Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So slow it is unusable


  • This topic is locked This topic is locked
22 replies to this topic

#1 packbacker83

packbacker83

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 05 June 2012 - 06:52 PM

In just the past week my laptop has become almost unusable. The only thing I have changed about my usage is I started playing Farmville. However, my wife plays on her laptop and has had no problems. I am placing the logs here. The GMER log may not be complete because the program would not allow me to make any changes in the options. Everything was unchecked except Services, Registry, Files, C:/, and ADS.

This is DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Hill at 13:52:03 on 2012-06-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2025 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\TOTALR~2\bar\1.bin\14barsvc.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Hill\AppData\Roaming\Mikogo\Mikogo-Host.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Hill\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\Hill\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\PROGRA~2\TOTALR~2\bar\1.bin\14medint.exe
C:\PROGRA~2\TOTALR~2\bar\1.bin\14medint.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = 127.0.0.1;192.168.*.*
uURLSearchHooks: N/A: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Gamers Unite! Snag Bar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\PROGRA~2\FlashGet\jccatch.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.8\AVG Secure Search_toolbar.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
BHO: Toolbar BHO: {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\PROGRA~2\TOTALR~2\bar\1.bin\14bar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Search Assistant BHO: {df22384f-cf68-4d19-969f-10423715528b} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\PROGRA~2\FlashGet\getflash.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~2\SPEEDB~1\Toolbar\grabber.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.8\AVG Secure Search_toolbar.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: TotalRecipeSearch: {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Mikogo] "C:\Users\Hill\AppData\Roaming\Mikogo\Mikogo-Host.exe" -asp
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [KB00441392.exe] "C:\Users\Hill\AppData\Roaming\KB00441392.exe"
uRun: [PCShowServer] "C:\Users\Hill\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [SzokEtZa1L8A2xO] C:\Users\Hill\AppData\Roaming\javaupdate_KBD12S.exe
uRun: [Visual Drive] C:\Users\Hill\AppData\Local\Temp\N9TM8DD9P7.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [<NO NAME>]
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SzokEtZa1L8A2xO] C:\Users\Hill\AppData\Roaming\javaupdate_KBD12S.exe
mRun: [Visual Drive] C:\Users\Hill\AppData\Local\Temp\N9TM8DD9P7.exe
mRun: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h
mRun: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mExplorerRun: [Visual Drive] C:\Users\Hill\AppData\Local\Temp\N9TM8DD9P7.exe
StartupFolder: C:\Users\Hill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Hill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Hill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: + Offline &Explorer: Download the link - file://C:\Program Files (x86)\Offline Explorer Pro\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://C:\Program Files (x86)\Offline Explorer Pro\Add_AllO.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: pilotcat.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0C191CD8-741B-45DE-A07A-9510A09C4822} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0C191CD8-741B-45DE-A07A-9510A09C4822}\130364850383138363130373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0C191CD8-741B-45DE-A07A-9510A09C4822}\37D6F6B65697D647E6275637F62747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0C191CD8-741B-45DE-A07A-9510A09C4822}\457534D23507565646A7F6E656 : DhcpNameServer = 24.25.35.65 24.25.35.64
TCP: Interfaces\{0C191CD8-741B-45DE-A07A-9510A09C4822}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0C191CD8-741B-45DE-A07A-9510A09C4822}\E4842434D2055726C69636 : DhcpNameServer = 192.168.83.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
mASetup: {F7B0B4F4-75A6-E80D-5F9F-C4CBBAECFBD5} - C:\Users\Hill\AppData\Local\Temp\N9TM8DD9P7.exe
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO-X64: Winamp Toolbar Loader - No File
BHO-X64: Gamers Unite! Snag Bar BHO: {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: IeCatch5 Class: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~2\FlashGet\jccatch.dll
BHO-X64: SBCONVERT Class: {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
BHO-X64: SBCONVERT - No File
BHO-X64: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
BHO-X64: TBSB01620 - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.8\AVG Secure Search_toolbar.dll
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: Toolbar BHO: {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\PROGRA~2\TOTALR~2\bar\1.bin\14bar.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Search Assistant BHO: {df22384f-cf68-4d19-969f-10423715528b} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
BHO-X64: gFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~2\FlashGet\getflash.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL
BHO-X64: Download Accelerator Plus Integration - No File
BHO-X64: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\SPEEDB~1\Toolbar\grabber.dll
BHO-X64: GrabberObj Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB-X64: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
TB-X64: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.8\AVG Secure Search_toolbar.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: TotalRecipeSearch: {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [(Default)]
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SzokEtZa1L8A2xO] C:\Users\Hill\AppData\Roaming\javaupdate_KBD12S.exe
mRun-x64: [Visual Drive] C:\Users\Hill\AppData\Local\Temp\N9TM8DD9P7.exe
mRun-x64: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h
mRun-x64: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bdfa5f9b3-1e95-4853-ac5d-9e067f913677%7D&mid=aca2a84e7a6c47d1a5cbd16fff3f59aa-a8d8481c7c3429f4a396a3cd655cdc4a00a3547f&ds=AVG&v=10.0.0.7&lang=en&pr=pr&d=2012-01-21%2012%3A29%3A37&sap=ku&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafety\11.0.1\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
FF - plugin: C:\Users\Hill\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
FF - plugin: C:\Users\Hill\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Hill\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extentions.y2layers.installId - a35f3494-8d0d-4824-b2a1-d2b71dd080a1
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/08 22:05:06];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-6-28 146928]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/09/27 00:11:33];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-9-27 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-30 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-3 652872]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-7-13 517632]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-6 705856]
R2 TotalRecipeSearch_14Service;TotalRecipeSearchService;C:\PROGRA~2\TOTALR~2\bar\1.bin\14barsvc.exe [2012-5-16 42504]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 vToolbarUpdater11.0.1;vToolbarUpdater11.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.1\ToolbarUpdater.exe [2012-4-12 932736]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
R3 RRNetCapMP;RRNetCapMP;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SndTAudio;SndTAudio;C:\Windows\system32\drivers\SndTAudio.sys --> C:\Windows\system32\drivers\SndTAudio.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-18 136176]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-23 257696]
S3 B-Service;B-Service;C:\Users\Hill\AppData\Roaming\Mikogo\B-Service.exe [2010-12-2 185640]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-6-6 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-6-6 79360]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2011-1-4 385024]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-18 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
S3 RRNetCap;RRNetCap Service;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]
S3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2011-1-4 245760]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-6-6 79360]
S3 STSService;STSService;C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe [2010-12-23 385024]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-05 17:46:10 -------- d-----w- C:\Users\Hill\AppData\Local\{EDB200E8-E62B-47E5-BA74-424F153AB9C9}
2012-06-05 17:45:59 -------- d-----w- C:\Users\Hill\AppData\Local\{28E7601B-D226-4EAA-B27F-CDB3F6723F41}
2012-06-05 12:43:31 -------- d-----w- C:\Users\Hill\AppData\Local\{CEF33CD0-B908-4E63-BE88-01025E75F40D}
2012-06-05 12:43:18 -------- d-----w- C:\Users\Hill\AppData\Local\{3F75CF6E-3044-44C7-93BD-36045062570E}
2012-06-05 12:27:32 -------- d-----w- C:\Users\Hill\AppData\Local\{018A2C74-BAA0-45E1-8E67-390588FDCF24}
2012-06-05 12:27:21 -------- d-----w- C:\Users\Hill\AppData\Local\{853E8467-D49A-4548-B65E-A4146C26B0A0}
2012-06-01 13:30:30 -------- d-----w- C:\Users\Hill\AppData\Local\{26336DC5-38AB-41B7-AD15-8DAC4C4186C5}
2012-06-01 13:30:12 -------- d-----w- C:\Users\Hill\AppData\Local\{5F85B81B-BD74-4699-9A08-85FC3E917717}
2012-06-01 04:37:45 -------- d-----w- C:\Users\Hill\AppData\Local\{63FEC498-0CAE-4FEF-942E-E3B90CC363DA}
2012-06-01 04:37:06 -------- d-----w- C:\Users\Hill\AppData\Local\{51E7568B-354C-4D75-A944-ACCD0A4DA7EE}
2012-06-01 03:46:34 -------- d-----w- C:\Users\Hill\AppData\Local\{D60176E5-A116-4074-86ED-0C594F2CFEDC}
2012-05-31 15:52:28 -------- d-----w- C:\Users\Hill\AppData\Local\{E8B91EA8-39CD-4AA3-B2A7-D22B7A568EBF}
2012-05-31 15:52:17 -------- d-----w- C:\Users\Hill\AppData\Local\{8F1FE1A1-5921-4B08-A86E-C11BFAE2E0AD}
2012-05-31 14:42:22 -------- d-----w- C:\Users\Hill\AppData\Local\{10C03B1B-548C-4606-B21B-87E19FD37206}
2012-05-31 14:42:10 -------- d-----w- C:\Users\Hill\AppData\Local\{557037B7-F0A4-4D15-9613-716362DD923A}
2012-05-31 05:49:03 -------- d-----w- C:\Users\Hill\AppData\Local\{079553B7-5363-48D0-B456-D678AB0F1DE0}
2012-05-31 05:48:51 -------- d-----w- C:\Users\Hill\AppData\Local\{85F15920-43B9-4632-B545-F2BDC93A63CC}
2012-05-30 03:43:11 -------- d-----w- C:\Users\Hill\AppData\Local\{654C7DD9-1D3D-4DC5-881E-D4D3F4FE6E6F}
2012-05-30 03:42:54 -------- d-----w- C:\Users\Hill\AppData\Local\{F1AF186F-0DAD-4395-B40C-E2D52313DDFA}
2012-05-28 03:11:15 -------- d-----w- C:\Users\Hill\AppData\Local\{3A624B79-4F3E-41BA-B0B1-907FC3FAF8A0}
2012-05-28 03:10:57 -------- d-----w- C:\Users\Hill\AppData\Local\{1CF04F76-8A6C-4B29-887C-923F5827A44E}
2012-05-28 01:25:50 15360 ----a-w- C:\Windows\System32\drivers\pneteth.sys
2012-05-25 21:42:29 -------- d-----w- C:\Users\Hill\AppData\Local\{3A8B0F20-888A-4A53-9A6D-95C5D1B0547D}
2012-05-25 21:42:12 -------- d-----w- C:\Users\Hill\AppData\Local\{010185D9-EFAD-45EB-854B-3A68BA1D8A70}
2012-05-25 20:33:49 -------- d-----w- C:\Users\Hill\AppData\Local\{E80D7E48-5AE6-4AE0-8DC0-F89C414A5A6C}
2012-05-25 20:33:38 -------- d-----w- C:\Users\Hill\AppData\Local\{ECD134B4-6BD0-4693-B0C4-5999307612DB}
2012-05-25 01:28:04 -------- d-----w- C:\Users\Hill\AppData\Local\{5F2C998D-66EE-4E2E-B899-379DABC7B631}
2012-05-25 01:27:30 -------- d-----w- C:\Users\Hill\AppData\Local\{C0206C87-63F3-4B6F-BAE2-C7F2CB961559}
2012-05-24 00:08:35 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-23 23:58:27 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-21 02:06:56 -------- d-----w- C:\Users\Hill\AppData\Local\{B0289A88-51E1-4EF0-AF43-5135D6DDB508}
2012-05-21 02:06:46 -------- d-----w- C:\Users\Hill\AppData\Local\{C997665B-E2DB-40FA-9D83-D092C51FBC6D}
2012-05-21 01:43:36 -------- d-----w- C:\Users\Hill\AppData\Local\{62D0B0B7-6D67-43A1-8747-2D80353CD994}
2012-05-21 01:43:26 -------- d-----w- C:\Users\Hill\AppData\Local\{5D756CDD-4B75-4093-BA41-EEEDFAED09BD}
2012-05-18 03:04:21 -------- d-----w- C:\Users\Hill\AppData\Local\{E5F77238-92A0-460B-B68F-42C7191EF6CF}
2012-05-18 03:04:11 -------- d-----w- C:\Users\Hill\AppData\Local\{C7D0C0B0-23D3-4E84-AF61-0AF37D75CC4C}
2012-05-18 01:24:52 -------- d-----w- C:\Users\Hill\AppData\Local\{0A13BBCA-3876-4F7F-9144-32007476B530}
2012-05-18 01:24:41 -------- d-----w- C:\Users\Hill\AppData\Local\{24372EB1-CF63-4714-9A5D-0F88BA6AE830}
2012-05-17 05:36:12 -------- d-----w- C:\Users\Hill\AppData\Local\{EE89A82D-0E71-46AC-8A4F-956F83A00B85}
2012-05-17 05:36:01 -------- d-----w- C:\Users\Hill\AppData\Local\{4B6FBBDE-671A-43FD-A460-1B58E485C1D2}
2012-05-16 04:09:25 -------- d-----w- C:\Users\Hill\AppData\Local\{31067BCD-9CF2-4636-B3DD-FEF5C284F33A}
2012-05-16 04:09:14 -------- d-----w- C:\Users\Hill\AppData\Local\{B0337274-EF05-4335-84D9-535ED062964A}
2012-05-16 04:00:22 -------- d-----w- C:\Program Files (x86)\TotalRecipeSearch_14
2012-05-12 17:41:14 -------- d-----w- C:\Users\Hill\AppData\Local\{E15ED8FE-9C94-4164-94EA-BAE5E499D070}
2012-05-12 17:41:02 -------- d-----w- C:\Users\Hill\AppData\Local\{5D8AA3F9-35FF-40AE-8F37-0FBD552F77AC}
2012-05-12 17:39:19 -------- d-----w- C:\Users\Hill\AppData\Local\{2D5143DE-9B6B-4822-82AC-2BA0412C2E5A}
2012-05-12 17:39:07 -------- d-----w- C:\Users\Hill\AppData\Local\{79F689B8-7CE3-4082-BAB4-B04FBCA57C9E}
2012-05-12 17:24:50 -------- d-----w- C:\Users\Hill\AppData\Roaming\install
2012-05-12 17:18:45 5386240 ----a-w- C:\Users\Hill\AppData\Roaming\javaupdate_KBD12S.exe
2012-05-12 16:23:52 -------- d-----w- C:\Users\Hill\AppData\Local\{7B51F00B-ED3F-4EEF-B5BA-D9EBF50082CA}
2012-05-12 16:23:40 -------- d-----w- C:\Users\Hill\AppData\Local\{292C8F91-044C-4E24-8E47-80B521F04B0F}
2012-05-12 01:04:08 -------- d-----w- C:\Users\Hill\AppData\Local\{F9E2D3A5-78D8-4009-9DC0-53FD65FAB8AE}
2012-05-12 01:03:56 -------- d-----w- C:\Users\Hill\AppData\Local\{71B7A606-07E1-4715-9FCF-97F60DA1E6E2}
2012-05-12 01:03:42 -------- d-----w- C:\Users\Hill\AppData\Local\{C15D0A5C-B633-49DD-9426-BC596461C24E}
2012-05-12 01:03:28 -------- d-----w- C:\Users\Hill\AppData\Local\{3D9D94D9-F57E-46DB-84CD-1573AA9ACDB7}
2012-05-11 03:32:22 -------- d-----w- C:\Users\Hill\AppData\Local\{EB5687AF-1590-4B1B-AF07-E988373918B9}
2012-05-11 03:32:09 -------- d-----w- C:\Users\Hill\AppData\Local\{34F7BEB4-53B5-4559-9BAE-5AE54E9F630E}
2012-05-10 17:42:50 -------- d-----w- C:\Users\Hill\AppData\Local\{B70CE3AD-65E7-49F5-B336-ED6F67E88EF4}
2012-05-10 17:42:38 -------- d-----w- C:\Users\Hill\AppData\Local\{79299384-3A8A-481F-AFF9-1E4B9BA22C47}
2012-05-10 05:57:01 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-10 05:57:01 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 05:57:01 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-10 05:57:01 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 05:57:00 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-10 05:57:00 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-10 05:57:00 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-10 05:57:00 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-10 05:57:00 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-10 05:56:59 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-09 14:37:18 -------- d-----w- C:\Users\Hill\AppData\Local\{3866BA2C-BE52-4659-8F44-26E715775D5B}
2012-05-09 14:37:08 -------- d-----w- C:\Users\Hill\AppData\Local\{DC02F064-7756-4D80-90D9-B0DA99806F57}
2012-05-09 14:11:39 -------- d-----w- C:\Users\Hill\AppData\Local\{ECB89A44-8953-4127-A7CD-9D2DF822A55E}
2012-05-09 14:11:27 -------- d-----w- C:\Users\Hill\AppData\Local\{4C8C5B6B-7230-4D6F-B8BC-C5FAF1797BF8}
2012-05-09 09:27:56 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 09:27:55 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 09:27:53 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 09:27:53 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 09:27:47 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 09:27:42 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 09:27:39 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 09:27:39 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 09:27:39 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 09:27:38 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 09:27:38 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-08 02:04:19 -------- d-----w- C:\Users\Hill\AppData\Local\{9010AB54-5A9A-4456-A994-052962B04785}
2012-05-08 02:04:07 -------- d-----w- C:\Users\Hill\AppData\Local\{0CFF3457-308C-4204-A30D-40A7A8B595E0}
2012-05-07 02:40:14 -------- d-----w- C:\Users\Hill\AppData\Local\{AE32DB09-B4E0-4FAF-84AC-E44A6FB4285F}
2012-05-07 02:40:02 -------- d-----w- C:\Users\Hill\AppData\Local\{531E45C7-6520-4BD7-82C4-57511CDC7919}
2012-05-07 01:07:30 63080 ----a-r- C:\Users\Hill\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
2012-05-07 01:07:29 -------- d-----w- C:\Users\Hill\AppData\Local\DIRECTV Player
.
==================== Find3M ====================
.
2012-06-01 14:05:30 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-11 23:45:49 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 13:54:52.47 ===============







GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-05 19:51:29
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0xB1 0xD3 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x95 0xCF 0x18 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xD6 0xFE 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBA 0x92 0x71 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0xB1 0xD3 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x95 0xCF 0x18 0x9F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xD6 0xFE 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBA 0x92 0x71 0xCD ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Hill\Downloads\Utorrent\Winning Poker Tournaments One Hand at a Time\Winning Poker Tournaments One Hand at a Time by \x202erar.scr 1

---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\loadingAnimation[1].gif 5886 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\load[1] 92 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\mvvqlRvi_384K_320x240[1].flv 662983 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\show_afd_ads[1].js 4746 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\ads[6] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\Pong[1].gif 52 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\eli[1].js 305 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\footer[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\freq[2].html 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\freq[3].html 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\xml[1].xml 881 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\xml[2].xml 853 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\xml[3].xml 878 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\xml[4].xml 1461 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\xml[6].xml 4475 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\zmpfc[1].js 31051 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\crossdomain[11].xml 201 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\performgroup[1].js 10812 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\json[1].js 6769 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\g[1].json 103 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\get[2] 18 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\get[3] 18 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\1338926326[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\2-1-1-1-lmb_lre_PassAgeOpenMenuBPKellyBiteCNPBd50k_RushScore_625BWTr145_0312_160x600[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\2012-mtv-movie-awards-show-winners-650567[2].txt 92416 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\style[4].css 9337 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\if[4].txt 364 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\53[2].jpg 2129 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\cc[1].js 28119 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\celebrity-gossip_net[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\iframe3[5].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\iframe[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\domainpark[1].biz 30955 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\ra1-icoset[1].png 11939 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\small_FFN_Duff_Hilary_POD_021223_8803041[1].jpg 8108 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IXTLFI\gl[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\silver-template-160x600_[1].swf 18616 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\0006[1].gif 894 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\fl[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\superfish[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\set-16[1].png 18776 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\battleship-movie-picture-3[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\bcP[1].js 15276 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\jsadimp[6].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\default[2].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\9194[1].js 3111 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\72_ny2-d3[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\ping[9].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\bk-static[1].js 2937 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\Pong[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\scripts[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\glamadapt_jsrv[4].act 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\style[2].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\crossdomainCA2TQGXI.xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\xml[1].xml 27088 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4JRF0GO\xml[3].xml 13694 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\jennifer-aniston-060312-%20(3)[1].jpg 7177 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\jennifer-aniston-060312-%20(4)[1].jpg 6706 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\slider[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\small_FFN_Phillippe_Ryan_Exc_FF7_041312_8979895[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\small_Pebble-E-Paper-Watch-for-iPhone-and-Android[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\shailene-woodley-060312-%20(4)[1].jpg 5587 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\silver-template-728x90_[2].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\hilton-060312-%20(4)[1].jpg 6117 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\hough-060312-%20(7)[1].jpg 6395 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\watson-perks-060312-%20(1)[1].jpg 6497 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\watson-perks-060312-%20(3)[1].jpg 7796 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\i[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\get[2] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\get[3] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\googleplus.js[1].php 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\twilight-mv-add-060312-%20(3)[1].jpg 6702 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\twilight-mv-add-060312-%20(4)[1].jpg 6920 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\lucy-hale-060312-%20(7)[1].jpg 5604 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\magic-mike-060312-%20(5)[1].jpg 4937 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\lautner-060312-%20(2)[1].jpg 6034 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\battleship-movie-picture-2[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\pxl[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\p[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\channing-jenna-060312-%20(3)[1].jpg 5740 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\charlie-sheen-060312-%20(1)[1].jpg 5614 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\cim[2] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\kstew-stage-060312-%20(3)[1].jpg 6409 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\kstew-stage-060312-%20(4)[1].jpg 5913 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\dark-knight-060312-%20(1)[1].jpg 5973 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\ads[2] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\ads[4].js 9745 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\CAIRNSKW.HTM 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\johnny-depp-060312-%20(5)[1].jpg 6627 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\josh-hutcherson-060312-%20(7)[1].jpg 5782 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\SB_160x600_BiLi_Gawk_YWBT[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\beckinsale-biel-060312-%20(1)[1].jpg 6338 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\beckinsale-biel-060312-%20(4)[1].jpg 7250 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\blank[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\box_77_top-right[1].png 1113 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\Server[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\set[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\53[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\google_ads_gpt[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\ping[5].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\cufon-yui[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\MapQuest_National-Parks_728x90_Animated[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\mark-wahlberg-060312-%20(3)[1].jpg 5148 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\mark-wahlberg-060312-%20(4)[1].jpg 5319 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\mila-kunis-060312-%20(3)[1].jpg 6078 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\xml[10].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\xml[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\xml[2].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\xml[3].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\xml[4].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\xml[5].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\xml[6].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\xml[7].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\xml[8].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\xml[9].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\ad[1].js 25 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\standard[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\surly[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\josh-hutcherson-060312-%20(8)[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\wooslider[1].js 11412 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3U4U8S6\woo_tabs[1].js 1736 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\twilight-mv-add-060312-%20(2)[1].jpg 6923 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\russell-brand-060312aa-%20(2)[1].jpg 7480 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\battleship-movie-picture-1[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\cc[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\charlie-sheen-060312-%20(3)[1].jpg 5243 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\charlie-sheen-060312-%20(4)[1].jpg 5227 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\charlize-michael-060312-%20(8)[1].jpg 5625 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\c_30_us[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\dark-knight-060312-%20(2)[1].jpg 6449 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\dark-knight-060312-%20(3)[1].jpg 5846 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\dark-knight-060312-%20(4)[1].jpg 5415 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\datapair[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\data[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\0006[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLKF4EQ4\0112_Tidal_Wallet_15_Vid_flv_16x9[1].flv 1039013 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\S3CVUHOX.txt 514 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HNY13TML.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\37SURONO.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GLLPUTNA.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UCETOZM0.txt 114 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FMXFQTW8.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QE1NXB05.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5L2FUEOE.txt 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:49 PM

