09:32 - 2012-04-23 09:32 - 3460096 ___RA C:\Windows\Installer\2f5117e.msp
2012-04-22 00:01 - 2012-03-17 08:14 - 0000000 ____D C:\Users\Kelli\AppData\Local\ElevatedDiagnostics
2012-04-20 08:46 - 2012-04-20 08:46 - 0000000 ____D C:\Users\Kelli\AppData\Local\{FB5C93BD-A9F6-4A22-9453-0588FA3B2292}
2012-04-20 08:46 - 2012-04-20 08:46 - 0000000 ____D C:\Users\Kelli\AppData\Local\{98EE28DA-8CF2-486F-A6C4-94023C179390}
2012-04-19 08:04 - 2012-04-19 08:04 - 2589194 ____A C:\Users\Kelli\Documents\preprayed_-_preparation_for_lifes_events.pdf
2012-04-18 16:20 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-18 16:15 - 2012-04-18 16:16 - 0127075 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-04-18 16:15 - 2012-04-18 16:16 - 0049262 ____A (Sun Microsystems, Inc.) C:\Windows\System32\jpicpl32.cpl
2012-04-18 16:15 - 2012-04-18 16:16 - 0049247 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-04-18 16:15 - 2012-04-18 16:16 - 0049245 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-04-18 16:15 - 2012-04-18 16:15 - 0000000 ____D C:\Program Files\Java
2012-04-18 16:15 - 2012-04-18 16:15 - 0000000 ____D C:\Program Files\Common Files\Java
2012-04-18 16:14 - 2012-01-24 12:07 - 0000000 ____D C:\Users\Kelli\Documents\Recipes
2012-04-18 16:13 - 2012-04-18 16:13 - 0180224 ____A C:\Windows\Installer\1f534acb.msi
2012-04-18 05:44 - 2012-04-18 05:44 - 0000000 ____D C:\Users\Bert\AppData\Local\{34D8B9A3-E87D-4E7F-B889-CD5DCBA2FFD2}
2012-04-18 05:44 - 2012-04-18 05:43 - 0000000 ____D C:\Users\Bert\AppData\Local\{FD8D3312-2C4C-46E1-9DF8-5C4B8FB67F4D}
2012-04-18 05:21 - 2012-04-18 05:21 - 0000000 ____D C:\Users\Bert\AppData\Local\{06317AFB-270A-4E42-B818-E7832C71DFBC}
2012-04-17 16:04 - 2012-01-24 14:54 - 0125312 ____A C:\Users\Rachel\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-17 14:48 - 2012-04-17 14:48 - 0000000 ____D C:\Windows\Installer\{6D172D0A-B9F1-4046-AFAB-8599288545BF}
2012-04-17 14:48 - 2012-04-17 14:47 - 0000000 ____D C:\Program Files\Safari
2012-04-17 14:47 - 2012-04-17 14:47 - 38234112 ____A C:\Windows\Installer\19d569b2.msi
2012-04-17 14:46 - 2012-04-17 14:46 - 0001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-17 14:46 - 2012-04-17 14:46 - 0000000 ____D C:\Windows\Installer\{23B8A91D-680B-462B-87AD-3D70F7341731}
2012-04-17 14:46 - 2012-04-17 14:45 - 0000000 ____D C:\Program Files\iTunes
2012-04-17 14:45 - 2012-04-17 14:45 - 0000000 ____D C:\Program Files\iPod
2012-04-17 14:45 - 2012-01-24 11:21 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-17 14:41 - 2012-04-17 14:41 - 48807936 ____A C:\Windows\Installer\19d569ab.msi
2012-04-17 14:41 - 2012-04-17 14:41 - 0000000 ____D C:\Windows\Installer\{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}
2012-04-17 14:39 - 2012-04-17 14:39 - 8854016 ____A C:\Windows\Installer\19d55df5.msi
2012-04-17 11:08 - 2012-03-27 12:38 - 0015283 ____A C:\Users\Kelli\Documents\Tasks-Projects.docx
2012-04-17 10:14 - 2012-01-24 11:54 - 0000000 ____D C:\Users\Kelli\Documents\My Kindle Content
2012-04-17 07:36 - 2012-04-17 07:36 - 0002193 ____A C:\Users\Kelli\Desktop\Kindle.lnk
2012-04-17 07:36 - 2012-04-17 07:35 - 0000000 ____D C:\Users\Kelli\AppData\Local\Amazon
2012-04-16 16:28 - 2012-04-13 08:33 - 0000000 ____D C:\Users\Kelli\Documents\TurboTax
2012-04-16 14:23 - 2012-04-16 14:23 - 0000000 ___AH C:\Users\Bert\Documents\Default.rdp
2012-04-16 14:10 - 2012-04-16 14:09 - 0000000 ____D C:\Users\Bert\AppData\Local\{B47D1E6B-BE54-4947-A904-CB439B1F2D7D}
2012-04-16 14:09 - 2012-04-16 14:09 - 0000000 ____D C:\Users\Bert\AppData\Local\{B06FBBA6-6644-413A-91B2-C59752B8B36E}
2012-04-16 07:39 - 2012-04-16 07:39 - 0000000 ____D C:\Users\Bert\AppData\Local\{71AD1DA3-2454-4BA1-A259-E89AB1F95C7A}
2012-04-16 07:39 - 2012-04-16 07:38 - 0000000 ____D C:\Users\Bert\AppData\Local\{ABD9A29E-C220-4B18-93BD-BC368B8170F4}
2012-04-15 12:40 - 2012-04-15 12:40 - 0000000 ____D C:\Windows\Installer\{E463E171-4082-4744-A466-F7CBE8502789}
2012-04-14 08:37 - 2012-01-24 12:07 - 0000000 ____D C:\Users\Kelli\Documents\Taxes
2012-04-13 17:06 - 2012-04-13 17:06 - 2211840 ___RA C:\Windows\Installer\f1b1f3f.msp
2012-04-13 14:57 - 2012-01-24 14:44 - 0125312 ____A C:\Users\Bert\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-13 10:09 - 2012-04-13 08:13 - 0000451 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-04-13 08:22 - 2012-01-23 22:42 - 0125312 ____A C:\Users\Kelli\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-13 08:14 - 2012-01-24 11:03 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Intuit
2012-04-13 08:12 - 2012-01-24 11:03 - 0000000 ____D C:\Users\All Users\Intuit
2012-04-13 08:12 - 2012-01-24 11:03 - 0000000 ____D C:\Program Files\Common Files\Intuit
2012-04-13 08:11 - 2012-04-13 08:11 - 0000000 ____D C:\Users\Kelli\AppData\Local\IsolatedStorage
2012-04-13 08:08 - 2012-04-13 08:08 - 0000000 ____D C:\Program Files\TurboTax
2012-04-11 16:33 - 2012-04-11 16:32 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\HTC
2012-04-11 02:03 - 2012-04-11 02:03 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-11 02:03 - 2012-04-11 02:03 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-10 11:40 - 2012-04-10 11:40 - 0000000 ____D C:\Users\Kelli\AppData\Local\{75F11810-E921-4137-BA71-F00A806772FF}
2012-04-10 11:40 - 2012-04-10 11:39 - 0000000 ____D C:\Users\Kelli\AppData\Local\{2035DF21-C19C-47F0-9C7F-EA98D78F0875}
2012-04-10 11:33 - 2012-01-24 11:23 - 0000000 ____D C:\Users\Kelli\AppData\Local\Apple Computer
2012-04-10 09:36 - 2012-02-27 19:26 - 0000000 ____D C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}
2012-04-10 03:23 - 2012-04-10 03:23 - 0000000 ____D C:\Users\Bert\AppData\Local\{D885F3C9-58B4-4957-A307-43D66F158382}
2012-04-10 03:23 - 2012-04-10 03:23 - 0000000 ____D C:\Users\Bert\AppData\Local\{392FC6D2-8C7E-45A9-AAAC-29E216478389}
2012-04-10 03:19 - 2012-04-10 03:19 - 0000000 ____D C:\Users\Bert\Documents\HP Photosmart Projects
2012-04-10 03:19 - 2012-04-10 03:19 - 0000000 ____D C:\Users\Bert\AppData\Local\HP
2012-04-10 03:18 - 2012-04-10 03:18 - 0000000 ____D C:\Users\Bert\AppData\Local\{86F57DD7-ECEF-40E1-BB1E-C2A7B87A655D}
2012-04-10 03:18 - 2012-04-10 03:17 - 0000000 ____D C:\Users\Bert\AppData\Local\{135B09CF-38EF-4F0E-9FB9-10CD32D98975}
2012-04-09 13:57 - 2012-04-09 13:57 - 0000000 ____D C:\Users\Bert\AppData\Local\{6CBC3199-22B5-4BDB-BBAE-28F4B6B6F364}
2012-04-09 11:36 - 2012-01-24 14:44 - 0000000 ____D C:\Users\Bert\AppData\Local\Adobe
2012-04-08 12:59 - 2012-04-08 12:59 - 0000000 ____D C:\Users\Kelli\AppData\Local\{F8F1C045-E329-464E-A846-6233D296F879}
2012-04-08 12:59 - 2012-04-08 12:58 - 0000000 ____D C:\Users\Kelli\AppData\Local\{779A8B7A-AC1B-467E-9DAA-E1B9AB5AFFA6}
2012-04-08 12:57 - 2012-04-08 12:57 - 0000000 ____D C:\Users\Kelli\AppData\Local\{A084B69D-36C1-485E-B4CB-5D046BD900DD}
2012-04-08 12:57 - 2012-04-08 12:56 - 0000000 ____D C:\Users\Kelli\AppData\Local\{6EB61738-BEA8-4434-B508-D9F848FCDFCD}
2012-04-08 12:39 - 2012-04-08 12:39 - 0000000 ____D C:\Users\Kelli\AppData\Local\{AD447047-CE44-475F-AADA-1C834506B7A4}
2012-04-08 12:39 - 2012-04-08 12:38 - 0000000 ____D C:\Users\Kelli\AppData\Local\{F78CFFE1-7CA2-4181-B398-7C49E4E588E3}
2012-04-07 21:45 - 2012-03-27 13:07 - 0000000 ____D C:\Users\Kelli\Documents\My Documents
2012-04-07 16:31 - 2012-04-07 16:31 - 0000000 ____D C:\Users\Kelli\AppData\Local\{E8A79DD7-D263-4503-9720-27ADC2871557}
2012-04-07 16:31 - 2012-04-07 16:31 - 0000000 ____D C:\Users\Kelli\AppData\Local\{56CDD2B0-A7DB-4FD3-8332-4FF69BB79B09}
2012-04-07 16:07 - 2012-04-07 16:07 - 0000000 ____D C:\Users\Kelli\AppData\Local\{52C08AC0-0C22-4F04-B9FC-47272F71713D}
2012-04-07 15:53 - 2012-04-07 15:53 - 0000000 ____D C:\Users\Kelli\AppData\Local\{18DA0F7B-0249-4AE7-9406-1B017AF6A95C}
2012-04-06 13:46 - 2012-04-06 13:46 - 0000000 ____D C:\Users\Bert\AppData\Local\Apps\2.0
2012-04-04 05:32 - 2012-04-04 05:32 - 16613376 ___RA C:\Windows\Installer\2884a8f2.msp
2012-04-04 05:17 - 2012-04-04 05:17 - 99008512 ___RA C:\Windows\Installer\64b1b.msp
2012-04-01 15:27 - 2012-04-01 15:27 - 3463168 ___RA C:\Windows\Installer\2c0af7be.msp
2012-03-30 20:39 - 2012-05-10 14:43 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 14:43 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-10 14:43 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 02:23 - 2012-05-10 14:43 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 19:40 - 2012-01-24 12:07 - 0000000 ____D C:\Users\Kelli\Documents\RV
2012-03-29 18:37 - 2012-03-29 18:37 - 0000000 ____D C:\Users\Bert\AppData\Roaming\HTC
2012-03-29 15:33 - 2012-01-23 20:46 - 0000000 ____D C:\users\Kelli
2012-03-29 15:02 - 2012-03-29 15:02 - 0014570 ____A C:\Users\Kelli\Documents\Rache3-28-12.docx
2012-03-29 14:55 - 2012-03-29 14:55 - 0014672 ____A C:\Users\Kelli\Documents\Melissa3-28-12.docx
2012-03-28 02:01 - 2012-03-28 02:01 - 0256194 ____A C:\Windows\msxml4-KB973685-enu.LOG
2012-03-28 02:01 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2012-03-27 14:57 - 2012-01-24 14:20 - 0000000 ____D C:\Program Files\PdaNet for Android
2012-03-27 13:07 - 2012-03-27 12:57 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\HTC
2012-03-27 13:05 - 2012-01-24 14:53 - 0000000 ____D C:\users\Rachel
2012-03-27 13:00 - 2012-03-27 13:00 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-03-27 12:56 - 2012-03-27 12:53 - 0000000 ____D C:\Program Files\HTC
2012-03-27 12:53 - 2012-03-27 12:53 - 1088512 ____A C:\Windows\Installer\44dacee.msi
2012-03-27 12:53 - 2012-03-27 12:53 - 0000000 ____D C:\Windows\Installer\{31A559C1-9E4D-423B-9DD3-34A6C5398752}
2012-03-27 12:53 - 2012-03-27 12:53 - 0000000 ____D C:\Program Files\Spirent Communications
2012-03-27 12:52 - 2012-03-27 12:52 - 2434048 ____A C:\Windows\Installer\44dace0.msi
2012-03-27 12:52 - 2012-01-24 14:00 - 0000000 ____D C:\Program Files\MSXML 4.0
2012-03-26 16:43 - 2012-03-26 16:43 - 0000000 ____D C:\Windows\Installer\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}
2012-03-26 16:43 - 2012-03-26 16:43 - 0000000 ____A C:\Windows\Installer\wix{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}.SchedServiceConfig.rmi
2012-03-26 16:42 - 2012-03-26 16:42 - 0000000 ____D C:\Windows\Installer\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}
2012-03-26 16:41 - 2012-03-26 16:41 - 9564672 ____A C:\Windows\Installer\16a1de91.msi
2012-03-26 16:41 - 2012-03-26 16:41 - 20396032 ____A C:\Windows\Installer\16a1de24.msi
2012-03-26 16:35 - 2012-03-26 16:35 - 6533120 ____A C:\Windows\Installer\81f19.msi
2012-03-26 16:29 - 2012-03-26 16:29 - 0000000 ____D C:\Users\Bert\AppData\Local\Apple
2012-03-26 13:14 - 2012-03-26 13:14 - 11147264 ____A C:\Windows\Installer\4458b1b.msi
2012-03-25 15:08 - 2011-02-14 12:08 - 0000000 ____D C:\Users\Bert\Documents\eBooks
2012-03-25 15:05 - 2012-01-24 14:44 - 0000000 ____D C:\Users\Bert\AppData\Roaming\Adobe
2012-03-25 15:04 - 2012-01-24 14:43 - 0000000 ____D C:\Users\Bert\AppData\LocalLow
2012-03-25 00:37 - 2012-03-25 00:37 - 0025600 ____A C:\Windows\Installer\e08e3da.msi
2012-03-24 18:54 - 2012-03-23 16:46 - 0298900 ____A C:\Users\Kelli\Documents\HomeDepotCarpetCleaner.pdf
2012-03-23 19:48 - 2012-03-23 19:47 - 0000000 ____D C:\Program Files\QuickTime
2012-03-23 19:47 - 2012-03-23 19:47 - 0000000 ____D C:\Windows\Installer\{7BE15435-2D3E-4B58-867F-9C75BED0208C}
2012-03-23 19:44 - 2012-01-23 20:46 - 0000000 ____D C:\Users\Kelli\AppData\LocalLow
2012-03-21 04:58 - 2012-03-21 04:58 - 0133120 ___RA C:\Windows\Installer\2c0af78e.msp
2012-03-21 04:57 - 2012-03-21 04:57 - 1591808 ___RA C:\Windows\Installer\2c0af786.msp
2012-03-20 19:44 - 2012-03-20 19:44 - 0171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 19:44 - 2012-03-20 19:44 - 0074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 14:16 - 2012-03-20 14:16 - 1830108 ____A C:\Users\Kelli\Documents\FlagPage-Bert.pdf
2012-03-20 12:50 - 2012-03-20 12:50 - 1773333 ____A C:\Users\Kelli\Documents\FlagPage-Kelli.pdf
2012-03-20 07:11 - 2012-01-24 12:09 - 0000000 ____D C:\Users\Kelli\Documents\Bert
2012-03-19 18:37 - 2012-03-19 18:37 - 5992448 ___RA C:\Windows\Installer\3e9394a.msp
2012-03-19 18:34 - 2012-03-19 18:34 - 8776192 ___RA C:\Windows\Installer\3e94286.msp
2012-03-18 13:49 - 2012-03-18 13:49 - 0000000 ____D C:\Users\Bert\AppData\Roaming\HP
2012-03-16 23:27 - 2012-05-10 14:43 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 08:59 - 2012-03-16 08:59 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Philipp Winterberg
2012-03-16 08:53 - 2012-03-16 08:53 - 0000000 ____D C:\Program Files\Free RAR Extract Frog
2012-03-15 12:12 - 2012-03-15 12:12 - 4968960 ___RA C:\Windows\Installer\2f51125.msp
2012-03-15 12:11 - 2012-03-15 12:11 - 66812928 ___RA C:\Windows\Installer\2f5110c.msp
2012-03-15 12:11 - 2012-03-15 12:11 - 1989632 ___RA C:\Windows\Installer\2f510f3.msp
2012-03-15 12:09 - 2012-03-15 12:09 - 17165312 ___RA C:\Windows\Installer\2f5115b.msp
2012-03-13 12:37 - 2012-03-13 12:37 - 0228711 ___AT C:\Users\Kelli\Documents\PES 6th grade.pdf
2012-03-12 10:13 - 2012-01-24 10:08 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-03-08 17:37 - 2012-03-08 17:37 - 0302448 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR
2012-03-08 17:32 - 2012-05-16 15:01 - 0039272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-03-07 14:03 - 2012-03-07 14:03 - 23710208 ___RA C:\Windows\Installer\2c0af7e5.msp
2012-03-07 14:01 - 2012-03-07 14:01 - 1907712 ___RA C:\Windows\Installer\2c0af7ef.msp