Posted 09 June 2012 - 12:02 PM

Hi packbacker83,


My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic.

 

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


:step1: Combofix

Please download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer


:step2: Farbar Service Scanner
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


In your next reply, please include:
  • Combofix log
  • FSS log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 09 June 2012 - 01:39 PM

So ... Is it my understanding that my choices are to reformat and reinstall clean ... OR ... clean up and not necessarily be safe.

If I reformat and reinstall how do I protect myself. I had a wireless router with WEP security running and AVG internet suite running when the machine became infected. I thought I was ok. What else do i need to do?

Thanks
packbacker83

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:49 PM

Posted 09 June 2012 - 01:54 PM

packbacker83,

So ... Is it my understanding that my choices are to reformat and reinstall clean ... OR ... clean up and not necessarily be safe.


Yes, you're infected with an advanced infection called ZeroAccess. I can help you clean the infection, but I cannot guarantee you will be completely clean afterwards.

If I reformat and reinstall how do I protect myself. I had a wireless router with WEP security running and AVG internet suite running when the machine became infected. I thought I was ok. What else do i need to do?


There're a couple things to help prevent getting infected:
  • I would recommend using WPA or WPA2 wireless security, depending on what is supported by your wireless router (it's much more secure than WEP). You can configure this through your wireless router.
  • Keep common programs, like Internet Explorer, Firefox, Google Chrome, Java, Adobe Reader, and Adobe Flash up to date. Older versions of these programs have vulnerabilities in them that malware can use to infect your computer.
  • In addition to AVG, I would also recommend updating and running a scan with Malwarebytes every couple weeks. Sometimes, malware isn't detected by AVG, and may be detected by Malwarebytes
  • If prompted to install Windows Updates, always install them. Microsoft regularly issues security and stability updates on the second Tuesday of each month. These patch vulnerabilities in Windows that malware can use to infect your computer
  • Use common sense - by this I mean: don't download files if you don't know what they are. Don't click on unsolicited, spam emails or attachments, etc.

If you have any other questions, feel free to ask.

Please let me know whether you'd like to go ahead with cleaning the infection, or would rather reformat. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 09 June 2012 - 02:12 PM

Thanks you,

I am at work right now but when I get home later tonight I will proceed with the combofix and FSS. I will try that first and see if I get satisfactory results. If not then I will start clean. Also will change security on router.

Thanks
pack

#6 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 09 June 2012 - 02:16 PM

One more question.

What should I do about security in those times when I have to connect to an unsecured network like a common wifi at say ... McDonalds. Should I install a software firewal like zone alarm or is windows firewall sufficient?

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:49 PM

Posted 09 June 2012 - 02:49 PM

I would recommend reading and following the advice this article: How to Stay Safe on Public Wi-Fi Networks

Edited by jntkwx, 09 June 2012 - 02:49 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 10 June 2012 - 03:41 PM

FSS Log


Farbar Service Scanner Version: 09-06-2012
Ran by Hill (administrator) on 10-06-2012 at 16:25:31
Running from "C:\Users\Hill\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 02:14] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 05:27] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****






When I tried to run combofix I got the following message:


Error opening file for writing

C:\32788r22fwjfw\License\iexplore.exe

Click Abort to stop the installation,
Retry to try again. or
Ignore to skip this file

with 3 buttons below ... Ignore is the only one that would let me go forward.


Then the program appeared to finish but I did not get any kind of log file.

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:49 PM

Posted 10 June 2012 - 03:51 PM

packbacker83,

The infection is causing Combofix to not run successfully.

Please download Farbar Recovery Scan Tool 64-Bit and save it to a flashdrive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

- OR -

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 11 June 2012 - 11:52 AM

Everything went fine. Once I pressed scan I went to make a sandwich. When I came back I had this error ...



Line 7757 File E:\FRST64.exe
Error: Error parsing function call

OK

When I clicked the ok button the program shut down.

No log made

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:49 PM

Posted 11 June 2012 - 11:57 AM

packbacker83,

That's odd. Try following my previous directions again, but delete the current version of FRST64 and download a new version of Farbar Recovery Scan Tool 64-Bit and save it to a flash drive (it's updated often).

EDIT: I'm getting the same error, too. Let me ask the developer of FRST.

Edited by jntkwx, 11 June 2012 - 12:11 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:49 PM

Posted 11 June 2012 - 04:42 PM

packbacker83,

The bug with FRST has been fixed. Please follow my previous directions again, but delete the current version of FRST64 and download a new version of Farbar Recovery Scan Tool 64-Bit and save it to a flash drive (it's updated often).
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 11 June 2012 - 05:10 PM

FRST log


Scan result of Farbar Recovery Scan Tool Version: 11-06-2012 03
Ran by SYSTEM at 11-06-2012 17:58:11
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391192 2010-04-06] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [SmartSoft PDF Printer Agent] "C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe" [50576 2011-08-12] ()
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3168416 2010-09-24] (Dell Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-03-22] (Nullsoft, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2011-12-24] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1116032 2012-04-12] ()
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-30] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SzokEtZa1L8A2xO] C:\Users\Hill\AppData\Roaming\javaupdate_KBD12S.exe [5386240 2012-01-28] (Bluestate Inc. )
HKLM-x32\...\Run: [Visual Drive] C:\Users\Hill\AppData\Local\Temp\N9TM8DD9P7.exe [5869568 2012-02-03] (Installer Pack)
HKLM-x32\...\Run: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h [42536 2012-05-15] (MindSpark)
HKLM-x32\...\Run: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe [30096 2012-05-15] (VER_COMPANY_NAME)
HKU\Hill\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Hill\...\Run: [Mikogo] "C:\Users\Hill\AppData\Roaming\Mikogo\Mikogo-Host.exe" -asp [5420408 2011-11-06] ()
HKU\Hill\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [4950664 2011-06-28] ()
HKU\Hill\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\Hill\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-06-05] (SUPERAntiSpyware.com)
HKU\Hill\...\Run: [KB00441392.exe] "C:\Users\Hill\AppData\Roaming\KB00441392.exe" [x]
HKU\Hill\...\Run: [PCShowServer] "C:\Users\Hill\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [351888 2012-04-02] (NDS Technologies)
HKU\Hill\...\Run: [SzokEtZa1L8A2xO] C:\Users\Hill\AppData\Roaming\javaupdate_KBD12S.exe [5386240 2012-01-28] (Bluestate Inc. )
HKU\Hill\...\Run: [Visual Drive] C:\Users\Hill\AppData\Local\Temp\N9TM8DD9P7.exe [5869568 2012-02-03] (Installer Pack)
HKU\postgres\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKU\postgres\...\Run: [0x017] 0x017 [x]
HKU\postgres\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-06-05] (SUPERAntiSpyware.com)
HKU\postgres\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\postgres\...\Run: [Mikogo] "C:\Users\Hill\AppData\Roaming\Mikogo\Mikogo-Host.exe" [5420408 2011-11-06] ()
HKU\postgres\...\Run: [Windows Updater] C:\Users\postgres\AppData\Local\winsvchost.exe [x]
HKU\postgres\...\Run: [Audio Device] C:\Users\postgres\AppData\Roaming\M3jzKWwJHu4b.exe [x]
HKU\postgres\...\Run: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP [2918576 2011-06-13] (SpeedBit Ltd.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-11-04] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Hill\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Hill\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Hill\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\postgres\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
3 B-Service; C:\Users\Hill\AppData\Roaming\Mikogo\B-Service.exe [185640 2010-12-02] ()
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2010-07-15] (Macrovision Europe Ltd.)
3 GSService; "C:\Windows\SysWOW64\GSService.exe" [385024 2010-12-23] ()
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652872 2011-12-24] (Malwarebytes Corporation)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-04-30] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-04-30] (Alcatel-Lucent)
2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()
2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [407 2012-05-20] ()
3 SMServer; "C:\Windows\SysWOW64\snmvtsvc.exe" [245760 2010-12-23] (SMServer)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
3 STSService; "C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe" [385024 2010-12-23] ()
2 TotalRecipeSearch_14Service; C:\PROGRA~2\TOTALR~2\bar\1.bin\14barsvc.exe [42504 2012-05-15] (COMPANYVERS_NAME)
2 vToolbarUpdater11.0.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.1\ToolbarUpdater.exe [932736 2012-04-12] ()
2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-11] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-11] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-11] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-11] (AVG Technologies CZ, s.r.o.)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2009-10-05] (Citrix Systems, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
3 RRNetCap; C:\Windows\System32\Drivers\RRNetCap.sys [37480 2010-12-21] (RapidSolution Software AG)
3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2010-12-21] (RapidSolution Software AG)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SndTAudio; C:\Windows\System32\Drivers\SndTAudio.sys [34040 2010-12-23] (Windows ® Codename Longhorn DDK provider)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-06-15] (Duplex Secure Ltd.)
3 tbhsd; C:\Windows\System32\Drivers\tbhsd.sys [46112 2010-12-21] (RapidSolution Software AG)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-06-28] (CyberLink Corp.)
2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-05-11] (CyberLink Corp.)
3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]
3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]
3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]
3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-11 12:28 - 2012-06-11 17:58 - 00000000 ____D C:\FRST
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{886BE628-FE60-4FA6-9BCB-C22DC92DCEA8}
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{70672C24-B164-4F8D-A77E-8EEBB64EA42A}
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\Local Settings\{886BE628-FE60-4FA6-9BCB-C22DC92DCEA8}
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\Local Settings\{70672C24-B164-4F8D-A77E-8EEBB64EA42A}
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\AppData\Local\{886BE628-FE60-4FA6-9BCB-C22DC92DCEA8}
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\AppData\Local\{70672C24-B164-4F8D-A77E-8EEBB64EA42A}
2012-06-11 11:16 - 2012-06-11 16:53 - 01402035 ____A C:\Users\Hill\Downloads\FRST64.exe
2012-06-11 09:51 - 2012-06-11 09:51 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{9E233349-9915-4EAB-81AD-2E935DAB379D}
2012-06-11 09:51 - 2012-06-11 09:51 - 00000000 ____D C:\Users\Hill\Local Settings\{9E233349-9915-4EAB-81AD-2E935DAB379D}
2012-06-11 09:51 - 2012-06-11 09:51 - 00000000 ____D C:\Users\Hill\AppData\Local\{9E233349-9915-4EAB-81AD-2E935DAB379D}
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{77B02831-A65E-454A-ACD0-7A01DE68EB62}
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{594FB1D1-027A-4490-972E-F27B5BA9B495}
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\Local Settings\{77B02831-A65E-454A-ACD0-7A01DE68EB62}
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\Local Settings\{594FB1D1-027A-4490-972E-F27B5BA9B495}
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\AppData\Local\{77B02831-A65E-454A-ACD0-7A01DE68EB62}
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\AppData\Local\{594FB1D1-027A-4490-972E-F27B5BA9B495}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{FBA985BA-060E-4291-B0B7-73BBC4745CDF}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{D840E6D3-CC5F-4747-A1DF-52863E8DEBBE}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\Local Settings\{FBA985BA-060E-4291-B0B7-73BBC4745CDF}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\Local Settings\{D840E6D3-CC5F-4747-A1DF-52863E8DEBBE}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\AppData\Local\{FBA985BA-060E-4291-B0B7-73BBC4745CDF}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\AppData\Local\{D840E6D3-CC5F-4747-A1DF-52863E8DEBBE}
2012-06-10 15:25 - 2012-06-10 15:37 - 00004237 ____A C:\Users\Hill\Desktop\FSS.txt
2012-06-10 15:23 - 2012-06-10 15:24 - 00338127 ____A C:\Users\Hill\Desktop\FSS.exe
2012-06-09 23:31 - 2012-06-10 15:32 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 23:23 - 2012-06-09 23:23 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-09 23:22 - 2012-06-09 23:22 - 04539885 ____R (Swearware) C:\Users\Hill\Desktop\ComboFix.exe
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{96A7551E-BC88-4869-867E-06AEF566EC5D}
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{24D66DFD-E247-4A17-9C1E-A8297CFC5108}
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\Local Settings\{96A7551E-BC88-4869-867E-06AEF566EC5D}
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\Local Settings\{24D66DFD-E247-4A17-9C1E-A8297CFC5108}
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\AppData\Local\{96A7551E-BC88-4869-867E-06AEF566EC5D}
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\AppData\Local\{24D66DFD-E247-4A17-9C1E-A8297CFC5108}
2012-06-08 20:27 - 2012-06-08 20:27 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{20AFCE18-E660-460B-AB82-EE8E39AF63FC}
2012-06-08 20:27 - 2012-06-08 20:27 - 00000000 ____D C:\Users\Hill\Local Settings\{20AFCE18-E660-460B-AB82-EE8E39AF63FC}