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3326.14 MB
Available physical RAM: 2858.32 MB
Total Pagefile: 3324.43 MB
Available Pagefile: 2860.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.69 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:8.02 GB) NTFS
3 Drive f: (LCS USB) (Removable) (Total:0.94 GB) (Free:0.6 GB) FAT
4 Drive g: (KELLI Storage-Backup) (Fixed) (Total:1863.01 GB) (Free:816.24 GB) NTFS
5 Drive h: (LACIE-LINFIELD) (Fixed) (Total:298.09 GB) (Free:37.3 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 0 B
Disk 1 Online 1927 MB 0 B
Disk 2 Online 1863 GB 0 B
Disk 3 Online 298 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 111 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1927 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G KELLI Stora NTFS Partition 1863 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

======================================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H LACIE-LINFI NTFS Partition 298 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-28 23:58

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   56.45KB   0 downloads


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:48 AM

Posted 05 June 2012 - 12:20 AM

I will need to consult these results with FRST developer. Will post back promptly.

How many hard drives are in the computer? Do you have a dual boot? (Any other Operating System installed?)

Edited by JSntgRvr, 05 June 2012 - 12:42 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:48 AM

Posted 05 June 2012 - 12:28 AM

Download the enclosed file:

Save it next to FRST. Insert the USB drive in the ailing computer and run FRST as you did before. This time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Edited by JSntgRvr, 05 June 2012 - 12:28 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:48 AM

Posted 05 June 2012 - 01:22 AM

After you have tried the above, please download the latest version of FRST as follows:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive, replacing your current copy.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

Edited by JSntgRvr, 05 June 2012 - 01:24 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 kesposito

kesposito
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 05 June 2012 - 09:33 AM

:thumbsup: I am so grateful for the help!

Here is the contents of the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-06-2012
Ran by SYSTEM at 2012-06-05 07:25:30 Run:1
Running from F:\

==============================================


========= Type C:\TDSSKiller.2.7.36.0_04.06.2012_13.31.27_log.txt =========

13:31:27.0464 2312 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:31:28.0010 2312 ============================================================
13:31:28.0010 2312 Current date / time: 2012/06/04 13:31:28.0010
13:31:28.0010 2312 SystemInfo:
13:31:28.0010 2312
13:31:28.0010 2312 OS Version: 6.1.7601 ServicePack: 1.0
13:31:28.0010 2312 Product type: Workstation
13:31:28.0010 2312 ComputerName: DELLM90
13:31:28.0010 2312 UserName: Kelli
13:31:28.0010 2312 Windows directory: C:\Windows
13:31:28.0010 2312 System windows directory: C:\Windows
13:31:28.0010 2312 Processor architecture: Intel x86
13:31:28.0010 2312 Number of processors: 2
13:31:28.0010 2312 Page size: 0x1000
13:31:28.0010 2312 Boot type: Normal boot
13:31:28.0010 2312 ============================================================
13:32:29.0596 2312 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:32:29.0643 2312 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:32:29.0643 2312 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:32:29.0643 2312 ============================================================
13:32:29.0643 2312 \Device\Harddisk0\DR0:
13:32:29.0689 2312 MBR partitions:
13:32:29.0689 2312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:32:29.0689 2312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
13:32:29.0689 2312 \Device\Harddisk1\DR1:
13:32:29.0689 2312 MBR partitions:
13:32:29.0689 2312 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
13:32:29.0689 2312 \Device\Harddisk2\DR2:
13:32:29.0689 2312 MBR partitions:
13:32:29.0689 2312 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
13:32:29.0689 2312 ============================================================
13:32:29.0923 2312 C: <-> \Device\Harddisk0\DR0\Partition1
13:32:29.0939 2312 E: <-> \Device\Harddisk2\DR2\Partition0
13:32:30.0345 2312 F: <-> \Device\Harddisk1\DR1\Partition0
13:32:30.0345 2312 ============================================================
13:32:30.0345 2312 Initialize success
13:32:30.0345 2312 ============================================================
13:32:35.0976 3004 ============================================================
13:32:35.0976 3004 Scan started
13:32:35.0976 3004 Mode: Manual;
13:32:35.0976 3004 ============================================================
13:32:42.0091 3004 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:32:42.0294 3004 1394ohci - ok
13:32:42.0497 3004 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
13:32:42.0544 3004 61883 - ok
13:32:43.0339 3004 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:32:43.0386 3004 ACPI - ok
13:32:43.0605 3004 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:32:46.0241 3004 AcpiPmi - ok
13:32:46.0725 3004 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:32:46.0756 3004 AdobeARMservice - ok
13:32:47.0364 3004 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

========= End of CMD: =========


==== End of Fixlog ====

After downloading the newer Farbar tool, here is the contents of the new FRST.txt log:


Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 06-06-2012
Ran by SYSTEM at 05-06-2012 07:28:07
Running from F:\
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13605408 2009-03-06] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-03-06] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [96800 2009-03-06] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Bert\...\Run: [Hudl Mercury] "C:\Program Files\Hudl Mercury\HudlMercury.exe" -startup [3373056 2012-01-05] (Agile Sports Technologies)
HKU\Kelli\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.64.12
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Bert\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Kelli\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Kelli\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kelli\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

================================ Services (Whitelisted) ==================

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 IntuitUpdateServiceV4; "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
2 KjsUpdateService2; "C:\Program Files\Common Files\AppLifeUpdateService2\kjsausvc.exe" [12800 2011-08-02] (Kinetic Jump Software, LLC)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 NVIDIA Performance Driver Service; "C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe" [3575808 2008-12-11] ()
2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
3 Avc; C:\Windows\System32\DRIVERS\avc.sys [40320 2009-07-13] (Microsoft Corporation)
3 b06bdrv; C:\Windows\system32\drivers\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation)
3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)
3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [62464 2010-11-20] (Microsoft Corporation)
3 ebdrv; C:\Windows\system32\drivers\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation)
3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [936960 2005-12-01] (Conexant Systems, Inc.)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows ® Win 7 DDK provider)
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 MSDV; C:\Windows\System32\DRIVERS\msdv.sys [52608 2009-07-13] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [74112 2012-03-20] (Microsoft Corporation)
3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.)
3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.)
3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27264 2010-11-20] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-13] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-04 19:11 - 2012-06-05 07:28 - 0000000 ____D C:\FRST
2012-06-04 12:31 - 2012-06-04 12:32 - 0007314 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_13.31.27_log.txt
2012-06-04 12:24 - 2012-06-04 12:28 - 0000000 ____D C:\Users\Kelli\Desktop\tdsskiller
2012-06-04 12:24 - 2012-06-04 12:22 - 2108959 ____A C:\Users\Kelli\Desktop\tdsskiller.zip
2012-06-04 12:18 - 2012-06-04 12:18 - 31849472 ____A C:\Windows\Installer\15b77.msi
2012-06-04 12:18 - 2012-06-04 12:18 - 0027499 ____A (Altiris) C:\Windows\Installer\MSI626D.tmp
2012-06-04 12:18 - 2012-06-04 12:18 - 0000000 ____D C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-06-04 12:18 - 2012-06-04 12:18 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-06-04 12:11 - 2012-06-04 12:09 - 0000458 ____A C:\script.zip
2012-06-04 12:11 - 2012-06-04 12:07 - 0725408 ____A (Enigma Software Group USA, LLC.) C:\SpyHunter-Installer.exe
2012-06-04 11:22 - 2012-06-04 11:16 - 0509440 ____A (iS3, Inc.) C:\SZSetupAV.exe
2012-06-04 11:07 - 2012-06-04 12:17 - 1374248 ____A C:\Windows\ntbtlog.txt
2012-06-04 10:30 - 2012-06-04 10:30 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-04 05:02 - 2012-06-04 05:02 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-03 09:37 - 2012-06-03 09:37 - 0000000 ____D C:\Users\Bert\AppData\Local\{6E8C2816-3640-4B88-A366-B3ED14DCCC21}
2012-06-03 09:36 - 2012-06-03 09:37 - 0000000 ____D C:\Users\Bert\AppData\Local\{744F6E65-FA48-4565-A6D4-03F4D52ED380}
2012-06-03 09:35 - 2012-06-03 09:35 - 0000000 ____D C:\Users\Bert\AppData\Local\{11980566-F5C2-4EF2-BFD7-E68573667423}
2012-06-03 09:34 - 2012-06-03 09:34 - 0000000 ____D C:\Users\Bert\AppData\Local\{305E955E-A341-4371-A703-6A7EC7848E9C}
2012-06-03 09:31 - 2012-06-03 09:52 - 0001297 ____A C:\Users\Public\Desktop\Hudl Video Editor.lnk
2012-06-03 09:31 - 2012-06-03 09:52 - 0000000 ____D C:\Program Files\AviSynth 2.5
2012-06-03 09:30 - 2012-06-03 16:46 - 0000000 ____D C:\Users\Bert\AppData\Local\Hudl Mercury Projects
2012-06-03 09:30 - 2012-06-03 09:32 - 0000000 ____D C:\Users\Bert\AppData\Roaming\Agile Sports Technologies
2012-06-03 09:30 - 2012-06-03 09:30 - 31181896 ____A (Agile Sports Technologies ) C:\Users\Bert\Downloads\HudlVideoEditor_1.29.10-setup.exe
2012-06-03 09:30 - 2012-06-03 09:30 - 0000000 ____D C:\Program Files\Agile Sports Technologies
2012-06-03 09:29 - 2012-06-03 09:52 - 0000000 ____D C:\Program Files\ffdshow
2012-06-03 09:29 - 2012-06-03 09:29 - 0000000 ____D C:\Program Files\Common Files\AppLifeUpdateService2
2012-06-03 09:29 - 2010-12-21 22:41 - 0080896 ____A C:\Windows\System32\ff_vfw.dll
2012-06-03 09:28 - 2012-06-03 09:28 - 0000000 ____D C:\Program Files\Hudl Mercury
2012-06-03 09:21 - 2012-06-03 09:22 - 14986128 ____A (Agile Sports Technologies, Inc. ) C:\Users\Bert\Downloads\HudlMercury_1.2.2-setup.exe
2012-06-03 09:21 - 2012-06-03 09:21 - 0000000 ____D C:\Users\Bert\AppData\Local\{4B96D6F3-FDAB-4900-84D4-3D212336D578}
2012-06-02 18:30 - 2012-06-02 18:31 - 0000000 ____D C:\Users\Melissa\AppData\Local\Htc
2012-06-02 18:29 - 2012-06-02 18:31 - 0000000 ____D C:\Users\Melissa\AppData\Roaming\HTC
2012-05-30 09:40 - 2012-05-30 09:40 - 0242176 ____A C:\Users\Rachel\Documents\7thGradeYearEndPoolParty.pub
2012-05-23 17:01 - 2012-05-23 17:01 - 0017821 ____A C:\Users\Rachel\Desktop\Rachel.docx
2012-05-23 06:21 - 2012-05-23 06:21 - 0001040 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-05-23 06:21 - 2012-05-23 06:21 - 0000000 ____D C:\Windows\Installer\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}
2012-05-23 06:16 - 2012-05-23 06:16 - 30331684 ____A C:\Windows\Installer\3619ccc.msi
2012-05-23 06:15 - 2012-05-23 06:15 - 15234048 ____A C:\Windows\Installer\361982c.msi
2012-05-23 06:15 - 2012-05-23 06:15 - 0032256 ____A C:\Windows\Installer\361980e.msi
2012-05-22 20:18 - 2012-05-22 20:24 - 10328064 ____A C:\Users\Rachel\Desktop\CLASSIFIED.pub
2012-05-22 14:11 - 2012-05-22 14:11 - 0015127 ____A C:\Users\Kelli\Documents\Rachel5-22-12.docx
2012-05-21 19:34 - 2012-05-21 19:41 - 0000000 ____D C:\Users\Kelli\Documents\Fax
2012-05-21 19:34 - 2012-05-21 19:34 - 0000000 ___RD C:\Users\Kelli\Documents\Scanned Documents
2012-05-20 15:49 - 2012-05-20 16:01 - 0000000 ____D C:\Users\Kelli\Documents\Microsoft Office 2010 Download
2012-05-19 12:27 - 2012-05-19 12:27 - 0000000 ____D C:\Users\Kelli\AppData\Local\{47C723D1-69DB-4028-9BE9-7F7AE3811C61}
2012-05-19 12:26 - 2012-05-19 12:27 - 0000000 ____D C:\Users\Kelli\AppData\Local\{8D397F3F-8B36-4EDF-AC07-D2165EFE1E52}
2012-05-16 15:01 - 2012-05-16 15:01 - 0000000 ____D C:\Windows\Installer\{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}
2012-05-16 15:01 - 2012-05-16 15:01 - 0000000 ____A C:\Windows\Installer\wix{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}.SchedServiceConfig.rmi
2012-05-16 15:01 - 2012-03-08 17:32 - 0039272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-05-16 14:49 - 2012-05-16 14:49 - 8979968 ____A C:\Windows\Installer\1ae2c275.msi
2012-05-16 14:49 - 2012-05-16 14:49 - 4426240 ___RA C:\Windows\Installer\1ae2c1b9.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 3734016 ___RA C:\Windows\Installer\1ae2c266.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 3312128 ___RA C:\Windows\Installer\1ae2c21e.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 2932224 ___RA C:\Windows\Installer\1ae2c1d2.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 2146304 ___RA C:\Windows\Installer\1ae2c2bf.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 14624256 ___RA C:\Windows\Installer\1ae2c255.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 1139712 ___RA C:\Windows\Installer\1ae2c1ed.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0715264 ___RA C:\Windows\Installer\1ae2c1fa.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0625664 ___RA C:\Windows\Installer\1ae2c29f.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0468480 ___RA C:\Windows\Installer\1ae2c2ae.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0136704 ___RA C:\Windows\Installer\1ae2c1dc.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0065536 ____A C:\Windows\Installer\1ae2c2d0.msi
2012-05-16 14:49 - 2012-05-16 14:49 - 0060416 ___RA C:\Windows\Installer\1ae2c2ca.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0029184 ___RA C:\Windows\Installer\1ae2c291.msp
2012-05-16 14:47 - 2012-05-16 14:47 - 0000000 ____D C:\Users\Kelli\AppData\Local\{801644B6-343E-41F8-AC2E-60E881D2EF3D}
2012-05-16 14:47 - 2012-05-16 14:47 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1115B90A-4CF3-44AF-AB04-ABB3D78C0223}
2012-05-16 14:36 - 2012-05-16 14:36 - 0000000 ____D C:\Users\Kelli\AppData\Local\{5D7F7C64-5A96-4799-B1C0-5F1D27F29F88}
2012-05-16 14:35 - 2012-05-16 14:36 - 0000000 ____D C:\Users\Kelli\AppData\Local\{0F18DFBA-A87C-4917-8748-82A41B647DDB}
2012-05-16 14:34 - 2012-05-16 14:34 - 0000000 ____D C:\Users\Kelli\AppData\Local\{8AECE474-C474-4A94-AE55-9C99B52E504B}
2012-05-16 14:33 - 2012-05-16 14:34 - 0000000 ____D C:\Users\Kelli\AppData\Local\{A3E81AE0-9950-4ACB-80D2-A83257B98DC1}
2012-05-16 14:22 - 2012-05-16 14:22 - 0000000 ____D C:\Users\Kelli\AppData\Local\{9AA56D47-A443-4EDC-B58A-4E0E249E8069}
2012-05-16 14:22 - 2012-05-16 14:22 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7697EE3C-E1AC-4802-84F7-E307AA6836C5}
2012-05-16 14:21 - 2012-05-16 14:21 - 0000000 ____D C:\Users\Kelli\AppData\Local\{B2C21F45-E9B6-4A73-BDAC-A14AF54D452E}
2012-05-16 14:20 - 2012-05-16 14:21 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1E93C5EE-4B37-480B-8F9B-7AAE1BE533C4}
2012-05-16 14:19 - 2012-05-16 14:19 - 0000000 ____D C:\Users\Kelli\AppData\Local\{2E216F8F-FA4A-4671-8980-C5C5A90A523A}
2012-05-16 14:18 - 2012-05-16 14:19 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7F54632B-40F2-4142-9C9A-0BB8A2E85D27}
2012-05-16 14:15 - 2012-05-16 14:15 - 0000000 ____D C:\Users\Kelli\AppData\Local\{99558411-43F0-47C4-9763-9E466B92A8F7}
2012-05-16 14:15 - 2012-05-16 14:15 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1BD4802C-49A6-47F4-B9DA-3937BCBA4879}
2012-05-13 08:51 - 2012-05-13 08:51 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\HP
2012-05-11 15:18 - 2012-05-11 15:18 - 0000000 ____D C:\Users\Kelli\AppData\Local\{C15E797E-7449-40FD-9008-CAEC5DF624D7}
2012-05-11 15:17 - 2012-05-11 15:18 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7ADB05BE-88D9-43FC-8302-662BF61E0D6B}
2012-05-11 15:09 - 2012-05-11 15:09 - 0000000 ____D C:\Users\Kelli\AppData\Local\{85DE1CE0-BA61-4DB7-BD08-DBB19E64BABE}
2012-05-11 15:08 - 2012-05-11 15:09 - 0000000 ____D C:\Users\Kelli\AppData\Local\{FF690BA9-1FDB-41FA-AB85-295562FB3F61}
2012-05-11 02:01 - 2012-05-11 02:01 - 20343808 ___RA C:\Windows\Installer\2f510dc.msp
2012-05-10 14:43 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 14:43 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 14:43 - 2012-03-30 18:36 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 14:43 - 2012-03-30 02:23 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 14:43 - 2012-03-16 23:27 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 14:43 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 06:37 - 2012-05-09 06:37 - 0000000 ____D C:\Windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
2012-05-09 06:37 - 2012-05-09 06:37 - 0000000 ____D C:\Program Files\Hewlett-Packard