2012-06-08 20:27 - 2012-06-08 20:27 - 00000000 ____D C:\Users\Hill\AppData\Local\{20AFCE18-E660-460B-AB82-EE8E39AF63FC}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{C8552A51-6D03-4441-AC1E-EA589B4AB0AA}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{8BF0C7D8-27AC-4F44-AB93-28D72D562A4B}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\Local Settings\{C8552A51-6D03-4441-AC1E-EA589B4AB0AA}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\Local Settings\{8BF0C7D8-27AC-4F44-AB93-28D72D562A4B}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\AppData\Local\{C8552A51-6D03-4441-AC1E-EA589B4AB0AA}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\AppData\Local\{8BF0C7D8-27AC-4F44-AB93-28D72D562A4B}
2012-06-08 11:05 - 2012-06-08 11:05 - 00000000 ____D C:\Roxio
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{FC274EAD-D03E-409B-BF02-933E855DD687}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{1F6D5558-0971-4C0A-A26B-95DEDECB91CF}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\Local Settings\{FC274EAD-D03E-409B-BF02-933E855DD687}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\Local Settings\{1F6D5558-0971-4C0A-A26B-95DEDECB91CF}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\AppData\Local\{FC274EAD-D03E-409B-BF02-933E855DD687}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\AppData\Local\{1F6D5558-0971-4C0A-A26B-95DEDECB91CF}
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{B3EAB80C-8D1B-4CF4-A635-0C4F8CBA1CD8}
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{1AA392A2-C156-4514-A228-F76B964C0261}
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\Local Settings\{B3EAB80C-8D1B-4CF4-A635-0C4F8CBA1CD8}
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\Local Settings\{1AA392A2-C156-4514-A228-F76B964C0261}
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\AppData\Local\{B3EAB80C-8D1B-4CF4-A635-0C4F8CBA1CD8}
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\AppData\Local\{1AA392A2-C156-4514-A228-F76B964C0261}
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{9E957543-D0BD-40E2-8B35-929E83F21C91}
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{743FC993-D802-41F7-896D-BDC47AB744A0}
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\Local Settings\{9E957543-D0BD-40E2-8B35-929E83F21C91}
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\Local Settings\{743FC993-D802-41F7-896D-BDC47AB744A0}
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\AppData\Local\{9E957543-D0BD-40E2-8B35-929E83F21C91}
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\AppData\Local\{743FC993-D802-41F7-896D-BDC47AB744A0}
2012-06-05 13:00 - 2012-06-05 13:00 - 00000000 ____D C:\Users\Hill\Desktop\gmer
2012-06-05 12:58 - 2012-06-05 12:59 - 00294216 ____A C:\Users\Hill\Desktop\gmer.zip
2012-06-05 12:55 - 2012-06-07 11:52 - 00000000 ____D C:\Users\Hill\Desktop\LOGS June2012
2012-06-05 12:50 - 2012-06-05 12:50 - 00607260 ____R (Swearware) C:\Users\Hill\Desktop\dds.scr
2012-06-05 12:46 - 2012-06-05 12:46 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{EDB200E8-E62B-47E5-BA74-424F153AB9C9}
2012-06-05 12:46 - 2012-06-05 12:46 - 00000000 ____D C:\Users\Hill\Local Settings\{EDB200E8-E62B-47E5-BA74-424F153AB9C9}
2012-06-05 12:46 - 2012-06-05 12:46 - 00000000 ____D C:\Users\Hill\AppData\Local\{EDB200E8-E62B-47E5-BA74-424F153AB9C9}
2012-06-05 12:45 - 2012-06-05 12:46 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{28E7601B-D226-4EAA-B27F-CDB3F6723F41}
2012-06-05 12:45 - 2012-06-05 12:46 - 00000000 ____D C:\Users\Hill\Local Settings\{28E7601B-D226-4EAA-B27F-CDB3F6723F41}
2012-06-05 12:45 - 2012-06-05 12:46 - 00000000 ____D C:\Users\Hill\AppData\Local\{28E7601B-D226-4EAA-B27F-CDB3F6723F41}
2012-06-05 12:40 - 2012-06-05 12:40 - 00000650 ____A C:\Users\Hill\Desktop\defogger_disable.log
2012-06-05 12:40 - 2012-06-05 12:40 - 00000188 ____A C:\Users\Hill\defogger_reenable
2012-06-05 12:37 - 2012-06-05 12:37 - 04586776 ____A (Check Point Software Technologies LTD) C:\Users\Hill\Desktop\zaSetupWeb_101_101_000_en.exe
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{CEF33CD0-B908-4E63-BE88-01025E75F40D}
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{3F75CF6E-3044-44C7-93BD-36045062570E}
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\Local Settings\{CEF33CD0-B908-4E63-BE88-01025E75F40D}
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\Local Settings\{3F75CF6E-3044-44C7-93BD-36045062570E}
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\AppData\Local\{CEF33CD0-B908-4E63-BE88-01025E75F40D}
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\AppData\Local\{3F75CF6E-3044-44C7-93BD-36045062570E}
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{853E8467-D49A-4548-B65E-A4146C26B0A0}
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{018A2C74-BAA0-45E1-8E67-390588FDCF24}
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\Local Settings\{853E8467-D49A-4548-B65E-A4146C26B0A0}
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\Local Settings\{018A2C74-BAA0-45E1-8E67-390588FDCF24}
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\AppData\Local\{853E8467-D49A-4548-B65E-A4146C26B0A0}
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\AppData\Local\{018A2C74-BAA0-45E1-8E67-390588FDCF24}
2012-06-01 09:05 - 2012-06-11 16:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{5F85B81B-BD74-4699-9A08-85FC3E917717}
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{26336DC5-38AB-41B7-AD15-8DAC4C4186C5}
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\Local Settings\{5F85B81B-BD74-4699-9A08-85FC3E917717}
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\Local Settings\{26336DC5-38AB-41B7-AD15-8DAC4C4186C5}
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\AppData\Local\{5F85B81B-BD74-4699-9A08-85FC3E917717}
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\AppData\Local\{26336DC5-38AB-41B7-AD15-8DAC4C4186C5}
2012-05-31 23:37 - 2012-05-31 23:38 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{63FEC498-0CAE-4FEF-942E-E3B90CC363DA}
2012-05-31 23:37 - 2012-05-31 23:38 - 00000000 ____D C:\Users\Hill\Local Settings\{63FEC498-0CAE-4FEF-942E-E3B90CC363DA}
2012-05-31 23:37 - 2012-05-31 23:38 - 00000000 ____D C:\Users\Hill\AppData\Local\{63FEC498-0CAE-4FEF-942E-E3B90CC363DA}
2012-05-31 23:37 - 2012-05-31 23:37 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{51E7568B-354C-4D75-A944-ACCD0A4DA7EE}
2012-05-31 23:37 - 2012-05-31 23:37 - 00000000 ____D C:\Users\Hill\Local Settings\{51E7568B-354C-4D75-A944-ACCD0A4DA7EE}
2012-05-31 23:37 - 2012-05-31 23:37 - 00000000 ____D C:\Users\Hill\AppData\Local\{51E7568B-354C-4D75-A944-ACCD0A4DA7EE}
2012-05-31 22:46 - 2012-05-31 22:46 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{D60176E5-A116-4074-86ED-0C594F2CFEDC}
2012-05-31 22:46 - 2012-05-31 22:46 - 00000000 ____D C:\Users\Hill\Local Settings\{D60176E5-A116-4074-86ED-0C594F2CFEDC}
2012-05-31 22:46 - 2012-05-31 22:46 - 00000000 ____D C:\Users\Hill\AppData\Local\{D60176E5-A116-4074-86ED-0C594F2CFEDC}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E8B91EA8-39CD-4AA3-B2A7-D22B7A568EBF}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{8F1FE1A1-5921-4B08-A86E-C11BFAE2E0AD}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\Local Settings\{E8B91EA8-39CD-4AA3-B2A7-D22B7A568EBF}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\Local Settings\{8F1FE1A1-5921-4B08-A86E-C11BFAE2E0AD}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\AppData\Local\{E8B91EA8-39CD-4AA3-B2A7-D22B7A568EBF}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\AppData\Local\{8F1FE1A1-5921-4B08-A86E-C11BFAE2E0AD}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{557037B7-F0A4-4D15-9613-716362DD923A}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{10C03B1B-548C-4606-B21B-87E19FD37206}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\Local Settings\{557037B7-F0A4-4D15-9613-716362DD923A}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\Local Settings\{10C03B1B-548C-4606-B21B-87E19FD37206}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{557037B7-F0A4-4D15-9613-716362DD923A}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{10C03B1B-548C-4606-B21B-87E19FD37206}
2012-05-31 00:49 - 2012-05-31 00:49 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{079553B7-5363-48D0-B456-D678AB0F1DE0}
2012-05-31 00:49 - 2012-05-31 00:49 - 00000000 ____D C:\Users\Hill\Local Settings\{079553B7-5363-48D0-B456-D678AB0F1DE0}
2012-05-31 00:49 - 2012-05-31 00:49 - 00000000 ____D C:\Users\Hill\AppData\Local\{079553B7-5363-48D0-B456-D678AB0F1DE0}
2012-05-31 00:48 - 2012-05-31 00:49 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{85F15920-43B9-4632-B545-F2BDC93A63CC}
2012-05-31 00:48 - 2012-05-31 00:49 - 00000000 ____D C:\Users\Hill\Local Settings\{85F15920-43B9-4632-B545-F2BDC93A63CC}
2012-05-31 00:48 - 2012-05-31 00:49 - 00000000 ____D C:\Users\Hill\AppData\Local\{85F15920-43B9-4632-B545-F2BDC93A63CC}
2012-05-29 22:43 - 2012-05-29 22:43 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{654C7DD9-1D3D-4DC5-881E-D4D3F4FE6E6F}
2012-05-29 22:43 - 2012-05-29 22:43 - 00000000 ____D C:\Users\Hill\Local Settings\{654C7DD9-1D3D-4DC5-881E-D4D3F4FE6E6F}
2012-05-29 22:43 - 2012-05-29 22:43 - 00000000 ____D C:\Users\Hill\AppData\Local\{654C7DD9-1D3D-4DC5-881E-D4D3F4FE6E6F}
2012-05-29 22:42 - 2012-05-29 22:43 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{F1AF186F-0DAD-4395-B40C-E2D52313DDFA}
2012-05-29 22:42 - 2012-05-29 22:43 - 00000000 ____D C:\Users\Hill\Local Settings\{F1AF186F-0DAD-4395-B40C-E2D52313DDFA}