============ 3 Months Modified Files and Folders ===============

2012-06-05 07:28 - 2012-06-04 19:11 - 0000000 ____D C:\FRST
2012-06-04 13:36 - 2012-03-27 12:58 - 0000000 ____D C:\Users\Kelli\AppData\Local\Htc
2012-06-04 13:35 - 2012-02-27 19:27 - 0000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-04 13:35 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-04 13:35 - 2009-07-13 20:39 - 0044180 ____A C:\Windows\setupact.log
2012-06-04 13:34 - 2012-01-23 20:13 - 2615783424 __ASH C:\hiberfil.sys
2012-06-04 13:28 - 2009-07-13 20:34 - 0006144 _____ C:\Windows\System32\umstartup.etl
2012-06-04 13:06 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-06-04 12:42 - 2012-02-27 19:27 - 0000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-04 12:32 - 2012-06-04 12:31 - 0007314 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_13.31.27_log.txt
2012-06-04 12:28 - 2012-06-04 12:24 - 0000000 ____D C:\Users\Kelli\Desktop\tdsskiller
2012-06-04 12:25 - 2012-01-24 11:52 - 0000000 ____D C:\Users\Kelli\Documents\Outlook Files
2012-06-04 12:22 - 2012-06-04 12:24 - 2108959 ____A C:\Users\Kelli\Desktop\tdsskiller.zip
2012-06-04 12:18 - 2012-06-04 12:18 - 31849472 ____A C:\Windows\Installer\15b77.msi
2012-06-04 12:18 - 2012-06-04 12:18 - 0027499 ____A (Altiris) C:\Windows\Installer\MSI626D.tmp
2012-06-04 12:18 - 2012-06-04 12:18 - 0000000 ____D C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-06-04 12:18 - 2012-06-04 12:18 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-06-04 12:17 - 2012-06-04 11:07 - 1374248 ____A C:\Windows\ntbtlog.txt
2012-06-04 12:09 - 2012-06-04 12:11 - 0000458 ____A C:\script.zip
2012-06-04 12:07 - 2012-06-04 12:11 - 0725408 ____A (Enigma Software Group USA, LLC.) C:\SpyHunter-Installer.exe
2012-06-04 11:16 - 2012-06-04 11:22 - 0509440 ____A (iS3, Inc.) C:\SZSetupAV.exe
2012-06-04 10:48 - 2012-01-23 20:16 - 1231868 ____A C:\Windows\WindowsUpdate.log
2012-06-04 10:38 - 2012-01-24 10:11 - 0000000 ___HD C:\Config.Msi
2012-06-04 10:38 - 2010-11-20 13:48 - 0032376 ____A C:\Windows\PFRO.log
2012-06-04 10:34 - 2012-03-27 13:07 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Outlook
2012-06-04 10:30 - 2012-06-04 10:30 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-04 10:30 - 2012-05-01 02:03 - 0000000 ____D C:\Windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}
2012-06-04 10:30 - 2012-01-23 22:42 - 0001945 ____A C:\Windows\epplauncher.mif
2012-06-04 10:30 - 2010-11-20 13:01 - 0796052 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-04 10:23 - 2009-07-13 20:34 - 0022016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-04 10:23 - 2009-07-13 20:34 - 0022016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-04 09:53 - 2012-01-24 16:45 - 0000000 ____D C:\Users\Bert\Documents\Outlook Files
2012-06-04 05:02 - 2012-06-04 05:02 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-04 02:44 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-06-03 16:46 - 2012-06-03 09:30 - 0000000 ____D C:\Users\Bert\AppData\Local\Hudl Mercury Projects
2012-06-03 16:43 - 2012-01-24 14:54 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\Adobe
2012-06-03 16:43 - 2012-01-24 14:54 - 0000000 ____D C:\Users\Rachel\AppData\Local\Adobe
2012-06-03 16:38 - 2012-01-24 14:43 - 0000000 ____D C:\Users\Bert\AppData\Local\VirtualStore
2012-06-03 09:52 - 2012-06-03 09:31 - 0001297 ____A C:\Users\Public\Desktop\Hudl Video Editor.lnk
2012-06-03 09:52 - 2012-06-03 09:31 - 0000000 ____D C:\Program Files\AviSynth 2.5
2012-06-03 09:52 - 2012-06-03 09:29 - 0000000 ____D C:\Program Files\ffdshow
2012-06-03 09:37 - 2012-06-03 09:37 - 0000000 ____D C:\Users\Bert\AppData\Local\{6E8C2816-3640-4B88-A366-B3ED14DCCC21}
2012-06-03 09:37 - 2012-06-03 09:36 - 0000000 ____D C:\Users\Bert\AppData\Local\{744F6E65-FA48-4565-A6D4-03F4D52ED380}
2012-06-03 09:37 - 2012-04-09 13:57 - 0000000 ____D C:\Users\Bert\AppData\Local\Windows Live
2012-06-03 09:35 - 2012-06-03 09:35 - 0000000 ____D C:\Users\Bert\AppData\Local\{11980566-F5C2-4EF2-BFD7-E68573667423}
2012-06-03 09:34 - 2012-06-03 09:34 - 0000000 ____D C:\Users\Bert\AppData\Local\{305E955E-A341-4371-A703-6A7EC7848E9C}
2012-06-03 09:32 - 2012-06-03 09:30 - 0000000 ____D C:\Users\Bert\AppData\Roaming\Agile Sports Technologies
2012-06-03 09:30 - 2012-06-03 09:30 - 31181896 ____A (Agile Sports Technologies ) C:\Users\Bert\Downloads\HudlVideoEditor_1.29.10-setup.exe
2012-06-03 09:30 - 2012-06-03 09:30 - 0000000 ____D C:\Program Files\Agile Sports Technologies
2012-06-03 09:29 - 2012-06-03 09:29 - 0000000 ____D C:\Program Files\Common Files\AppLifeUpdateService2
2012-06-03 09:28 - 2012-06-03 09:28 - 0000000 ____D C:\Program Files\Hudl Mercury
2012-06-03 09:22 - 2012-06-03 09:21 - 14986128 ____A (Agile Sports Technologies, Inc. ) C:\Users\Bert\Downloads\HudlMercury_1.2.2-setup.exe
2012-06-03 09:21 - 2012-06-03 09:21 - 0000000 ____D C:\Users\Bert\AppData\Local\{4B96D6F3-FDAB-4900-84D4-3D212336D578}
2012-06-02 18:31 - 2012-06-02 18:30 - 0000000 ____D C:\Users\Melissa\AppData\Local\Htc
2012-06-02 18:31 - 2012-06-02 18:29 - 0000000 ____D C:\Users\Melissa\AppData\Roaming\HTC
2012-06-02 18:29 - 2012-01-24 13:40 - 0125312 ____A C:\Users\Melissa\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-02 04:52 - 2012-03-29 18:37 - 0000000 ____D C:\Users\Bert\AppData\Local\Htc
2012-05-30 09:40 - 2012-05-30 09:40 - 0242176 ____A C:\Users\Rachel\Documents\7thGradeYearEndPoolParty.pub
2012-05-30 06:45 - 2012-04-11 16:33 - 0000000 ____D C:\Users\Rachel\AppData\Local\Htc
2012-05-26 13:36 - 2012-01-24 12:10 - 0000000 ____D C:\Users\Kelli\Documents\Excel
2012-05-24 10:58 - 2012-01-24 12:05 - 0000000 ____D C:\Users\Kelli\Documents\Quicken
2012-05-23 17:01 - 2012-05-23 17:01 - 0017821 ____A C:\Users\Rachel\Desktop\Rachel.docx
2012-05-23 06:21 - 2012-05-23 06:21 - 0001040 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-05-23 06:21 - 2012-05-23 06:21 - 0000000 ____D C:\Windows\Installer\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}
2012-05-23 06:20 - 2012-03-27 12:54 - 0000000 ____D C:\Users\Kelli\AppData\Local\Downloaded Installations
2012-05-23 06:19 - 2012-05-04 15:21 - 0000000 ____D C:\Users\Kelli\Documents\2012 Re-Fi Documents
2012-05-23 06:16 - 2012-05-23 06:16 - 30331684 ____A C:\Windows\Installer\3619ccc.msi
2012-05-23 06:15 - 2012-05-23 06:15 - 15234048 ____A C:\Windows\Installer\361982c.msi
2012-05-23 06:15 - 2012-05-23 06:15 - 0032256 ____A C:\Windows\Installer\361980e.msi
2012-05-23 06:15 - 2012-03-27 12:54 - 0033516 ____A C:\Windows\DPINST.LOG
2012-05-23 06:15 - 2012-03-27 12:54 - 0000000 ____D C:\Windows\Installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F}
2012-05-23 06:15 - 2012-01-24 09:07 - 0000000 ____D C:\Program Files\Common Files\Adobe AIR
2012-05-22 20:24 - 2012-05-22 20:18 - 10328064 ____A C:\Users\Rachel\Desktop\CLASSIFIED.pub
2012-05-22 19:54 - 2012-01-24 14:53 - 0000000 ____D C:\Users\Rachel\AppData\LocalLow
2012-05-22 14:14 - 2012-01-24 12:07 - 0054784 ____A C:\Users\Kelli\Documents\COSTCO SHOPPING LIST.doc
2012-05-22 14:11 - 2012-05-22 14:11 - 0015127 ____A C:\Users\Kelli\Documents\Rachel5-22-12.docx
2012-05-21 20:20 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-05-21 19:41 - 2012-05-21 19:34 - 0000000 ____D C:\Users\Kelli\Documents\Fax
2012-05-21 19:34 - 2012-05-21 19:34 - 0000000 ___RD C:\Users\Kelli\Documents\Scanned Documents
2012-05-21 19:34 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\ModemLogs
2012-05-21 18:55 - 2012-01-24 16:15 - 0001456 ____A C:\Users\Kelli\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-05-20 16:01 - 2012-05-20 15:49 - 0000000 ____D C:\Users\Kelli\Documents\Microsoft Office 2010 Download
2012-05-20 15:39 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-05-20 00:27 - 2012-03-18 14:30 - 0000000 ____D C:\Users\Bert\AppData\Local\ElevatedDiagnostics
2012-05-19 12:27 - 2012-05-19 12:27 - 0000000 ____D C:\Users\Kelli\AppData\Local\{47C723D1-69DB-4028-9BE9-7F7AE3811C61}
2012-05-19 12:27 - 2012-05-19 12:26 - 0000000 ____D C:\Users\Kelli\AppData\Local\{8D397F3F-8B36-4EDF-AC07-D2165EFE1E52}
2012-05-19 12:27 - 2012-01-25 21:34 - 0000000 ____D C:\Users\Kelli\AppData\Local\Windows Live
2012-05-16 15:01 - 2012-05-16 15:01 - 0000000 ____D C:\Windows\Installer\{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}
2012-05-16 15:01 - 2012-05-16 15:01 - 0000000 ____A C:\Windows\Installer\wix{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}.SchedServiceConfig.rmi
2012-05-16 14:58 - 2012-01-25 21:39 - 0000000 ____D C:\Program Files\Windows Live
2012-05-16 14:49 - 2012-05-16 14:49 - 8979968 ____A C:\Windows\Installer\1ae2c275.msi
2012-05-16 14:49 - 2012-05-16 14:49 - 4426240 ___RA C:\Windows\Installer\1ae2c1b9.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 3734016 ___RA C:\Windows\Installer\1ae2c266.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 3312128 ___RA C:\Windows\Installer\1ae2c21e.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 2932224 ___RA C:\Windows\Installer\1ae2c1d2.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 2146304 ___RA C:\Windows\Installer\1ae2c2bf.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 14624256 ___RA C:\Windows\Installer\1ae2c255.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 1139712 ___RA C:\Windows\Installer\1ae2c1ed.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0715264 ___RA C:\Windows\Installer\1ae2c1fa.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0625664 ___RA C:\Windows\Installer\1ae2c29f.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0468480 ___RA C:\Windows\Installer\1ae2c2ae.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0136704 ___RA C:\Windows\Installer\1ae2c1dc.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0065536 ____A C:\Windows\Installer\1ae2c2d0.msi
2012-05-16 14:49 - 2012-05-16 14:49 - 0060416 ___RA C:\Windows\Installer\1ae2c2ca.msp
2012-05-16 14:49 - 2012-05-16 14:49 - 0029184 ___RA C:\Windows\Installer\1ae2c291.msp
2012-05-16 14:47 - 2012-05-16 14:47 - 0000000 ____D C:\Users\Kelli\AppData\Local\{801644B6-343E-41F8-AC2E-60E881D2EF3D}
2012-05-16 14:47 - 2012-05-16 14:47 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1115B90A-4CF3-44AF-AB04-ABB3D78C0223}
2012-05-16 14:36 - 2012-05-16 14:36 - 0000000 ____D C:\Users\Kelli\AppData\Local\{5D7F7C64-5A96-4799-B1C0-5F1D27F29F88}
2012-05-16 14:36 - 2012-05-16 14:35 - 0000000 ____D C:\Users\Kelli\AppData\Local\{0F18DFBA-A87C-4917-8748-82A41B647DDB}
2012-05-16 14:34 - 2012-05-16 14:34 - 0000000 ____D C:\Users\Kelli\AppData\Local\{8AECE474-C474-4A94-AE55-9C99B52E504B}
2012-05-16 14:34 - 2012-05-16 14:33 - 0000000 ____D C:\Users\Kelli\AppData\Local\{A3E81AE0-9950-4ACB-80D2-A83257B98DC1}
2012-05-16 14:22 - 2012-05-16 14:22 - 0000000 ____D C:\Users\Kelli\AppData\Local\{9AA56D47-A443-4EDC-B58A-4E0E249E8069}
2012-05-16 14:22 - 2012-05-16 14:22 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7697EE3C-E1AC-4802-84F7-E307AA6836C5}
2012-05-16 14:21 - 2012-05-16 14:21 - 0000000 ____D C:\Users\Kelli\AppData\Local\{B2C21F45-E9B6-4A73-BDAC-A14AF54D452E}
2012-05-16 14:21 - 2012-05-16 14:20 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1E93C5EE-4B37-480B-8F9B-7AAE1BE533C4}
2012-05-16 14:19 - 2012-05-16 14:19 - 0000000 ____D C:\Users\Kelli\AppData\Local\{2E216F8F-FA4A-4671-8980-C5C5A90A523A}
2012-05-16 14:19 - 2012-05-16 14:18 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7F54632B-40F2-4142-9C9A-0BB8A2E85D27}
2012-05-16 14:15 - 2012-05-16 14:15 - 0000000 ____D C:\Users\Kelli\AppData\Local\{99558411-43F0-47C4-9763-9E466B92A8F7}
2012-05-16 14:15 - 2012-05-16 14:15 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1BD4802C-49A6-47F4-B9DA-3937BCBA4879}
2012-05-15 18:44 - 2012-02-21 15:48 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\HpUpdate
2012-05-15 13:41 - 2012-01-24 12:10 - 0000000 ____D C:\Users\Kelli\Documents\Credit Reports
2012-05-13 08:51 - 2012-05-13 08:51 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\HP
2012-05-11 15:18 - 2012-05-11 15:18 - 0000000 ____D C:\Users\Kelli\AppData\Local\{C15E797E-7449-40FD-9008-CAEC5DF624D7}
2012-05-11 15:18 - 2012-05-11 15:17 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7ADB05BE-88D9-43FC-8302-662BF61E0D6B}
2012-05-11 15:09 - 2012-05-11 15:09 - 0000000 ____D C:\Users\Kelli\AppData\Local\{85DE1CE0-BA61-4DB7-BD08-DBB19E64BABE}
2012-05-11 15:09 - 2012-05-11 15:08 - 0000000 ____D C:\Users\Kelli\AppData\Local\{FF690BA9-1FDB-41FA-AB85-295562FB3F61}
2012-05-11 02:48 - 2009-07-13 20:33 - 3811432 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 02:45 - 2012-01-23 22:36 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 02:43 - 2010-11-20 16:23 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-11 02:27 - 2012-01-23 21:45 - 0000000 ____D C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}
2012-05-11 02:27 - 2012-01-23 21:42 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 02:19 - 2012-01-23 22:41 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 02:02 - 2012-01-23 22:36 - 0000000 ____D C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
2012-05-11 02:01 - 2012-05-11 02:01 - 20343808 ___RA C:\Windows\Installer\2f510dc.msp
2012-05-09 06:37 - 2012-05-09 06:37 - 0000000 ____D C:\Windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
2012-05-09 06:37 - 2012-05-09 06:37 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-05-08 18:11 - 2012-01-24 11:51 - 0000000 ____D C:\Users\Kelli\Documents\MY ARTWORK
2012-05-08 16:12 - 2012-01-24 16:48 - 0000000 ____D C:\Users\Bert\Documents\Personal
2012-05-04 20:07 - 2012-05-04 20:01 - 0000000 ____D C:\Users\Kelli\Documents\My Scans
2012-05-04 16:31 - 2012-05-04 16:28 - 0210551 ____A C:\Windows\hpoins21.dat
2012-05-04 16:31 - 2012-01-24 10:09 - 0004527 ____A C:\Users\All Users\hpzinstall.log
2012-05-04 16:31 - 2009-07-13 18:04 - 0000513 ____A C:\Windows\win.ini
2012-05-04 16:30 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\twain_32
2012-05-04 15:43 - 2012-01-24 10:00 - 0000000 ____D C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000005}
2012-05-04 15:31 - 2012-01-24 10:10 - 0000000 ____D C:\Program Files\HP
2012-05-04 15:22 - 2012-05-04 15:25 - 0211006 ____N C:\Windows\hpoins21.dat.temp
2012-05-04 15:08 - 2012-05-04 15:04 - 0043008 ____A C:\Users\Kelli\Documents\ClearConceptsFax.doc
2012-05-04 13:04 - 2012-05-04 13:04 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-04 13:04 - 2012-01-24 08:55 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-03 08:30 - 2012-01-24 11:03 - 0000000 ____D C:\Program Files\Quicken
2012-05-01 11:22 - 2012-05-01 11:22 - 0417700 ____A C:\Users\Kelli\Documents\DISC-Kelli_Esposito.pdf
2012-05-01 11:20 - 2012-05-01 11:20 - 0776797 ____A C:\Users\Kelli\Documents\Values-Kelli_Esposito.pdf
2012-05-01 11:05 - 2012-05-01 11:05 - 0060946 ____A C:\Users\Kelli\Documents\SpiritualGiftsResults.pdf
2012-05-01 08:18 - 2012-05-01 08:18 - 0014521 ____A C:\Users\Kelli\Documents\DUSTING.docx
2012-05-01 08:14 - 2012-01-24 12:07 - 0013046 ____A C:\Users\Kelli\Documents\CommissionJobs.xlsx
2012-05-01 07:12 - 2012-01-23 21:42 - 0000000 ____D C:\Users\Kelli\AppData\Local\Microsoft Help
2012-04-26 15:01 - 2012-01-24 08:56 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Adobe
2012-04-25 16:52 - 2012-01-24 11:23 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Apple Computer
2012-04-24 15:08 - 2012-04-24 15:08 - 0014678 ____A C:\Users\Kelli\Documents\Melissa4-24-12.docx
2012-04-24 15:07 - 2012-04-24 13:10 - 0015167 ____A C:\Users\Kelli\Documents\Rachel4-24-12.docx
2012-04-24 08:36 - 2012-04-24 08:36 - 8637220 ____A C:\Users\Kelli\Documents\Discipline4-12Booklet.pdf
2012-04-23 16:29 - 2012-04-23 16:29 - 0000000 ____D C:\Users\Kelli\Documents\OneNote Notebooks
2012-04-23 09:32 - 2012-04-23 09:32 - 3460096 ___RA C:\Windows\Installer\2f5117e.msp
2012-04-22 00:01 - 2012-03-17 08:14 - 0000000 ____D C:\Users\Kelli\AppData\Local\ElevatedDiagnostics
2012-04-20 08:46 - 2012-04-20 08:46 - 0000000 ____D C:\Users\Kelli\AppData\Local\{FB5C93BD-A9F6-4A22-9453-0588FA3B2292}
2012-04-20 08:46 - 2012-04-20 08:46 - 0000000 ____D C:\Users\Kelli\AppData\Local\{98EE28DA-8CF2-486F-A6C4-94023C179390}
2012-04-19 08:04 - 2012-04-19 08:04 - 2589194 ____A C:\Users\Kelli\Documents\preprayed_-_preparation_for_lifes_events.pdf
2012-04-18 16:20 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-18 16:15 - 2012-04-18 16:16 - 0127075 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-04-18 16:15 - 2012-04-18 16:16 - 0049262 ____A (Sun Microsystems, Inc.) C:\Windows\System32\jpicpl32.cpl
2012-04-18 16:15 - 2012-04-18 16:16 - 0049247 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-04-18 16:15 - 2012-04-18 16:16 - 0049245 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-04-18 16:15 - 2012-04-18 16:15 - 0000000 ____D C:\Program Files\Java
2012-04-18 16:15 - 2012-04-18 16:15 - 0000000 ____D C:\Program Files\Common Files\Java
2012-04-18 16:14 - 2012-01-24 12:07 - 0000000 ____D C:\Users\Kelli\Documents\Recipes
2012-04-18 16:13 - 2012-04-18 16:13 - 0180224 ____A C:\Windows\Installer\1f534acb.msi
2012-04-18 05:44 - 2012-04-18 05:44 - 0000000 ____D C:\Users\Bert\AppData\Local\{34D8B9A3-E87D-4E7F-B889-CD5DCBA2FFD2}
2012-04-18 05:44 - 2012-04-18 05:43 - 0000000 ____D C:\Users\Bert\AppData\Local\{FD8D3312-2C4C-46E1-9DF8-5C4B8FB67F4D}
2012-04-18 05:21 - 2012-04-18 05:21 - 0000000 ____D C:\Users\Bert\AppData\Local\{06317AFB-270A-4E42-B818-E7832C71DFBC}
2012-04-17 16:04 - 2012-01-24 14:54 - 0125312 ____A C:\Users\Rachel\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-17 14:48 - 2012-04-17 14:48 - 0000000 ____D C:\Windows\Installer\{6D172D0A-B9F1-4046-AFAB-8599288545BF}
2012-04-17 14:48 - 2012-04-17 14:47 - 0000000 ____D C:\Program Files\Safari
2012-04-17 14:47 - 2012-04-17 14:47 - 38234112 ____A C:\Windows\Installer\19d569b2.msi
2012-04-17 14:46 - 2012-04-17 14:46 - 0001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-17 14:46 - 2012-04-17 14:46 - 0000000 ____D C:\Windows\Installer\{23B8A91D-680B-462B-87AD-3D70F7341731}
2012-04-17 14:46 - 2012-04-17 14:45 - 0000000 ____D C:\Program Files\iTunes
2012-04-17 14:45 - 2012-04-17 14:45 - 0000000 ____D C:\Program Files\iPod
2012-04-17 14:45 - 2012-01-24 11:21 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-17 14:41 - 2012-04-17 14:41 - 48807936 ____A C:\Windows\Installer\19d569ab.msi
2012-04-17 14:41 - 2012-04-17 14:41 - 0000000 ____D C:\Windows\Installer\{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}
2012-04-17 14:39 - 2012-04-17 14:39 - 8854016 ____A C:\Windows\Installer\19d55df5.msi
2012-04-17 11:08 - 2012-03-27 12:38 - 0015283 ____A C:\Users\Kelli\Documents\Tasks-Projects.docx
2012-04-17 10:14 - 2012-01-24 11:54 - 0000000 ____D C:\Users\Kelli\Documents\My Kindle Content
2012-04-17 07:36 - 2012-04-17 07:36 - 0002193 ____A C:\Users\Kelli\Desktop\Kindle.lnk
2012-04-17 07:36 - 2012-04-17 07:35 - 0000000 ____D C:\Users\Kelli\AppData\Local\Amazon
2012-04-16 16:28 - 2012-04-13 08:33 - 0000000 ____D C:\Users\Kelli\Documents\TurboTax
2012-04-16 14:23 - 2012-04-16 14:23 - 0000000 ___AH C:\Users\Bert\Documents\Default.rdp
2012-04-16 14:10 - 2012-04-16 14:09 - 0000000 ____D C:\Users\Bert\AppData\Local\{B47D1E6B-BE54-4947-A904-CB439B1F2D7D}
2012-04-16 14:09 - 2012-04-16 14:09 - 0000000 ____D C:\Users\Bert\AppData\Local\{B06FBBA6-6644-413A-91B2-C59752B8B36E}
2012-04-16 07:39 - 2012-04-16 07:39 - 0000000 ____D C:\Users\Bert\AppData\Local\{71AD1DA3-2454-4BA1-A259-E89AB1F95C7A}
2012-04-16 07:39 - 2012-04-16 07:38 - 0000000 ____D C:\Users\Bert\AppData\Local\{ABD9A29E-C220-4B18-93BD-BC368B8170F4}
2012-04-15 12:40 - 2012-04-15 12:40 - 0000000 ____D C:\Windows\Installer\{E463E171-4082-4744-A466-F7CBE8502789}