2012-05-29 22:42 - 2012-05-29 22:43 - 00000000 ____D C:\Users\Hill\AppData\Local\{F1AF186F-0DAD-4395-B40C-E2D52313DDFA}
2012-05-27 22:11 - 2012-05-27 22:11 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{3A624B79-4F3E-41BA-B0B1-907FC3FAF8A0}
2012-05-27 22:11 - 2012-05-27 22:11 - 00000000 ____D C:\Users\Hill\Local Settings\{3A624B79-4F3E-41BA-B0B1-907FC3FAF8A0}
2012-05-27 22:11 - 2012-05-27 22:11 - 00000000 ____D C:\Users\Hill\AppData\Local\{3A624B79-4F3E-41BA-B0B1-907FC3FAF8A0}
2012-05-27 22:10 - 2012-05-27 22:11 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{1CF04F76-8A6C-4B29-887C-923F5827A44E}
2012-05-27 22:10 - 2012-05-27 22:11 - 00000000 ____D C:\Users\Hill\Local Settings\{1CF04F76-8A6C-4B29-887C-923F5827A44E}
2012-05-27 22:10 - 2012-05-27 22:11 - 00000000 ____D C:\Users\Hill\AppData\Local\{1CF04F76-8A6C-4B29-887C-923F5827A44E}
2012-05-27 20:25 - 2011-11-24 23:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{3A8B0F20-888A-4A53-9A6D-95C5D1B0547D}
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{010185D9-EFAD-45EB-854B-3A68BA1D8A70}
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\Local Settings\{3A8B0F20-888A-4A53-9A6D-95C5D1B0547D}
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\Local Settings\{010185D9-EFAD-45EB-854B-3A68BA1D8A70}
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{3A8B0F20-888A-4A53-9A6D-95C5D1B0547D}
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{010185D9-EFAD-45EB-854B-3A68BA1D8A70}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{ECD134B4-6BD0-4693-B0C4-5999307612DB}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E80D7E48-5AE6-4AE0-8DC0-F89C414A5A6C}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\Local Settings\{ECD134B4-6BD0-4693-B0C4-5999307612DB}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\Local Settings\{E80D7E48-5AE6-4AE0-8DC0-F89C414A5A6C}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\AppData\Local\{ECD134B4-6BD0-4693-B0C4-5999307612DB}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\AppData\Local\{E80D7E48-5AE6-4AE0-8DC0-F89C414A5A6C}
2012-05-24 20:28 - 2012-05-24 20:28 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{5F2C998D-66EE-4E2E-B899-379DABC7B631}
2012-05-24 20:28 - 2012-05-24 20:28 - 00000000 ____D C:\Users\Hill\Local Settings\{5F2C998D-66EE-4E2E-B899-379DABC7B631}
2012-05-24 20:28 - 2012-05-24 20:28 - 00000000 ____D C:\Users\Hill\AppData\Local\{5F2C998D-66EE-4E2E-B899-379DABC7B631}
2012-05-24 20:27 - 2012-05-24 20:27 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{C0206C87-63F3-4B6F-BAE2-C7F2CB961559}
2012-05-24 20:27 - 2012-05-24 20:27 - 00000000 ____D C:\Users\Hill\Local Settings\{C0206C87-63F3-4B6F-BAE2-C7F2CB961559}
2012-05-24 20:27 - 2012-05-24 20:27 - 00000000 ____D C:\Users\Hill\AppData\Local\{C0206C87-63F3-4B6F-BAE2-C7F2CB961559}
2012-05-23 19:08 - 2012-05-23 19:08 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-23 18:58 - 2012-06-01 09:05 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-20 21:06 - 2012-05-20 21:07 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{B0289A88-51E1-4EF0-AF43-5135D6DDB508}
2012-05-20 21:06 - 2012-05-20 21:07 - 00000000 ____D C:\Users\Hill\Local Settings\{B0289A88-51E1-4EF0-AF43-5135D6DDB508}
2012-05-20 21:06 - 2012-05-20 21:07 - 00000000 ____D C:\Users\Hill\AppData\Local\{B0289A88-51E1-4EF0-AF43-5135D6DDB508}
2012-05-20 21:06 - 2012-05-20 21:06 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{C997665B-E2DB-40FA-9D83-D092C51FBC6D}
2012-05-20 21:06 - 2012-05-20 21:06 - 00000000 ____D C:\Users\Hill\Local Settings\{C997665B-E2DB-40FA-9D83-D092C51FBC6D}
2012-05-20 21:06 - 2012-05-20 21:06 - 00000000 ____D C:\Users\Hill\AppData\Local\{C997665B-E2DB-40FA-9D83-D092C51FBC6D}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{62D0B0B7-6D67-43A1-8747-2D80353CD994}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{5D756CDD-4B75-4093-BA41-EEEDFAED09BD}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\Local Settings\{62D0B0B7-6D67-43A1-8747-2D80353CD994}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\Local Settings\{5D756CDD-4B75-4093-BA41-EEEDFAED09BD}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\AppData\Local\{62D0B0B7-6D67-43A1-8747-2D80353CD994}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\AppData\Local\{5D756CDD-4B75-4093-BA41-EEEDFAED09BD}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E5F77238-92A0-460B-B68F-42C7191EF6CF}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{C7D0C0B0-23D3-4E84-AF61-0AF37D75CC4C}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\Local Settings\{E5F77238-92A0-460B-B68F-42C7191EF6CF}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\Local Settings\{C7D0C0B0-23D3-4E84-AF61-0AF37D75CC4C}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\AppData\Local\{E5F77238-92A0-460B-B68F-42C7191EF6CF}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\AppData\Local\{C7D0C0B0-23D3-4E84-AF61-0AF37D75CC4C}
2012-05-17 20:24 - 2012-05-17 20:25 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{0A13BBCA-3876-4F7F-9144-32007476B530}
2012-05-17 20:24 - 2012-05-17 20:25 - 00000000 ____D C:\Users\Hill\Local Settings\{0A13BBCA-3876-4F7F-9144-32007476B530}
2012-05-17 20:24 - 2012-05-17 20:25 - 00000000 ____D C:\Users\Hill\AppData\Local\{0A13BBCA-3876-4F7F-9144-32007476B530}
2012-05-17 20:24 - 2012-05-17 20:24 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{24372EB1-CF63-4714-9A5D-0F88BA6AE830}
2012-05-17 20:24 - 2012-05-17 20:24 - 00000000 ____D C:\Users\Hill\Local Settings\{24372EB1-CF63-4714-9A5D-0F88BA6AE830}
2012-05-17 20:24 - 2012-05-17 20:24 - 00000000 ____D C:\Users\Hill\AppData\Local\{24372EB1-CF63-4714-9A5D-0F88BA6AE830}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{EE89A82D-0E71-46AC-8A4F-956F83A00B85}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{4B6FBBDE-671A-43FD-A460-1B58E485C1D2}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\Local Settings\{EE89A82D-0E71-46AC-8A4F-956F83A00B85}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\Local Settings\{4B6FBBDE-671A-43FD-A460-1B58E485C1D2}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\AppData\Local\{EE89A82D-0E71-46AC-8A4F-956F83A00B85}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\AppData\Local\{4B6FBBDE-671A-43FD-A460-1B58E485C1D2}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{B0337274-EF05-4335-84D9-535ED062964A}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{31067BCD-9CF2-4636-B3DD-FEF5C284F33A}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\Local Settings\{B0337274-EF05-4335-84D9-535ED062964A}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\Local Settings\{31067BCD-9CF2-4636-B3DD-FEF5C284F33A}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\AppData\Local\{B0337274-EF05-4335-84D9-535ED062964A}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\AppData\Local\{31067BCD-9CF2-4636-B3DD-FEF5C284F33A}
2012-05-15 23:00 - 2012-05-15 23:00 - 00000000 ____D C:\Program Files (x86)\TotalRecipeSearch_14
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E15ED8FE-9C94-4164-94EA-BAE5E499D070}
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{5D8AA3F9-35FF-40AE-8F37-0FBD552F77AC}
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\Local Settings\{E15ED8FE-9C94-4164-94EA-BAE5E499D070}
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\Local Settings\{5D8AA3F9-35FF-40AE-8F37-0FBD552F77AC}
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\AppData\Local\{E15ED8FE-9C94-4164-94EA-BAE5E499D070}
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\AppData\Local\{5D8AA3F9-35FF-40AE-8F37-0FBD552F77AC}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{79F689B8-7CE3-4082-BAB4-B04FBCA57C9E}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{2D5143DE-9B6B-4822-82AC-2BA0412C2E5A}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\Local Settings\{79F689B8-7CE3-4082-BAB4-B04FBCA57C9E}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\Local Settings\{2D5143DE-9B6B-4822-82AC-2BA0412C2E5A}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\AppData\Local\{79F689B8-7CE3-4082-BAB4-B04FBCA57C9E}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\AppData\Local\{2D5143DE-9B6B-4822-82AC-2BA0412C2E5A}
2012-05-12 12:24 - 2012-05-12 12:24 - 00000000 ____D C:\Users\Hill\Application Data\install
2012-05-12 12:24 - 2012-05-12 12:24 - 00000000 ____D C:\Users\Hill\AppData\Roaming\install
2012-05-12 12:18 - 2012-01-28 00:00 - 05386240 ____A (Bluestate Inc. ) C:\Users\Hill\Application Data\javaupdate_KBD12S.exe
2012-05-12 12:18 - 2012-01-28 00:00 - 05386240 ____A (Bluestate Inc. ) C:\Users\Hill\AppData\Roaming\javaupdate_KBD12S.exe
2012-05-12 11:23 - 2012-05-12 11:24 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{7B51F00B-ED3F-4EEF-B5BA-D9EBF50082CA}
2012-05-12 11:23 - 2012-05-12 11:24 - 00000000 ____D C:\Users\Hill\Local Settings\{7B51F00B-ED3F-4EEF-B5BA-D9EBF50082CA}
2012-05-12 11:23 - 2012-05-12 11:24 - 00000000 ____D C:\Users\Hill\AppData\Local\{7B51F00B-ED3F-4EEF-B5BA-D9EBF50082CA}
2012-05-12 11:23 - 2012-05-12 11:23 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{292C8F91-044C-4E24-8E47-80B521F04B0F}
2012-05-12 11:23 - 2012-05-12 11:23 - 00000000 ____D C:\Users\Hill\Local Settings\{292C8F91-044C-4E24-8E47-80B521F04B0F}
2012-05-12 11:23 - 2012-05-12 11:23 - 00000000 ____D C:\Users\Hill\AppData\Local\{292C8F91-044C-4E24-8E47-80B521F04B0F}