2012-04-14 08:37 - 2012-01-24 12:07 - 0000000 ____D C:\Users\Kelli\Documents\Taxes
2012-04-13 17:06 - 2012-04-13 17:06 - 2211840 ___RA C:\Windows\Installer\f1b1f3f.msp
2012-04-13 14:57 - 2012-01-24 14:44 - 0125312 ____A C:\Users\Bert\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-13 10:09 - 2012-04-13 08:13 - 0000451 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-04-13 08:22 - 2012-01-23 22:42 - 0125312 ____A C:\Users\Kelli\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-13 08:14 - 2012-01-24 11:03 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Intuit
2012-04-13 08:12 - 2012-01-24 11:03 - 0000000 ____D C:\Users\All Users\Intuit
2012-04-13 08:12 - 2012-01-24 11:03 - 0000000 ____D C:\Program Files\Common Files\Intuit
2012-04-13 08:11 - 2012-04-13 08:11 - 0000000 ____D C:\Users\Kelli\AppData\Local\IsolatedStorage
2012-04-13 08:08 - 2012-04-13 08:08 - 0000000 ____D C:\Program Files\TurboTax
2012-04-11 16:33 - 2012-04-11 16:32 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\HTC
2012-04-11 02:03 - 2012-04-11 02:03 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-11 02:03 - 2012-04-11 02:03 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-10 11:40 - 2012-04-10 11:40 - 0000000 ____D C:\Users\Kelli\AppData\Local\{75F11810-E921-4137-BA71-F00A806772FF}
2012-04-10 11:40 - 2012-04-10 11:39 - 0000000 ____D C:\Users\Kelli\AppData\Local\{2035DF21-C19C-47F0-9C7F-EA98D78F0875}
2012-04-10 11:33 - 2012-01-24 11:23 - 0000000 ____D C:\Users\Kelli\AppData\Local\Apple Computer
2012-04-10 09:36 - 2012-02-27 19:26 - 0000000 ____D C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}
2012-04-10 03:23 - 2012-04-10 03:23 - 0000000 ____D C:\Users\Bert\AppData\Local\{D885F3C9-58B4-4957-A307-43D66F158382}
2012-04-10 03:23 - 2012-04-10 03:23 - 0000000 ____D C:\Users\Bert\AppData\Local\{392FC6D2-8C7E-45A9-AAAC-29E216478389}
2012-04-10 03:19 - 2012-04-10 03:19 - 0000000 ____D C:\Users\Bert\Documents\HP Photosmart Projects
2012-04-10 03:19 - 2012-04-10 03:19 - 0000000 ____D C:\Users\Bert\AppData\Local\HP
2012-04-10 03:18 - 2012-04-10 03:18 - 0000000 ____D C:\Users\Bert\AppData\Local\{86F57DD7-ECEF-40E1-BB1E-C2A7B87A655D}
2012-04-10 03:18 - 2012-04-10 03:17 - 0000000 ____D C:\Users\Bert\AppData\Local\{135B09CF-38EF-4F0E-9FB9-10CD32D98975}
2012-04-09 13:57 - 2012-04-09 13:57 - 0000000 ____D C:\Users\Bert\AppData\Local\{6CBC3199-22B5-4BDB-BBAE-28F4B6B6F364}
2012-04-09 11:36 - 2012-01-24 14:44 - 0000000 ____D C:\Users\Bert\AppData\Local\Adobe
2012-04-08 12:59 - 2012-04-08 12:59 - 0000000 ____D C:\Users\Kelli\AppData\Local\{F8F1C045-E329-464E-A846-6233D296F879}
2012-04-08 12:59 - 2012-04-08 12:58 - 0000000 ____D C:\Users\Kelli\AppData\Local\{779A8B7A-AC1B-467E-9DAA-E1B9AB5AFFA6}
2012-04-08 12:57 - 2012-04-08 12:57 - 0000000 ____D C:\Users\Kelli\AppData\Local\{A084B69D-36C1-485E-B4CB-5D046BD900DD}
2012-04-08 12:57 - 2012-04-08 12:56 - 0000000 ____D C:\Users\Kelli\AppData\Local\{6EB61738-BEA8-4434-B508-D9F848FCDFCD}
2012-04-08 12:39 - 2012-04-08 12:39 - 0000000 ____D C:\Users\Kelli\AppData\Local\{AD447047-CE44-475F-AADA-1C834506B7A4}
2012-04-08 12:39 - 2012-04-08 12:38 - 0000000 ____D C:\Users\Kelli\AppData\Local\{F78CFFE1-7CA2-4181-B398-7C49E4E588E3}
2012-04-07 21:45 - 2012-03-27 13:07 - 0000000 ____D C:\Users\Kelli\Documents\My Documents
2012-04-07 16:31 - 2012-04-07 16:31 - 0000000 ____D C:\Users\Kelli\AppData\Local\{E8A79DD7-D263-4503-9720-27ADC2871557}
2012-04-07 16:31 - 2012-04-07 16:31 - 0000000 ____D C:\Users\Kelli\AppData\Local\{56CDD2B0-A7DB-4FD3-8332-4FF69BB79B09}
2012-04-07 16:07 - 2012-04-07 16:07 - 0000000 ____D C:\Users\Kelli\AppData\Local\{52C08AC0-0C22-4F04-B9FC-47272F71713D}
2012-04-07 15:53 - 2012-04-07 15:53 - 0000000 ____D C:\Users\Kelli\AppData\Local\{18DA0F7B-0249-4AE7-9406-1B017AF6A95C}
2012-04-06 13:46 - 2012-04-06 13:46 - 0000000 ____D C:\Users\Bert\AppData\Local\Apps\2.0
2012-04-04 05:32 - 2012-04-04 05:32 - 16613376 ___RA C:\Windows\Installer\2884a8f2.msp
2012-04-04 05:17 - 2012-04-04 05:17 - 99008512 ___RA C:\Windows\Installer\64b1b.msp
2012-04-01 15:27 - 2012-04-01 15:27 - 3463168 ___RA C:\Windows\Installer\2c0af7be.msp
2012-03-30 20:39 - 2012-05-10 14:43 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 14:43 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-10 14:43 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 02:23 - 2012-05-10 14:43 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 19:40 - 2012-01-24 12:07 - 0000000 ____D C:\Users\Kelli\Documents\RV
2012-03-29 18:37 - 2012-03-29 18:37 - 0000000 ____D C:\Users\Bert\AppData\Roaming\HTC
2012-03-29 15:33 - 2012-01-23 20:46 - 0000000 ____D C:\users\Kelli
2012-03-29 15:02 - 2012-03-29 15:02 - 0014570 ____A C:\Users\Kelli\Documents\Rache3-28-12.docx
2012-03-29 14:55 - 2012-03-29 14:55 - 0014672 ____A C:\Users\Kelli\Documents\Melissa3-28-12.docx
2012-03-28 02:01 - 2012-03-28 02:01 - 0256194 ____A C:\Windows\msxml4-KB973685-enu.LOG
2012-03-28 02:01 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2012-03-27 14:57 - 2012-01-24 14:20 - 0000000 ____D C:\Program Files\PdaNet for Android
2012-03-27 13:07 - 2012-03-27 12:57 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\HTC
2012-03-27 13:05 - 2012-01-24 14:53 - 0000000 ____D C:\users\Rachel
2012-03-27 13:00 - 2012-03-27 13:00 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-03-27 12:56 - 2012-03-27 12:53 - 0000000 ____D C:\Program Files\HTC
2012-03-27 12:53 - 2012-03-27 12:53 - 1088512 ____A C:\Windows\Installer\44dacee.msi
2012-03-27 12:53 - 2012-03-27 12:53 - 0000000 ____D C:\Windows\Installer\{31A559C1-9E4D-423B-9DD3-34A6C5398752}
2012-03-27 12:53 - 2012-03-27 12:53 - 0000000 ____D C:\Program Files\Spirent Communications
2012-03-27 12:52 - 2012-03-27 12:52 - 2434048 ____A C:\Windows\Installer\44dace0.msi
2012-03-27 12:52 - 2012-01-24 14:00 - 0000000 ____D C:\Program Files\MSXML 4.0
2012-03-26 16:43 - 2012-03-26 16:43 - 0000000 ____D C:\Windows\Installer\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}
2012-03-26 16:43 - 2012-03-26 16:43 - 0000000 ____A C:\Windows\Installer\wix{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}.SchedServiceConfig.rmi
2012-03-26 16:42 - 2012-03-26 16:42 - 0000000 ____D C:\Windows\Installer\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}
2012-03-26 16:41 - 2012-03-26 16:41 - 9564672 ____A C:\Windows\Installer\16a1de91.msi
2012-03-26 16:41 - 2012-03-26 16:41 - 20396032 ____A C:\Windows\Installer\16a1de24.msi
2012-03-26 16:35 - 2012-03-26 16:35 - 6533120 ____A C:\Windows\Installer\81f19.msi
2012-03-26 16:29 - 2012-03-26 16:29 - 0000000 ____D C:\Users\Bert\AppData\Local\Apple
2012-03-26 13:14 - 2012-03-26 13:14 - 11147264 ____A C:\Windows\Installer\4458b1b.msi
2012-03-25 15:08 - 2011-02-14 12:08 - 0000000 ____D C:\Users\Bert\Documents\eBooks
2012-03-25 15:05 - 2012-01-24 14:44 - 0000000 ____D C:\Users\Bert\AppData\Roaming\Adobe
2012-03-25 15:04 - 2012-01-24 14:43 - 0000000 ____D C:\Users\Bert\AppData\LocalLow
2012-03-25 00:37 - 2012-03-25 00:37 - 0025600 ____A C:\Windows\Installer\e08e3da.msi
2012-03-24 18:54 - 2012-03-23 16:46 - 0298900 ____A C:\Users\Kelli\Documents\HomeDepotCarpetCleaner.pdf
2012-03-23 19:48 - 2012-03-23 19:47 - 0000000 ____D C:\Program Files\QuickTime
2012-03-23 19:47 - 2012-03-23 19:47 - 0000000 ____D C:\Windows\Installer\{7BE15435-2D3E-4B58-867F-9C75BED0208C}
2012-03-23 19:44 - 2012-01-23 20:46 - 0000000 ____D C:\Users\Kelli\AppData\LocalLow
2012-03-21 04:58 - 2012-03-21 04:58 - 0133120 ___RA C:\Windows\Installer\2c0af78e.msp
2012-03-21 04:57 - 2012-03-21 04:57 - 1591808 ___RA C:\Windows\Installer\2c0af786.msp
2012-03-20 19:44 - 2012-03-20 19:44 - 0171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 19:44 - 2012-03-20 19:44 - 0074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 14:16 - 2012-03-20 14:16 - 1830108 ____A C:\Users\Kelli\Documents\FlagPage-Bert.pdf
2012-03-20 12:50 - 2012-03-20 12:50 - 1773333 ____A C:\Users\Kelli\Documents\FlagPage-Kelli.pdf
2012-03-20 07:11 - 2012-01-24 12:09 - 0000000 ____D C:\Users\Kelli\Documents\Bert
2012-03-19 18:37 - 2012-03-19 18:37 - 5992448 ___RA C:\Windows\Installer\3e9394a.msp
2012-03-19 18:34 - 2012-03-19 18:34 - 8776192 ___RA C:\Windows\Installer\3e94286.msp
2012-03-18 13:49 - 2012-03-18 13:49 - 0000000 ____D C:\Users\Bert\AppData\Roaming\HP
2012-03-16 23:27 - 2012-05-10 14:43 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 08:59 - 2012-03-16 08:59 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Philipp Winterberg
2012-03-16 08:53 - 2012-03-16 08:53 - 0000000 ____D C:\Program Files\Free RAR Extract Frog
2012-03-15 12:12 - 2012-03-15 12:12 - 4968960 ___RA C:\Windows\Installer\2f51125.msp
2012-03-15 12:11 - 2012-03-15 12:11 - 66812928 ___RA C:\Windows\Installer\2f5110c.msp
2012-03-15 12:11 - 2012-03-15 12:11 - 1989632 ___RA C:\Windows\Installer\2f510f3.msp
2012-03-15 12:09 - 2012-03-15 12:09 - 17165312 ___RA C:\Windows\Installer\2f5115b.msp
2012-03-13 12:37 - 2012-03-13 12:37 - 0228711 ___AT C:\Users\Kelli\Documents\PES 6th grade.pdf
2012-03-12 10:13 - 2012-01-24 10:08 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-03-08 17:37 - 2012-03-08 17:37 - 0302448 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR
2012-03-08 17:32 - 2012-05-16 15:01 - 0039272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3326.14 MB
Available physical RAM: 2869.39 MB
Total Pagefile: 3324.43 MB
Available Pagefile: 2877.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.61 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:8.02 GB) NTFS
3 Drive f: (LCS USB) (Removable) (Total:0.94 GB) (Free:0.6 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 0 B
Disk 1 Online 1927 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 111 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1927 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-05-28 23:58

======================= End Of Log ==========================


To answer your earlier question, I only have one hard drive inside this laptop. When I did the original scan, I had 2 other external drives attached by USB. I do not have a dual-boot system.

Should I try booting my system now?


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:48 AM

Posted 05 June 2012 - 11:08 AM

We still attempting to identify the problem. Were you experiencing problems with the Video?

Download the enclosed file:

Save it next to FRST, overwriting the existing one. Insert the USB drive in the ailing computer and run FRST as you did before. This time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Edited by JSntgRvr, 05 June 2012 - 01:08 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 kesposito

kesposito
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 05 June 2012 - 02:57 PM

Okay, here is the new FIXLOG.TXT:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 06-06-2012
Ran by SYSTEM at 2012-06-05 12:54:13 Run:2
Running from F:\

==============================================


========= Dir /a "C:\Windows\System32\%APPDATA%" =========

Volume in drive C has no label.
Volume Serial Number is 1E11-60FE

Directory of C:\Windows\System32\%APPDATA%

06/04/2012 05:02 AM <DIR> .
06/04/2012 05:02 AM <DIR> ..
06/04/2012 05:02 AM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 8,606,814,208 bytes free

========= End of CMD: =========


==== End of Fixlog ====


Yikes, what does that mean?

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:48 AM

Posted 05 June 2012 - 07:32 PM

I would like to see whats behind this folder. Never seen this folder before. Besides that, I fail to see a reason for that behavior. Lets also restore the registry to its last boot state.

Download the enclosed file:

Save it next to FRST, overwriting the existing one. Insert the USB drive in the ailing computer and run FRST as you did before. This time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 kesposito

kesposito
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 05 June 2012 - 11:51 PM

Here is the new log:

Thanks so much for your help!!!

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 06-06-2012
Ran by SYSTEM at 2012-06-05 21:50:05 Run:4
Running from F:\

==============================================


========= Dir /a /s "C:\Windows\System32\%APPDATA%" =========

Volume in drive C has no label.
Volume Serial Number is 1E11-60FE

Directory of C:\Windows\System32\%APPDATA%

06/04/2012 05:02 AM <DIR> .
06/04/2012 05:02 AM <DIR> ..
06/04/2012 05:02 AM <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Windows\System32\%APPDATA%\Microsoft

06/04/2012 05:02 AM <DIR> .
06/04/2012 05:02 AM <DIR> ..
06/04/2012 05:02 AM <DIR> Windows
0 File(s) 0 bytes

Directory of C:\Windows\System32\%APPDATA%\Microsoft\Windows

06/04/2012 05:02 AM <DIR> .
06/04/2012 05:02 AM <DIR> ..
06/04/2012 05:02 AM <DIR> IETldCache
0 File(s) 0 bytes

Directory of C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache

06/04/2012 05:02 AM <DIR> .
06/04/2012 05:02 AM <DIR> ..
06/04/2012 10:30 AM 262,144 index.dat
1 File(s) 262,144 bytes

Total Files Listed:
1 File(s) 262,144 bytes
11 Dir(s) 8,606,806,016 bytes free

========= End of CMD: =========

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:48 AM

Posted 06 June 2012 - 10:46 AM

Test and let me know if there is a difference.

If no difference, another update has been done to FRST.

:welcome:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive replacing the current one in the drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

Edited by JSntgRvr, 06 June 2012 - 10:53 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 kesposito

kesposito
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 06 June 2012 - 11:19 AM

Well, I rebooted my computer and let windows start normally. It seemed slow and I noticed that Windows Security Essentials was "red," so I clicked on it, allowed it to update itself and let it run a quick scan.

During all this, the computer was NOT giving me that message, stating I had one minute before it would reboot.

HOWEVER, after the WSE quick scan had been running for about 3-5 minutes, that message DID appear and subsequently rebooted my computer.

I download this newer release of FRST, ran the scan and have the results here:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 06-06-2012 03
Ran by SYSTEM at 06-06-2012 09:16:01
Running from F:\
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13605408 2009-03-06] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-03-06] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [96800 2009-03-06] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKU\Bert\...\Run: [Hudl Mercury] "C:\Program Files\Hudl Mercury\HudlMercury.exe" -startup [3373056 2012-01-05] (Agile Sports Technologies)
HKU\Kelli\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.64.12
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Bert\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Kelli\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Kelli\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kelli\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

================================ Services (Whitelisted) ==================

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 IntuitUpdateServiceV4; "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 NVIDIA Performance Driver Service; "C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe" [3575808 2008-12-11] ()
2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)

========================== Drivers (Whitelisted) =============

3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [62464 2010-11-20] (Microsoft Corporation)
3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [936960 2005-12-01] (Conexant Systems, Inc.)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows ® Win 7 DDK provider)
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [74112 2012-03-20] (Microsoft Corporation)
3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.)
3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.)
3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27264 2010-11-20] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-05 21:50 - 2012-06-05 21:50 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-06-04 19:11 - 2012-06-06 09:16 - 00000000 ____D C:\FRST
2012-06-04 12:31 - 2012-06-04 12:32 - 00007314 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_13.31.27_log.txt
2012-06-04 12:24 - 2012-06-04 12:28 - 00000000 ____D C:\Users\Kelli\Desktop\tdsskiller
2012-06-04 12:24 - 2012-06-04 12:22 - 02108959 ____A C:\Users\Kelli\Desktop\tdsskiller.zip
2012-06-04 12:18 - 2012-06-04 12:18 - 00000000 ____D C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-06-04 12:18 - 2012-06-04 12:18 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-06-04 12:11 - 2012-06-04 12:09 - 00000458 ____A C:\script.zip
2012-06-04 12:11 - 2012-06-04 12:07 - 00725408 ____A (Enigma Software Group USA, LLC.) C:\SpyHunter-Installer.exe
2012-06-04 11:22 - 2012-06-04 11:16 - 00509440 ____A (iS3, Inc.) C:\SZSetupAV.exe
2012-06-04 11:07 - 2012-06-04 12:17 - 01374248 ____A C:\Windows\ntbtlog.txt
2012-06-04 10:30 - 2012-06-04 10:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-04 05:02 - 2012-06-04 05:02 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-03 09:37 - 2012-06-03 09:37 - 00000000 ____D C:\Users\Bert\AppData\Local\{6E8C2816-3640-4B88-A366-B3ED14DCCC21}
2012-06-03 09:36 - 2012-06-03 09:37 - 00000000 ____D C:\Users\Bert\AppData\Local\{744F6E65-FA48-4565-A6D4-03F4D52ED380}
2012-06-03 09:35 - 2012-06-03 09:35 - 00000000 ____D C:\Users\Bert\AppData\Local\{11980566-F5C2-4EF2-BFD7-E68573667423}
2012-06-03 09:34 - 2012-06-03 09:34 - 00000000 ____D C:\Users\Bert\AppData\Local\{305E955E-A341-4371-A703-6A7EC7848E9C}
2012-06-03 09:31 - 2012-06-03 09:52 - 00001297 ____A C:\Users\Public\Desktop\Hudl Video Editor.lnk
2012-06-03 09:31 - 2012-06-03 09:52 - 00000000 ____D C:\Program Files\AviSynth 2.5
2012-06-03 09:30 - 2012-06-03 16:46 - 00000000 ____D C:\Users\Bert\AppData\Local\Hudl Mercury Projects
2012-06-03 09:30 - 2012-06-03 09:32 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Agile Sports Technologies
2012-06-03 09:30 - 2012-06-03 09:30 - 31181896 ____A (Agile Sports Technologies ) C:\Users\Bert\Downloads\HudlVideoEditor_1.29.10-setup.exe
2012-06-03 09:30 - 2012-06-03 09:30 - 00000000 ____D C:\Program Files\Agile Sports Technologies
2012-06-03 09:29 - 2012-06-03 09:52 - 00000000 ____D C:\Program Files\ffdshow
2012-06-03 09:29 - 2012-06-03 09:29 - 00000000 ____D C:\Program Files\Common Files\AppLifeUpdateService2
2012-06-03 09:29 - 2010-12-21 22:41 - 00080896 ____A C:\Windows\System32\ff_vfw.dll
2012-06-03 09:28 - 2012-06-03 09:28 - 00000000 ____D C:\Program Files\Hudl Mercury
2012-06-03 09:21 - 2012-06-03 09:22 - 14986128 ____A (Agile Sports Technologies, Inc. ) C:\Users\Bert\Downloads\HudlMercury_1.2.2-setup.exe
2012-06-03 09:21 - 2012-06-03 09:21 - 00000000 ____D C:\Users\Bert\AppData\Local\{4B96D6F3-FDAB-4900-84D4-3D212336D578}
2012-06-02 18:30 - 2012-06-02 18:31 - 00000000 ____D C:\Users\Melissa\AppData\Local\Htc
2012-06-02 18:29 - 2012-06-02 18:31 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\HTC
2012-05-30 09:40 - 2012-05-30 09:40 - 00242176 ____A C:\Users\Rachel\Documents\7thGradeYearEndPoolParty.pub
2012-05-23 17:01 - 2012-05-23 17:01 - 00017821 ____A C:\Users\Rachel\Desktop\Rachel.docx
2012-05-23 06:21 - 2012-05-23 06:21 - 00001040 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-05-22 20:18 - 2012-05-22 20:24 - 10328064 ____A C:\Users\Rachel\Desktop\CLASSIFIED.pub
2012-05-22 14:11 - 2012-05-22 14:11 - 00015127 ____A C:\Users\Kelli\Documents\Rachel5-22-12.docx
2012-05-21 19:34 - 2012-05-21 19:41 - 00000000 ____D C:\Users\Kelli\Documents\Fax
2012-05-21 19:34 - 2012-05-21 19:34 - 00000000 ___RD C:\Users\Kelli\Documents\Scanned Documents
2012-05-20 15:49 - 2012-05-20 16:01 - 00000000 ____D C:\Users\Kelli\Documents\Microsoft Office 2010 Download
2012-05-19 12:27 - 2012-05-19 12:27 - 00000000 ____D C:\Users\Kelli\AppData\Local\{47C723D1-69DB-4028-9BE9-7F7AE3811C61}
2012-05-19 12:26 - 2012-05-19 12:27 - 00000000 ____D C:\Users\Kelli\AppData\Local\{8D397F3F-8B36-4EDF-AC07-D2165EFE1E52}
2012-05-16 15:01 - 2012-03-08 17:32 - 00039272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-05-16 14:47 - 2012-05-16 14:47 - 00000000 ____D C:\Users\Kelli\AppData\Local\{801644B6-343E-41F8-AC2E-60E881D2EF3D}
2012-05-16 14:47 - 2012-05-16 14:47 - 00000000 ____D C:\Users\Kelli\AppData\Local\{1115B90A-4CF3-44AF-AB04-ABB3D78C0223}
2012-05-16 14:36 - 2012-05-16 14:36 - 00000000 ____D C:\Users\Kelli\AppData\Local\{5D7F7C64-5A96-4799-B1C0-5F1D27F29F88}
2012-05-16 14:35 - 2012-05-16 14:36 - 00000000 ____D C:\Users\Kelli\AppData\Local\{0F18DFBA-A87C-4917-8748-82A41B647DDB}
2012-05-16 14:34 - 2012-05-16 14:34 - 00000000 ____D C:\Users\Kelli\AppData\Local\{8AECE474-C474-4A94-AE55-9C99B52E504B}
2012-05-16 14:33 - 2012-05-16 14:34 - 00000000 ____D C:\Users\Kelli\AppData\Local\{A3E81AE0-9950-4ACB-80D2-A83257B98DC1}
2012-05-16 14:22 - 2012-05-16 14:22 - 00000000 ____D C:\Users\Kelli\AppData\Local\{9AA56D47-A443-4EDC-B58A-4E0E249E8069}
2012-05-16 14:22 - 2012-05-16 14:22 - 00000000 ____D C:\Users\Kelli\AppData\Local\{7697EE3C-E1AC-4802-84F7-E307AA6836C5}
2012-05-16 14:21 - 2012-05-16 14:21 - 00000000 ____D C:\Users\Kelli\AppData\Local\{B2C21F45-E9B6-4A73-BDAC-A14AF54D452E}
2012-05-16 14:20 - 2012-05-16 14:21 - 00000000 ____D C:\Users\Kelli\AppData\Local\{1E93C5EE-4B37-480B-8F9B-7AAE1BE533C4}
2012-05-16 14:19 - 2012-05-16 14:19 - 00000000 ____D C:\Users\Kelli\AppData\Local\{2E216F8F-FA4A-4671-8980-C5C5A90A523A}
2012-05-16 14:18 - 2012-05-16 14:19 - 00000000 ____D C:\Users\Kelli\AppData\Local\{7F54632B-40F2-4142-9C9A-0BB8A2E85D27}
2012-05-16 14:15 - 2012-05-16 14:15 - 00000000 ____D C:\Users\Kelli\AppData\Local\{99558411-43F0-47C4-9763-9E466B92A8F7}
2012-05-16 14:15 - 2012-05-16 14:15 - 00000000 ____D C:\Users\Kelli\AppData\Local\{1BD4802C-49A6-47F4-B9DA-3937BCBA4879}
2012-05-13 08:51 - 2012-05-13 08:51 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\HP
2012-05-11 15:18 - 2012-05-11 15:18 - 00000000 ____D C:\Users\Kelli\AppData\Local\{C15E797E-7449-40FD-9008-CAEC5DF624D7}
2012-05-11 15:17 - 2012-05-11 15:18 - 00000000 ____D C:\Users\Kelli\AppData\Local\{7ADB05BE-88D9-43FC-8302-662BF61E0D6B}
2012-05-11 15:09 - 2012-05-11 15:09 - 00000000 ____D C:\Users\Kelli\AppData\Local\{85DE1CE0-BA61-4DB7-BD08-DBB19E64BABE}
2012-05-11 15:08 - 2012-05-11 15:09 - 00000000 ____D C:\Users\Kelli\AppData\Local\{FF690BA9-1FDB-41FA-AB85-295562FB3F61}
2012-05-10 14:43 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 14:43 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 14:43 - 2012-03-30 18:36 - 02343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 14:43 - 2012-03-30 02:23 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 14:43 - 2012-03-16 23:27 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 14:43 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 06:37 - 2012-05-09 06:37 - 00000000 ____D C:\Program Files\Hewlett-Packard