============ 3 Months Modified Files and Folders =============

2012-06-11 17:58 - 2012-06-11 12:28 - 00000000 ____D C:\FRST
2012-06-11 16:55 - 2009-07-14 00:10 - 01945532 ____A C:\Windows\WindowsUpdate.log
2012-06-11 16:53 - 2012-06-11 11:16 - 01402035 ____A C:\Users\Hill\Downloads\FRST64.exe
2012-06-11 16:40 - 2012-06-01 09:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-11 16:05 - 2010-09-18 21:14 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-11 11:55 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-11 11:55 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-11 11:51 - 2009-07-14 00:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{886BE628-FE60-4FA6-9BCB-C22DC92DCEA8}
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{70672C24-B164-4F8D-A77E-8EEBB64EA42A}
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\Local Settings\{886BE628-FE60-4FA6-9BCB-C22DC92DCEA8}
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\Local Settings\{70672C24-B164-4F8D-A77E-8EEBB64EA42A}
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\AppData\Local\{886BE628-FE60-4FA6-9BCB-C22DC92DCEA8}
2012-06-11 11:48 - 2012-06-11 11:48 - 00000000 ____D C:\Users\Hill\AppData\Local\{70672C24-B164-4F8D-A77E-8EEBB64EA42A}
2012-06-11 11:46 - 2010-10-27 02:02 - 00000000 ____D C:\Users\Hill\Tracing
2012-06-11 11:44 - 2011-10-09 00:00 - 00011328 ____A C:\Windows\setupact.log
2012-06-11 11:44 - 2010-09-18 21:14 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-11 11:44 - 2010-06-10 12:16 - 00000000 ____D C:\Users\Hill\Local Settings\SoftThinks
2012-06-11 11:44 - 2010-06-10 12:16 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\SoftThinks
2012-06-11 11:44 - 2010-06-10 12:16 - 00000000 ____D C:\Users\Hill\AppData\Local\SoftThinks
2012-06-11 11:44 - 2010-06-06 14:49 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-11 11:44 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-11 09:51 - 2012-06-11 09:51 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{9E233349-9915-4EAB-81AD-2E935DAB379D}
2012-06-11 09:51 - 2012-06-11 09:51 - 00000000 ____D C:\Users\Hill\Local Settings\{9E233349-9915-4EAB-81AD-2E935DAB379D}
2012-06-11 09:51 - 2012-06-11 09:51 - 00000000 ____D C:\Users\Hill\AppData\Local\{9E233349-9915-4EAB-81AD-2E935DAB379D}
2012-06-11 08:14 - 2011-10-26 11:30 - 00000000 ____D C:\Users\Hill\My Documents\Outlook Files
2012-06-11 08:14 - 2011-10-26 11:30 - 00000000 ____D C:\Users\Hill\Documents\Outlook Files
2012-06-11 08:13 - 2012-01-21 12:27 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-11 08:13 - 2012-01-21 12:14 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-11 08:13 - 2012-01-21 12:14 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{77B02831-A65E-454A-ACD0-7A01DE68EB62}
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{594FB1D1-027A-4490-972E-F27B5BA9B495}
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\Local Settings\{77B02831-A65E-454A-ACD0-7A01DE68EB62}
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\Local Settings\{594FB1D1-027A-4490-972E-F27B5BA9B495}
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\AppData\Local\{77B02831-A65E-454A-ACD0-7A01DE68EB62}
2012-06-11 07:16 - 2012-06-11 07:16 - 00000000 ____D C:\Users\Hill\AppData\Local\{594FB1D1-027A-4490-972E-F27B5BA9B495}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{FBA985BA-060E-4291-B0B7-73BBC4745CDF}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{D840E6D3-CC5F-4747-A1DF-52863E8DEBBE}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\Local Settings\{FBA985BA-060E-4291-B0B7-73BBC4745CDF}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\Local Settings\{D840E6D3-CC5F-4747-A1DF-52863E8DEBBE}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\AppData\Local\{FBA985BA-060E-4291-B0B7-73BBC4745CDF}
2012-06-10 22:17 - 2012-06-10 22:17 - 00000000 ____D C:\Users\Hill\AppData\Local\{D840E6D3-CC5F-4747-A1DF-52863E8DEBBE}
2012-06-10 15:37 - 2012-06-10 15:25 - 00004237 ____A C:\Users\Hill\Desktop\FSS.txt
2012-06-10 15:32 - 2012-06-09 23:31 - 00000000 ___SD C:\32788R22FWJFW
2012-06-10 15:24 - 2012-06-10 15:23 - 00338127 ____A C:\Users\Hill\Desktop\FSS.exe
2012-06-09 23:23 - 2012-06-09 23:23 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-09 23:22 - 2012-06-09 23:22 - 04539885 ____R (Swearware) C:\Users\Hill\Desktop\ComboFix.exe
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{96A7551E-BC88-4869-867E-06AEF566EC5D}
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{24D66DFD-E247-4A17-9C1E-A8297CFC5108}
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\Local Settings\{96A7551E-BC88-4869-867E-06AEF566EC5D}
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\Local Settings\{24D66DFD-E247-4A17-9C1E-A8297CFC5108}
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\AppData\Local\{96A7551E-BC88-4869-867E-06AEF566EC5D}
2012-06-08 21:47 - 2012-06-08 21:47 - 00000000 ____D C:\Users\Hill\AppData\Local\{24D66DFD-E247-4A17-9C1E-A8297CFC5108}
2012-06-08 20:27 - 2012-06-08 20:27 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{20AFCE18-E660-460B-AB82-EE8E39AF63FC}
2012-06-08 20:27 - 2012-06-08 20:27 - 00000000 ____D C:\Users\Hill\Local Settings\{20AFCE18-E660-460B-AB82-EE8E39AF63FC}
2012-06-08 20:27 - 2012-06-08 20:27 - 00000000 ____D C:\Users\Hill\AppData\Local\{20AFCE18-E660-460B-AB82-EE8E39AF63FC}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{C8552A51-6D03-4441-AC1E-EA589B4AB0AA}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{8BF0C7D8-27AC-4F44-AB93-28D72D562A4B}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\Local Settings\{C8552A51-6D03-4441-AC1E-EA589B4AB0AA}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\Local Settings\{8BF0C7D8-27AC-4F44-AB93-28D72D562A4B}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\AppData\Local\{C8552A51-6D03-4441-AC1E-EA589B4AB0AA}
2012-06-08 17:38 - 2012-06-08 17:38 - 00000000 ____D C:\Users\Hill\AppData\Local\{8BF0C7D8-27AC-4F44-AB93-28D72D562A4B}
2012-06-08 11:56 - 2012-01-25 14:56 - 00000000 ____D C:\Users\Hill\Local Settings\CrashDumps
2012-06-08 11:56 - 2012-01-25 14:56 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\CrashDumps
2012-06-08 11:56 - 2012-01-25 14:56 - 00000000 ____D C:\Users\Hill\AppData\Local\CrashDumps
2012-06-08 11:05 - 2012-06-08 11:05 - 00000000 ____D C:\Roxio
2012-06-07 11:52 - 2012-06-05 12:55 - 00000000 ____D C:\Users\Hill\Desktop\LOGS June2012
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{FC274EAD-D03E-409B-BF02-933E855DD687}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{1F6D5558-0971-4C0A-A26B-95DEDECB91CF}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\Local Settings\{FC274EAD-D03E-409B-BF02-933E855DD687}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\Local Settings\{1F6D5558-0971-4C0A-A26B-95DEDECB91CF}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\AppData\Local\{FC274EAD-D03E-409B-BF02-933E855DD687}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Hill\AppData\Local\{1F6D5558-0971-4C0A-A26B-95DEDECB91CF}
2012-06-06 09:32 - 2010-07-31 14:36 - 00000000 ____D C:\Users\Hill\My Documents\ResumeMaker
2012-06-06 09:32 - 2010-07-31 14:36 - 00000000 ____D C:\Users\Hill\Documents\ResumeMaker
2012-06-06 09:22 - 2010-07-31 14:30 - 00000000 ____D C:\Program Files (x86)\ResumeMaker
2012-06-06 09:21 - 2010-08-25 22:11 - 00028160 ____A C:\Users\Hill\My Documents\RecommendfromMike.doc
2012-06-06 09:21 - 2010-08-25 22:11 - 00028160 ____A C:\Users\Hill\Documents\RecommendfromMike.doc
2012-06-06 09:18 - 2010-08-25 22:20 - 00027648 ____A C:\Users\Hill\My Documents\RecommendfromAmy.doc
2012-06-06 09:18 - 2010-08-25 22:20 - 00027648 ____A C:\Users\Hill\Documents\RecommendfromAmy.doc
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{B3EAB80C-8D1B-4CF4-A635-0C4F8CBA1CD8}
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{1AA392A2-C156-4514-A228-F76B964C0261}
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\Local Settings\{B3EAB80C-8D1B-4CF4-A635-0C4F8CBA1CD8}
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\Local Settings\{1AA392A2-C156-4514-A228-F76B964C0261}
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\AppData\Local\{B3EAB80C-8D1B-4CF4-A635-0C4F8CBA1CD8}
2012-06-06 09:01 - 2012-06-06 09:01 - 00000000 ____D C:\Users\Hill\AppData\Local\{1AA392A2-C156-4514-A228-F76B964C0261}
2012-06-06 08:54 - 2010-08-01 17:04 - 00028672 ____A C:\Users\Hill\My Documents\hct resume for AL.doc
2012-06-06 08:54 - 2010-08-01 17:04 - 00028672 ____A C:\Users\Hill\Documents\hct resume for AL.doc
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{9E957543-D0BD-40E2-8B35-929E83F21C91}
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{743FC993-D802-41F7-896D-BDC47AB744A0}
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\Local Settings\{9E957543-D0BD-40E2-8B35-929E83F21C91}
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\Local Settings\{743FC993-D802-41F7-896D-BDC47AB744A0}
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\AppData\Local\{9E957543-D0BD-40E2-8B35-929E83F21C91}
2012-06-05 18:55 - 2012-06-05 18:55 - 00000000 ____D C:\Users\Hill\AppData\Local\{743FC993-D802-41F7-896D-BDC47AB744A0}
2012-06-05 13:00 - 2012-06-05 13:00 - 00000000 ____D C:\Users\Hill\Desktop\gmer
2012-06-05 12:59 - 2012-06-05 12:58 - 00294216 ____A C:\Users\Hill\Desktop\gmer.zip
2012-06-05 12:50 - 2012-06-05 12:50 - 00607260 ____R (Swearware) C:\Users\Hill\Desktop\dds.scr
2012-06-05 12:46 - 2012-06-05 12:46 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{EDB200E8-E62B-47E5-BA74-424F153AB9C9}
2012-06-05 12:46 - 2012-06-05 12:46 - 00000000 ____D C:\Users\Hill\Local Settings\{EDB200E8-E62B-47E5-BA74-424F153AB9C9}
2012-06-05 12:46 - 2012-06-05 12:46 - 00000000 ____D C:\Users\Hill\AppData\Local\{EDB200E8-E62B-47E5-BA74-424F153AB9C9}
2012-06-05 12:46 - 2012-06-05 12:45 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{28E7601B-D226-4EAA-B27F-CDB3F6723F41}
2012-06-05 12:46 - 2012-06-05 12:45 - 00000000 ____D C:\Users\Hill\Local Settings\{28E7601B-D226-4EAA-B27F-CDB3F6723F41}
2012-06-05 12:46 - 2012-06-05 12:45 - 00000000 ____D C:\Users\Hill\AppData\Local\{28E7601B-D226-4EAA-B27F-CDB3F6723F41}
2012-06-05 12:40 - 2012-06-05 12:40 - 00000650 ____A C:\Users\Hill\Desktop\defogger_disable.log
2012-06-05 12:40 - 2012-06-05 12:40 - 00000188 ____A C:\Users\Hill\defogger_reenable
2012-06-05 12:40 - 2010-06-10 12:16 - 00000000 ____D C:\users\Hill
2012-06-05 12:37 - 2012-06-05 12:37 - 04586776 ____A (Check Point Software Technologies LTD) C:\Users\Hill\Desktop\zaSetupWeb_101_101_000_en.exe
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{CEF33CD0-B908-4E63-BE88-01025E75F40D}
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{3F75CF6E-3044-44C7-93BD-36045062570E}
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\Local Settings\{CEF33CD0-B908-4E63-BE88-01025E75F40D}
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\Local Settings\{3F75CF6E-3044-44C7-93BD-36045062570E}
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\AppData\Local\{CEF33CD0-B908-4E63-BE88-01025E75F40D}
2012-06-05 07:43 - 2012-06-05 07:43 - 00000000 ____D C:\Users\Hill\AppData\Local\{3F75CF6E-3044-44C7-93BD-36045062570E}
2012-06-05 07:33 - 2011-11-29 09:37 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{853E8467-D49A-4548-B65E-A4146C26B0A0}
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{018A2C74-BAA0-45E1-8E67-390588FDCF24}
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\Local Settings\{853E8467-D49A-4548-B65E-A4146C26B0A0}
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\Local Settings\{018A2C74-BAA0-45E1-8E67-390588FDCF24}
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\AppData\Local\{853E8467-D49A-4548-B65E-A4146C26B0A0}