============ 3 Months Modified Files and Folders ===============

2012-06-06 09:16 - 2012-06-04 19:11 - 0000000 ____D C:\FRST
2012-06-06 08:09 - 2012-01-23 20:16 - 1277178 ____A C:\Windows\WindowsUpdate.log
2012-06-06 08:09 - 2009-07-13 20:34 - 0022016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-06 08:09 - 2009-07-13 20:34 - 0022016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-06 08:02 - 2012-03-27 12:58 - 0000000 ____D C:\Users\Kelli\AppData\Local\Htc
2012-06-06 08:01 - 2009-07-13 20:39 - 0044270 ____A C:\Windows\setupact.log
2012-06-06 08:00 - 2012-02-27 19:27 - 0000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-06 08:00 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-06 07:59 - 2012-01-23 20:13 - 2615783424 __ASH C:\hiberfil.sys
2012-06-05 21:50 - 2012-06-05 21:50 - 0000000 ____D C:\Windows\System32\config\HiveBackup
2012-06-04 13:28 - 2009-07-13 20:34 - 0006144 _____ C:\Windows\System32\umstartup.etl
2012-06-04 13:06 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-06-04 12:42 - 2012-02-27 19:27 - 0000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-04 12:32 - 2012-06-04 12:31 - 0007314 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_13.31.27_log.txt
2012-06-04 12:28 - 2012-06-04 12:24 - 0000000 ____D C:\Users\Kelli\Desktop\tdsskiller
2012-06-04 12:25 - 2012-01-24 11:52 - 0000000 ____D C:\Users\Kelli\Documents\Outlook Files
2012-06-04 12:22 - 2012-06-04 12:24 - 2108959 ____A C:\Users\Kelli\Desktop\tdsskiller.zip
2012-06-04 12:18 - 2012-06-04 12:18 - 0000000 ____D C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-06-04 12:18 - 2012-06-04 12:18 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-06-04 12:17 - 2012-06-04 11:07 - 1374248 ____A C:\Windows\ntbtlog.txt
2012-06-04 12:09 - 2012-06-04 12:11 - 0000458 ____A C:\script.zip
2012-06-04 12:07 - 2012-06-04 12:11 - 0725408 ____A (Enigma Software Group USA, LLC.) C:\SpyHunter-Installer.exe
2012-06-04 11:16 - 2012-06-04 11:22 - 0509440 ____A (iS3, Inc.) C:\SZSetupAV.exe
2012-06-04 10:38 - 2012-01-24 10:11 - 0000000 ___HD C:\Config.Msi
2012-06-04 10:38 - 2010-11-20 13:48 - 0032376 ____A C:\Windows\PFRO.log
2012-06-04 10:34 - 2012-03-27 13:07 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Outlook
2012-06-04 10:30 - 2012-06-04 10:30 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-04 10:30 - 2012-01-23 22:42 - 0001945 ____A C:\Windows\epplauncher.mif
2012-06-04 10:30 - 2010-11-20 13:01 - 0796052 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-04 09:53 - 2012-01-24 16:45 - 0000000 ____D C:\Users\Bert\Documents\Outlook Files
2012-06-04 05:02 - 2012-06-04 05:02 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-04 02:44 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-06-03 16:46 - 2012-06-03 09:30 - 0000000 ____D C:\Users\Bert\AppData\Local\Hudl Mercury Projects
2012-06-03 16:43 - 2012-01-24 14:54 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\Adobe
2012-06-03 16:43 - 2012-01-24 14:54 - 0000000 ____D C:\Users\Rachel\AppData\Local\Adobe
2012-06-03 16:38 - 2012-01-24 14:43 - 0000000 ____D C:\Users\Bert\AppData\Local\VirtualStore
2012-06-03 09:52 - 2012-06-03 09:31 - 0001297 ____A C:\Users\Public\Desktop\Hudl Video Editor.lnk
2012-06-03 09:52 - 2012-06-03 09:31 - 0000000 ____D C:\Program Files\AviSynth 2.5
2012-06-03 09:52 - 2012-06-03 09:29 - 0000000 ____D C:\Program Files\ffdshow
2012-06-03 09:37 - 2012-06-03 09:37 - 0000000 ____D C:\Users\Bert\AppData\Local\{6E8C2816-3640-4B88-A366-B3ED14DCCC21}
2012-06-03 09:37 - 2012-06-03 09:36 - 0000000 ____D C:\Users\Bert\AppData\Local\{744F6E65-FA48-4565-A6D4-03F4D52ED380}
2012-06-03 09:37 - 2012-04-09 13:57 - 0000000 ____D C:\Users\Bert\AppData\Local\Windows Live
2012-06-03 09:35 - 2012-06-03 09:35 - 0000000 ____D C:\Users\Bert\AppData\Local\{11980566-F5C2-4EF2-BFD7-E68573667423}
2012-06-03 09:34 - 2012-06-03 09:34 - 0000000 ____D C:\Users\Bert\AppData\Local\{305E955E-A341-4371-A703-6A7EC7848E9C}
2012-06-03 09:32 - 2012-06-03 09:30 - 0000000 ____D C:\Users\Bert\AppData\Roaming\Agile Sports Technologies
2012-06-03 09:30 - 2012-06-03 09:30 - 31181896 ____A (Agile Sports Technologies ) C:\Users\Bert\Downloads\HudlVideoEditor_1.29.10-setup.exe
2012-06-03 09:30 - 2012-06-03 09:30 - 0000000 ____D C:\Program Files\Agile Sports Technologies
2012-06-03 09:29 - 2012-06-03 09:29 - 0000000 ____D C:\Program Files\Common Files\AppLifeUpdateService2
2012-06-03 09:28 - 2012-06-03 09:28 - 0000000 ____D C:\Program Files\Hudl Mercury
2012-06-03 09:22 - 2012-06-03 09:21 - 14986128 ____A (Agile Sports Technologies, Inc. ) C:\Users\Bert\Downloads\HudlMercury_1.2.2-setup.exe
2012-06-03 09:21 - 2012-06-03 09:21 - 0000000 ____D C:\Users\Bert\AppData\Local\{4B96D6F3-FDAB-4900-84D4-3D212336D578}
2012-06-02 18:31 - 2012-06-02 18:30 - 0000000 ____D C:\Users\Melissa\AppData\Local\Htc
2012-06-02 18:31 - 2012-06-02 18:29 - 0000000 ____D C:\Users\Melissa\AppData\Roaming\HTC
2012-06-02 18:29 - 2012-01-24 13:40 - 0125312 ____A C:\Users\Melissa\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-02 04:52 - 2012-03-29 18:37 - 0000000 ____D C:\Users\Bert\AppData\Local\Htc
2012-05-30 09:40 - 2012-05-30 09:40 - 0242176 ____A C:\Users\Rachel\Documents\7thGradeYearEndPoolParty.pub
2012-05-30 06:45 - 2012-04-11 16:33 - 0000000 ____D C:\Users\Rachel\AppData\Local\Htc
2012-05-26 13:36 - 2012-01-24 12:10 - 0000000 ____D C:\Users\Kelli\Documents\Excel
2012-05-24 10:58 - 2012-01-24 12:05 - 0000000 ____D C:\Users\Kelli\Documents\Quicken
2012-05-23 17:01 - 2012-05-23 17:01 - 0017821 ____A C:\Users\Rachel\Desktop\Rachel.docx
2012-05-23 06:21 - 2012-05-23 06:21 - 0001040 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-05-23 06:20 - 2012-03-27 12:54 - 0000000 ____D C:\Users\Kelli\AppData\Local\Downloaded Installations
2012-05-23 06:19 - 2012-05-04 15:21 - 0000000 ____D C:\Users\Kelli\Documents\2012 Re-Fi Documents
2012-05-23 06:15 - 2012-03-27 12:54 - 0033516 ____A C:\Windows\DPINST.LOG
2012-05-23 06:15 - 2012-01-24 09:07 - 0000000 ____D C:\Program Files\Common Files\Adobe AIR
2012-05-22 20:24 - 2012-05-22 20:18 - 10328064 ____A C:\Users\Rachel\Desktop\CLASSIFIED.pub
2012-05-22 19:54 - 2012-01-24 14:53 - 0000000 ____D C:\Users\Rachel\AppData\LocalLow
2012-05-22 14:14 - 2012-01-24 12:07 - 0054784 ____A C:\Users\Kelli\Documents\COSTCO SHOPPING LIST.doc
2012-05-22 14:11 - 2012-05-22 14:11 - 0015127 ____A C:\Users\Kelli\Documents\Rachel5-22-12.docx
2012-05-21 20:20 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-05-21 19:41 - 2012-05-21 19:34 - 0000000 ____D C:\Users\Kelli\Documents\Fax
2012-05-21 19:34 - 2012-05-21 19:34 - 0000000 ___RD C:\Users\Kelli\Documents\Scanned Documents
2012-05-21 19:34 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\ModemLogs
2012-05-21 18:55 - 2012-01-24 16:15 - 0001456 ____A C:\Users\Kelli\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-05-20 16:01 - 2012-05-20 15:49 - 0000000 ____D C:\Users\Kelli\Documents\Microsoft Office 2010 Download
2012-05-20 15:39 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-05-20 00:27 - 2012-03-18 14:30 - 0000000 ____D C:\Users\Bert\AppData\Local\ElevatedDiagnostics
2012-05-19 12:27 - 2012-05-19 12:27 - 0000000 ____D C:\Users\Kelli\AppData\Local\{47C723D1-69DB-4028-9BE9-7F7AE3811C61}
2012-05-19 12:27 - 2012-05-19 12:26 - 0000000 ____D C:\Users\Kelli\AppData\Local\{8D397F3F-8B36-4EDF-AC07-D2165EFE1E52}
2012-05-19 12:27 - 2012-01-25 21:34 - 0000000 ____D C:\Users\Kelli\AppData\Local\Windows Live
2012-05-16 14:58 - 2012-01-25 21:39 - 0000000 ____D C:\Program Files\Windows Live
2012-05-16 14:47 - 2012-05-16 14:47 - 0000000 ____D C:\Users\Kelli\AppData\Local\{801644B6-343E-41F8-AC2E-60E881D2EF3D}
2012-05-16 14:47 - 2012-05-16 14:47 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1115B90A-4CF3-44AF-AB04-ABB3D78C0223}
2012-05-16 14:36 - 2012-05-16 14:36 - 0000000 ____D C:\Users\Kelli\AppData\Local\{5D7F7C64-5A96-4799-B1C0-5F1D27F29F88}
2012-05-16 14:36 - 2012-05-16 14:35 - 0000000 ____D C:\Users\Kelli\AppData\Local\{0F18DFBA-A87C-4917-8748-82A41B647DDB}
2012-05-16 14:34 - 2012-05-16 14:34 - 0000000 ____D C:\Users\Kelli\AppData\Local\{8AECE474-C474-4A94-AE55-9C99B52E504B}
2012-05-16 14:34 - 2012-05-16 14:33 - 0000000 ____D C:\Users\Kelli\AppData\Local\{A3E81AE0-9950-4ACB-80D2-A83257B98DC1}
2012-05-16 14:22 - 2012-05-16 14:22 - 0000000 ____D C:\Users\Kelli\AppData\Local\{9AA56D47-A443-4EDC-B58A-4E0E249E8069}
2012-05-16 14:22 - 2012-05-16 14:22 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7697EE3C-E1AC-4802-84F7-E307AA6836C5}
2012-05-16 14:21 - 2012-05-16 14:21 - 0000000 ____D C:\Users\Kelli\AppData\Local\{B2C21F45-E9B6-4A73-BDAC-A14AF54D452E}
2012-05-16 14:21 - 2012-05-16 14:20 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1E93C5EE-4B37-480B-8F9B-7AAE1BE533C4}
2012-05-16 14:19 - 2012-05-16 14:19 - 0000000 ____D C:\Users\Kelli\AppData\Local\{2E216F8F-FA4A-4671-8980-C5C5A90A523A}
2012-05-16 14:19 - 2012-05-16 14:18 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7F54632B-40F2-4142-9C9A-0BB8A2E85D27}
2012-05-16 14:15 - 2012-05-16 14:15 - 0000000 ____D C:\Users\Kelli\AppData\Local\{99558411-43F0-47C4-9763-9E466B92A8F7}
2012-05-16 14:15 - 2012-05-16 14:15 - 0000000 ____D C:\Users\Kelli\AppData\Local\{1BD4802C-49A6-47F4-B9DA-3937BCBA4879}
2012-05-15 18:44 - 2012-02-21 15:48 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\HpUpdate
2012-05-15 13:41 - 2012-01-24 12:10 - 0000000 ____D C:\Users\Kelli\Documents\Credit Reports
2012-05-13 08:51 - 2012-05-13 08:51 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\HP
2012-05-11 15:18 - 2012-05-11 15:18 - 0000000 ____D C:\Users\Kelli\AppData\Local\{C15E797E-7449-40FD-9008-CAEC5DF624D7}
2012-05-11 15:18 - 2012-05-11 15:17 - 0000000 ____D C:\Users\Kelli\AppData\Local\{7ADB05BE-88D9-43FC-8302-662BF61E0D6B}
2012-05-11 15:09 - 2012-05-11 15:09 - 0000000 ____D C:\Users\Kelli\AppData\Local\{85DE1CE0-BA61-4DB7-BD08-DBB19E64BABE}
2012-05-11 15:09 - 2012-05-11 15:08 - 0000000 ____D C:\Users\Kelli\AppData\Local\{FF690BA9-1FDB-41FA-AB85-295562FB3F61}
2012-05-11 02:48 - 2009-07-13 20:33 - 3811432 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 02:45 - 2012-01-23 22:36 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 02:43 - 2010-11-20 16:23 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-11 02:27 - 2012-01-23 21:42 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 02:19 - 2012-01-23 22:41 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 06:37 - 2012-05-09 06:37 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-05-08 18:11 - 2012-01-24 11:51 - 0000000 ____D C:\Users\Kelli\Documents\MY ARTWORK
2012-05-08 16:12 - 2012-01-24 16:48 - 0000000 ____D C:\Users\Bert\Documents\Personal
2012-05-04 20:07 - 2012-05-04 20:01 - 0000000 ____D C:\Users\Kelli\Documents\My Scans
2012-05-04 16:31 - 2012-05-04 16:28 - 0210551 ____A C:\Windows\hpoins21.dat
2012-05-04 16:31 - 2012-01-24 10:09 - 0004527 ____A C:\Users\All Users\hpzinstall.log
2012-05-04 16:31 - 2009-07-13 18:04 - 0000513 ____A C:\Windows\win.ini
2012-05-04 16:30 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\twain_32
2012-05-04 15:31 - 2012-01-24 10:10 - 0000000 ____D C:\Program Files\HP
2012-05-04 15:22 - 2012-05-04 15:25 - 0211006 ____N C:\Windows\hpoins21.dat.temp
2012-05-04 15:08 - 2012-05-04 15:04 - 0043008 ____A C:\Users\Kelli\Documents\ClearConceptsFax.doc
2012-05-04 13:04 - 2012-05-04 13:04 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-04 13:04 - 2012-01-24 08:55 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-03 08:30 - 2012-01-24 11:03 - 0000000 ____D C:\Program Files\Quicken
2012-05-01 11:22 - 2012-05-01 11:22 - 0417700 ____A C:\Users\Kelli\Documents\DISC-Kelli_Esposito.pdf
2012-05-01 11:20 - 2012-05-01 11:20 - 0776797 ____A C:\Users\Kelli\Documents\Values-Kelli_Esposito.pdf
2012-05-01 11:05 - 2012-05-01 11:05 - 0060946 ____A C:\Users\Kelli\Documents\SpiritualGiftsResults.pdf
2012-05-01 08:18 - 2012-05-01 08:18 - 0014521 ____A C:\Users\Kelli\Documents\DUSTING.docx
2012-05-01 08:14 - 2012-01-24 12:07 - 0013046 ____A C:\Users\Kelli\Documents\CommissionJobs.xlsx
2012-05-01 07:12 - 2012-01-23 21:42 - 0000000 ____D C:\Users\Kelli\AppData\Local\Microsoft Help
2012-04-26 15:01 - 2012-01-24 08:56 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Adobe
2012-04-25 16:52 - 2012-01-24 11:23 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Apple Computer
2012-04-24 15:08 - 2012-04-24 15:08 - 0014678 ____A C:\Users\Kelli\Documents\Melissa4-24-12.docx
2012-04-24 15:07 - 2012-04-24 13:10 - 0015167 ____A C:\Users\Kelli\Documents\Rachel4-24-12.docx
2012-04-24 08:36 - 2012-04-24 08:36 - 8637220 ____A C:\Users\Kelli\Documents\Discipline4-12Booklet.pdf
2012-04-23 16:29 - 2012-04-23 16:29 - 0000000 ____D C:\Users\Kelli\Documents\OneNote Notebooks
2012-04-22 00:01 - 2012-03-17 08:14 - 0000000 ____D C:\Users\Kelli\AppData\Local\ElevatedDiagnostics
2012-04-20 08:46 - 2012-04-20 08:46 - 0000000 ____D C:\Users\Kelli\AppData\Local\{FB5C93BD-A9F6-4A22-9453-0588FA3B2292}
2012-04-20 08:46 - 2012-04-20 08:46 - 0000000 ____D C:\Users\Kelli\AppData\Local\{98EE28DA-8CF2-486F-A6C4-94023C179390}
2012-04-19 08:04 - 2012-04-19 08:04 - 2589194 ____A C:\Users\Kelli\Documents\preprayed_-_preparation_for_lifes_events.pdf
2012-04-18 16:20 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-18 16:15 - 2012-04-18 16:16 - 0127075 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-04-18 16:15 - 2012-04-18 16:16 - 0049262 ____A (Sun Microsystems, Inc.) C:\Windows\System32\jpicpl32.cpl
2012-04-18 16:15 - 2012-04-18 16:16 - 0049247 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-04-18 16:15 - 2012-04-18 16:16 - 0049245 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-04-18 16:15 - 2012-04-18 16:15 - 0000000 ____D C:\Program Files\Java
2012-04-18 16:15 - 2012-04-18 16:15 - 0000000 ____D C:\Program Files\Common Files\Java
2012-04-18 16:14 - 2012-01-24 12:07 - 0000000 ____D C:\Users\Kelli\Documents\Recipes
2012-04-18 05:44 - 2012-04-18 05:44 - 0000000 ____D C:\Users\Bert\AppData\Local\{34D8B9A3-E87D-4E7F-B889-CD5DCBA2FFD2}
2012-04-18 05:44 - 2012-04-18 05:43 - 0000000 ____D C:\Users\Bert\AppData\Local\{FD8D3312-2C4C-46E1-9DF8-5C4B8FB67F4D}
2012-04-18 05:21 - 2012-04-18 05:21 - 0000000 ____D C:\Users\Bert\AppData\Local\{06317AFB-270A-4E42-B818-E7832C71DFBC}
2012-04-17 16:04 - 2012-01-24 14:54 - 0125312 ____A C:\Users\Rachel\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-17 14:48 - 2012-04-17 14:47 - 0000000 ____D C:\Program Files\Safari
2012-04-17 14:46 - 2012-04-17 14:46 - 0001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-17 14:46 - 2012-04-17 14:45 - 0000000 ____D C:\Program Files\iTunes
2012-04-17 14:45 - 2012-04-17 14:45 - 0000000 ____D C:\Program Files\iPod
2012-04-17 14:45 - 2012-01-24 11:21 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-17 11:08 - 2012-03-27 12:38 - 0015283 ____A C:\Users\Kelli\Documents\Tasks-Projects.docx
2012-04-17 10:14 - 2012-01-24 11:54 - 0000000 ____D C:\Users\Kelli\Documents\My Kindle Content
2012-04-17 07:36 - 2012-04-17 07:36 - 0002193 ____A C:\Users\Kelli\Desktop\Kindle.lnk
2012-04-17 07:36 - 2012-04-17 07:35 - 0000000 ____D C:\Users\Kelli\AppData\Local\Amazon
2012-04-16 16:28 - 2012-04-13 08:33 - 0000000 ____D C:\Users\Kelli\Documents\TurboTax
2012-04-16 14:23 - 2012-04-16 14:23 - 0000000 ___AH C:\Users\Bert\Documents\Default.rdp
2012-04-16 14:10 - 2012-04-16 14:09 - 0000000 ____D C:\Users\Bert\AppData\Local\{B47D1E6B-BE54-4947-A904-CB439B1F2D7D}
2012-04-16 14:09 - 2012-04-16 14:09 - 0000000 ____D C:\Users\Bert\AppData\Local\{B06FBBA6-6644-413A-91B2-C59752B8B36E}
2012-04-16 07:39 - 2012-04-16 07:39 - 0000000 ____D C:\Users\Bert\AppData\Local\{71AD1DA3-2454-4BA1-A259-E89AB1F95C7A}
2012-04-16 07:39 - 2012-04-16 07:38 - 0000000 ____D C:\Users\Bert\AppData\Local\{ABD9A29E-C220-4B18-93BD-BC368B8170F4}
2012-04-14 08:37 - 2012-01-24 12:07 - 0000000 ____D C:\Users\Kelli\Documents\Taxes
2012-04-13 14:57 - 2012-01-24 14:44 - 0125312 ____A C:\Users\Bert\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-13 10:09 - 2012-04-13 08:13 - 0000451 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-04-13 08:22 - 2012-01-23 22:42 - 0125312 ____A C:\Users\Kelli\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-13 08:14 - 2012-01-24 11:03 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Intuit
2012-04-13 08:12 - 2012-01-24 11:03 - 0000000 ____D C:\Users\All Users\Intuit
2012-04-13 08:12 - 2012-01-24 11:03 - 0000000 ____D C:\Program Files\Common Files\Intuit
2012-04-13 08:11 - 2012-04-13 08:11 - 0000000 ____D C:\Users\Kelli\AppData\Local\IsolatedStorage
2012-04-13 08:08 - 2012-04-13 08:08 - 0000000 ____D C:\Program Files\TurboTax
2012-04-11 16:33 - 2012-04-11 16:32 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\HTC
2012-04-11 02:03 - 2012-04-11 02:03 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-11 02:03 - 2012-04-11 02:03 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-10 11:40 - 2012-04-10 11:40 - 0000000 ____D C:\Users\Kelli\AppData\Local\{75F11810-E921-4137-BA71-F00A806772FF}
2012-04-10 11:40 - 2012-04-10 11:39 - 0000000 ____D C:\Users\Kelli\AppData\Local\{2035DF21-C19C-47F0-9C7F-EA98D78F0875}
2012-04-10 11:33 - 2012-01-24 11:23 - 0000000 ____D C:\Users\Kelli\AppData\Local\Apple Computer
2012-04-10 03:23 - 2012-04-10 03:23 - 0000000 ____D C:\Users\Bert\AppData\Local\{D885F3C9-58B4-4957-A307-43D66F158382}
2012-04-10 03:23 - 2012-04-10 03:23 - 0000000 ____D C:\Users\Bert\AppData\Local\{392FC6D2-8C7E-45A9-AAAC-29E216478389}
2012-04-10 03:19 - 2012-04-10 03:19 - 0000000 ____D C:\Users\Bert\Documents\HP Photosmart Projects
2012-04-10 03:19 - 2012-04-10 03:19 - 0000000 ____D C:\Users\Bert\AppData\Local\HP
2012-04-10 03:18 - 2012-04-10 03:18 - 0000000 ____D C:\Users\Bert\AppData\Local\{86F57DD7-ECEF-40E1-BB1E-C2A7B87A655D}
2012-04-10 03:18 - 2012-04-10 03:17 - 0000000 ____D C:\Users\Bert\AppData\Local\{135B09CF-38EF-4F0E-9FB9-10CD32D98975}
2012-04-09 13:57 - 2012-04-09 13:57 - 0000000 ____D C:\Users\Bert\AppData\Local\{6CBC3199-22B5-4BDB-BBAE-28F4B6B6F364}
2012-04-09 11:36 - 2012-01-24 14:44 - 0000000 ____D C:\Users\Bert\AppData\Local\Adobe
2012-04-08 12:59 - 2012-04-08 12:59 - 0000000 ____D C:\Users\Kelli\AppData\Local\{F8F1C045-E329-464E-A846-6233D296F879}
2012-04-08 12:59 - 2012-04-08 12:58 - 0000000 ____D C:\Users\Kelli\AppData\Local\{779A8B7A-AC1B-467E-9DAA-E1B9AB5AFFA6}
2012-04-08 12:57 - 2012-04-08 12:57 - 0000000 ____D C:\Users\Kelli\AppData\Local\{A084B69D-36C1-485E-B4CB-5D046BD900DD}
2012-04-08 12:57 - 2012-04-08 12:56 - 0000000 ____D C:\Users\Kelli\AppData\Local\{6EB61738-BEA8-4434-B508-D9F848FCDFCD}
2012-04-08 12:39 - 2012-04-08 12:39 - 0000000 ____D C:\Users\Kelli\AppData\Local\{AD447047-CE44-475F-AADA-1C834506B7A4}
2012-04-08 12:39 - 2012-04-08 12:38 - 0000000 ____D C:\Users\Kelli\AppData\Local\{F78CFFE1-7CA2-4181-B398-7C49E4E588E3}
2012-04-07 21:45 - 2012-03-27 13:07 - 0000000 ____D C:\Users\Kelli\Documents\My Documents
2012-04-07 16:31 - 2012-04-07 16:31 - 0000000 ____D C:\Users\Kelli\AppData\Local\{E8A79DD7-D263-4503-9720-27ADC2871557}
2012-04-07 16:31 - 2012-04-07 16:31 - 0000000 ____D C:\Users\Kelli\AppData\Local\{56CDD2B0-A7DB-4FD3-8332-4FF69BB79B09}
2012-04-07 16:07 - 2012-04-07 16:07 - 0000000 ____D C:\Users\Kelli\AppData\Local\{52C08AC0-0C22-4F04-B9FC-47272F71713D}
2012-04-07 15:53 - 2012-04-07 15:53 - 0000000 ____D C:\Users\Kelli\AppData\Local\{18DA0F7B-0249-4AE7-9406-1B017AF6A95C}
2012-04-06 13:46 - 2012-04-06 13:46 - 0000000 ____D C:\Users\Bert\AppData\Local\Apps\2.0
2012-03-30 20:39 - 2012-05-10 14:43 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 14:43 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-10 14:43 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 02:23 - 2012-05-10 14:43 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 19:40 - 2012-01-24 12:07 - 0000000 ____D C:\Users\Kelli\Documents\RV
2012-03-29 18:37 - 2012-03-29 18:37 - 0000000 ____D C:\Users\Bert\AppData\Roaming\HTC
2012-03-29 15:33 - 2012-01-23 20:46 - 0000000 ____D C:\users\Kelli
2012-03-29 15:02 - 2012-03-29 15:02 - 0014570 ____A C:\Users\Kelli\Documents\Rache3-28-12.docx
2012-03-29 14:55 - 2012-03-29 14:55 - 0014672 ____A C:\Users\Kelli\Documents\Melissa3-28-12.docx
2012-03-28 02:01 - 2012-03-28 02:01 - 0256194 ____A C:\Windows\msxml4-KB973685-enu.LOG
2012-03-28 02:01 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2012-03-27 14:57 - 2012-01-24 14:20 - 0000000 ____D C:\Program Files\PdaNet for Android
2012-03-27 13:07 - 2012-03-27 12:57 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\HTC
2012-03-27 13:05 - 2012-01-24 14:53 - 0000000 ____D C:\users\Rachel
2012-03-27 13:00 - 2012-03-27 13:00 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-03-27 12:56 - 2012-03-27 12:53 - 0000000 ____D C:\Program Files\HTC
2012-03-27 12:53 - 2012-03-27 12:53 - 0000000 ____D C:\Program Files\Spirent Communications
2012-03-27 12:52 - 2012-01-24 14:00 - 0000000 ____D C:\Program Files\MSXML 4.0
2012-03-26 16:29 - 2012-03-26 16:29 - 0000000 ____D C:\Users\Bert\AppData\Local\Apple
2012-03-25 15:08 - 2011-02-14 12:08 - 0000000 ____D C:\Users\Bert\Documents\eBooks
2012-03-25 15:05 - 2012-01-24 14:44 - 0000000 ____D C:\Users\Bert\AppData\Roaming\Adobe
2012-03-25 15:04 - 2012-01-24 14:43 - 0000000 ____D C:\Users\Bert\AppData\LocalLow
2012-03-24 18:54 - 2012-03-23 16:46 - 0298900 ____A C:\Users\Kelli\Documents\HomeDepotCarpetCleaner.pdf
2012-03-23 19:48 - 2012-03-23 19:47 - 0000000 ____D C:\Program Files\QuickTime
2012-03-23 19:44 - 2012-01-23 20:46 - 0000000 ____D C:\Users\Kelli\AppData\LocalLow
2012-03-20 19:44 - 2012-03-20 19:44 - 0171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 19:44 - 2012-03-20 19:44 - 0074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 14:16 - 2012-03-20 14:16 - 1830108 ____A C:\Users\Kelli\Documents\FlagPage-Bert.pdf
2012-03-20 12:50 - 2012-03-20 12:50 - 1773333 ____A C:\Users\Kelli\Documents\FlagPage-Kelli.pdf
2012-03-20 07:11 - 2012-01-24 12:09 - 0000000 ____D C:\Users\Kelli\Documents\Bert
2012-03-18 13:49 - 2012-03-18 13:49 - 0000000 ____D C:\Users\Bert\AppData\Roaming\HP
2012-03-16 23:27 - 2012-05-10 14:43 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 08:59 - 2012-03-16 08:59 - 0000000 ____D C:\Users\Kelli\AppData\Roaming\Philipp Winterberg
2012-03-16 08:53 - 2012-03-16 08:53 - 0000000 ____D C:\Program Files\Free RAR Extract Frog
2012-03-13 12:37 - 2012-03-13 12:37 - 0228711 ___AT C:\Users\Kelli\Documents\PES 6th grade.pdf
2012-03-12 10:13 - 2012-01-24 10:08 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe

C:\Windows\Installer\{3d1a3ebc-3b35-2ba9-ebe2-e5dafcf6a1d1}
C:\Windows\Installer\{3d1a3ebc-3b35-2ba9-ebe2-e5dafcf6a1d1}\@
C:\Windows\Installer\{3d1a3ebc-3b35-2ba9-ebe2-e5dafcf6a1d1}\L
C:\Windows\Installer\{3d1a3ebc-3b35-2ba9-ebe2-e5dafcf6a1d1}\n
C:\Windows\Installer\{3d1a3ebc-3b35-2ba9-ebe2-e5dafcf6a1d1}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3326.14 MB
Available physical RAM: 2860.77 MB
Total Pagefile: 3324.43 MB
Available Pagefile: 2864.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.61 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:7.42 GB) NTFS
3 Drive f: (LCS USB) (Removable) (Total:0.94 GB) (Free:0.6 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 0 B
Disk 1 Online 1927 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 111 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1927 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-05-28 23:58

======================= End Of Log ==========================

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:48 AM

Posted 06 June 2012 - 11:35 AM

Please run FRST once again..

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click the Search button and wait. Post the log (Search.txt) it will produce in the USB drive to your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users