2012-06-05 07:27 - 2012-06-05 07:27 - 00000000 ____D C:\Users\Hill\AppData\Local\{018A2C74-BAA0-45E1-8E67-390588FDCF24}
2012-06-04 12:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-04 01:46 - 2010-06-16 20:45 - 00000000 ____D C:\Users\Hill\Local Settings\NewsBin
2012-06-04 01:46 - 2010-06-16 20:45 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\NewsBin
2012-06-04 01:46 - 2010-06-16 20:45 - 00000000 ____D C:\Users\Hill\AppData\Local\NewsBin
2012-06-03 04:36 - 2011-08-27 17:36 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2012-06-01 09:05 - 2012-05-23 18:58 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-01 09:05 - 2011-06-21 22:01 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{5F85B81B-BD74-4699-9A08-85FC3E917717}
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{26336DC5-38AB-41B7-AD15-8DAC4C4186C5}
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\Local Settings\{5F85B81B-BD74-4699-9A08-85FC3E917717}
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\Local Settings\{26336DC5-38AB-41B7-AD15-8DAC4C4186C5}
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\AppData\Local\{5F85B81B-BD74-4699-9A08-85FC3E917717}
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\Hill\AppData\Local\{26336DC5-38AB-41B7-AD15-8DAC4C4186C5}
2012-05-31 23:38 - 2012-05-31 23:37 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{63FEC498-0CAE-4FEF-942E-E3B90CC363DA}
2012-05-31 23:38 - 2012-05-31 23:37 - 00000000 ____D C:\Users\Hill\Local Settings\{63FEC498-0CAE-4FEF-942E-E3B90CC363DA}
2012-05-31 23:38 - 2012-05-31 23:37 - 00000000 ____D C:\Users\Hill\AppData\Local\{63FEC498-0CAE-4FEF-942E-E3B90CC363DA}
2012-05-31 23:37 - 2012-05-31 23:37 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{51E7568B-354C-4D75-A944-ACCD0A4DA7EE}
2012-05-31 23:37 - 2012-05-31 23:37 - 00000000 ____D C:\Users\Hill\Local Settings\{51E7568B-354C-4D75-A944-ACCD0A4DA7EE}
2012-05-31 23:37 - 2012-05-31 23:37 - 00000000 ____D C:\Users\Hill\AppData\Local\{51E7568B-354C-4D75-A944-ACCD0A4DA7EE}
2012-05-31 22:46 - 2012-05-31 22:46 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{D60176E5-A116-4074-86ED-0C594F2CFEDC}
2012-05-31 22:46 - 2012-05-31 22:46 - 00000000 ____D C:\Users\Hill\Local Settings\{D60176E5-A116-4074-86ED-0C594F2CFEDC}
2012-05-31 22:46 - 2012-05-31 22:46 - 00000000 ____D C:\Users\Hill\AppData\Local\{D60176E5-A116-4074-86ED-0C594F2CFEDC}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E8B91EA8-39CD-4AA3-B2A7-D22B7A568EBF}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{8F1FE1A1-5921-4B08-A86E-C11BFAE2E0AD}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\Local Settings\{E8B91EA8-39CD-4AA3-B2A7-D22B7A568EBF}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\Local Settings\{8F1FE1A1-5921-4B08-A86E-C11BFAE2E0AD}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\AppData\Local\{E8B91EA8-39CD-4AA3-B2A7-D22B7A568EBF}
2012-05-31 10:52 - 2012-05-31 10:52 - 00000000 ____D C:\Users\Hill\AppData\Local\{8F1FE1A1-5921-4B08-A86E-C11BFAE2E0AD}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{557037B7-F0A4-4D15-9613-716362DD923A}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{10C03B1B-548C-4606-B21B-87E19FD37206}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\Local Settings\{557037B7-F0A4-4D15-9613-716362DD923A}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\Local Settings\{10C03B1B-548C-4606-B21B-87E19FD37206}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{557037B7-F0A4-4D15-9613-716362DD923A}
2012-05-31 09:42 - 2012-05-31 09:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{10C03B1B-548C-4606-B21B-87E19FD37206}
2012-05-31 00:49 - 2012-05-31 00:49 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{079553B7-5363-48D0-B456-D678AB0F1DE0}
2012-05-31 00:49 - 2012-05-31 00:49 - 00000000 ____D C:\Users\Hill\Local Settings\{079553B7-5363-48D0-B456-D678AB0F1DE0}
2012-05-31 00:49 - 2012-05-31 00:49 - 00000000 ____D C:\Users\Hill\AppData\Local\{079553B7-5363-48D0-B456-D678AB0F1DE0}
2012-05-31 00:49 - 2012-05-31 00:48 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{85F15920-43B9-4632-B545-F2BDC93A63CC}
2012-05-31 00:49 - 2012-05-31 00:48 - 00000000 ____D C:\Users\Hill\Local Settings\{85F15920-43B9-4632-B545-F2BDC93A63CC}
2012-05-31 00:49 - 2012-05-31 00:48 - 00000000 ____D C:\Users\Hill\AppData\Local\{85F15920-43B9-4632-B545-F2BDC93A63CC}
2012-05-29 22:43 - 2012-05-29 22:43 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{654C7DD9-1D3D-4DC5-881E-D4D3F4FE6E6F}
2012-05-29 22:43 - 2012-05-29 22:43 - 00000000 ____D C:\Users\Hill\Local Settings\{654C7DD9-1D3D-4DC5-881E-D4D3F4FE6E6F}
2012-05-29 22:43 - 2012-05-29 22:43 - 00000000 ____D C:\Users\Hill\AppData\Local\{654C7DD9-1D3D-4DC5-881E-D4D3F4FE6E6F}
2012-05-29 22:43 - 2012-05-29 22:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{F1AF186F-0DAD-4395-B40C-E2D52313DDFA}
2012-05-29 22:43 - 2012-05-29 22:42 - 00000000 ____D C:\Users\Hill\Local Settings\{F1AF186F-0DAD-4395-B40C-E2D52313DDFA}
2012-05-29 22:43 - 2012-05-29 22:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{F1AF186F-0DAD-4395-B40C-E2D52313DDFA}
2012-05-28 05:25 - 2011-09-23 10:34 - 00000000 ____D C:\Users\Hill\Local Settings\V CAST Media Manager
2012-05-28 05:25 - 2011-09-23 10:34 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\V CAST Media Manager
2012-05-28 05:25 - 2011-09-23 10:34 - 00000000 ____D C:\Users\Hill\AppData\Local\V CAST Media Manager
2012-05-28 05:25 - 2011-06-12 02:12 - 00000000 ____D C:\Users\Hill\Application Data\vlc
2012-05-28 05:25 - 2011-06-12 02:12 - 00000000 ____D C:\Users\Hill\AppData\Roaming\vlc
2012-05-27 22:11 - 2012-05-27 22:11 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{3A624B79-4F3E-41BA-B0B1-907FC3FAF8A0}
2012-05-27 22:11 - 2012-05-27 22:11 - 00000000 ____D C:\Users\Hill\Local Settings\{3A624B79-4F3E-41BA-B0B1-907FC3FAF8A0}
2012-05-27 22:11 - 2012-05-27 22:11 - 00000000 ____D C:\Users\Hill\AppData\Local\{3A624B79-4F3E-41BA-B0B1-907FC3FAF8A0}
2012-05-27 22:11 - 2012-05-27 22:10 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{1CF04F76-8A6C-4B29-887C-923F5827A44E}
2012-05-27 22:11 - 2012-05-27 22:10 - 00000000 ____D C:\Users\Hill\Local Settings\{1CF04F76-8A6C-4B29-887C-923F5827A44E}
2012-05-27 22:11 - 2012-05-27 22:10 - 00000000 ____D C:\Users\Hill\AppData\Local\{1CF04F76-8A6C-4B29-887C-923F5827A44E}
2012-05-27 20:25 - 2011-02-14 20:53 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{3A8B0F20-888A-4A53-9A6D-95C5D1B0547D}
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{010185D9-EFAD-45EB-854B-3A68BA1D8A70}
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\Local Settings\{3A8B0F20-888A-4A53-9A6D-95C5D1B0547D}
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\Local Settings\{010185D9-EFAD-45EB-854B-3A68BA1D8A70}
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{3A8B0F20-888A-4A53-9A6D-95C5D1B0547D}
2012-05-25 16:42 - 2012-05-25 16:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{010185D9-EFAD-45EB-854B-3A68BA1D8A70}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{ECD134B4-6BD0-4693-B0C4-5999307612DB}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E80D7E48-5AE6-4AE0-8DC0-F89C414A5A6C}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\Local Settings\{ECD134B4-6BD0-4693-B0C4-5999307612DB}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\Local Settings\{E80D7E48-5AE6-4AE0-8DC0-F89C414A5A6C}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\AppData\Local\{ECD134B4-6BD0-4693-B0C4-5999307612DB}
2012-05-25 15:33 - 2012-05-25 15:33 - 00000000 ____D C:\Users\Hill\AppData\Local\{E80D7E48-5AE6-4AE0-8DC0-F89C414A5A6C}
2012-05-24 20:28 - 2012-05-24 20:28 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{5F2C998D-66EE-4E2E-B899-379DABC7B631}
2012-05-24 20:28 - 2012-05-24 20:28 - 00000000 ____D C:\Users\Hill\Local Settings\{5F2C998D-66EE-4E2E-B899-379DABC7B631}
2012-05-24 20:28 - 2012-05-24 20:28 - 00000000 ____D C:\Users\Hill\AppData\Local\{5F2C998D-66EE-4E2E-B899-379DABC7B631}
2012-05-24 20:27 - 2012-05-24 20:27 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{C0206C87-63F3-4B6F-BAE2-C7F2CB961559}
2012-05-24 20:27 - 2012-05-24 20:27 - 00000000 ____D C:\Users\Hill\Local Settings\{C0206C87-63F3-4B6F-BAE2-C7F2CB961559}
2012-05-24 20:27 - 2012-05-24 20:27 - 00000000 ____D C:\Users\Hill\AppData\Local\{C0206C87-63F3-4B6F-BAE2-C7F2CB961559}
2012-05-24 20:23 - 2010-06-16 20:03 - 00000000 ____D C:\users\postgres
2012-05-24 20:23 - 2010-06-10 12:16 - 00000000 ____D C:\Users\Hill\AppData\LocalLow
2012-05-24 20:23 - 2010-06-06 16:30 - 00479622 ____A C:\Windows\PFRO.log
2012-05-23 22:08 - 2010-09-18 21:17 - 00002346 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-23 22:08 - 2010-09-18 21:17 - 00002346 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-05-23 19:08 - 2012-05-23 19:08 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-20 21:07 - 2012-05-20 21:06 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{B0289A88-51E1-4EF0-AF43-5135D6DDB508}
2012-05-20 21:07 - 2012-05-20 21:06 - 00000000 ____D C:\Users\Hill\Local Settings\{B0289A88-51E1-4EF0-AF43-5135D6DDB508}
2012-05-20 21:07 - 2012-05-20 21:06 - 00000000 ____D C:\Users\Hill\AppData\Local\{B0289A88-51E1-4EF0-AF43-5135D6DDB508}
2012-05-20 21:06 - 2012-05-20 21:06 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{C997665B-E2DB-40FA-9D83-D092C51FBC6D}
2012-05-20 21:06 - 2012-05-20 21:06 - 00000000 ____D C:\Users\Hill\Local Settings\{C997665B-E2DB-40FA-9D83-D092C51FBC6D}
2012-05-20 21:06 - 2012-05-20 21:06 - 00000000 ____D C:\Users\Hill\AppData\Local\{C997665B-E2DB-40FA-9D83-D092C51FBC6D}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{62D0B0B7-6D67-43A1-8747-2D80353CD994}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{5D756CDD-4B75-4093-BA41-EEEDFAED09BD}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\Local Settings\{62D0B0B7-6D67-43A1-8747-2D80353CD994}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\Local Settings\{5D756CDD-4B75-4093-BA41-EEEDFAED09BD}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\AppData\Local\{62D0B0B7-6D67-43A1-8747-2D80353CD994}
2012-05-20 20:43 - 2012-05-20 20:43 - 00000000 ____D C:\Users\Hill\AppData\Local\{5D756CDD-4B75-4093-BA41-EEEDFAED09BD}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E5F77238-92A0-460B-B68F-42C7191EF6CF}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{C7D0C0B0-23D3-4E84-AF61-0AF37D75CC4C}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\Local Settings\{E5F77238-92A0-460B-B68F-42C7191EF6CF}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\Local Settings\{C7D0C0B0-23D3-4E84-AF61-0AF37D75CC4C}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\AppData\Local\{E5F77238-92A0-460B-B68F-42C7191EF6CF}
2012-05-17 22:04 - 2012-05-17 22:04 - 00000000 ____D C:\Users\Hill\AppData\Local\{C7D0C0B0-23D3-4E84-AF61-0AF37D75CC4C}
2012-05-17 20:25 - 2012-05-17 20:24 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{0A13BBCA-3876-4F7F-9144-32007476B530}
2012-05-17 20:25 - 2012-05-17 20:24 - 00000000 ____D C:\Users\Hill\Local Settings\{0A13BBCA-3876-4F7F-9144-32007476B530}
2012-05-17 20:25 - 2012-05-17 20:24 - 00000000 ____D C:\Users\Hill\AppData\Local\{0A13BBCA-3876-4F7F-9144-32007476B530}
2012-05-17 20:24 - 2012-05-17 20:24 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{24372EB1-CF63-4714-9A5D-0F88BA6AE830}
2012-05-17 20:24 - 2012-05-17 20:24 - 00000000 ____D C:\Users\Hill\Local Settings\{24372EB1-CF63-4714-9A5D-0F88BA6AE830}
2012-05-17 20:24 - 2012-05-17 20:24 - 00000000 ____D C:\Users\Hill\AppData\Local\{24372EB1-CF63-4714-9A5D-0F88BA6AE830}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{EE89A82D-0E71-46AC-8A4F-956F83A00B85}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{4B6FBBDE-671A-43FD-A460-1B58E485C1D2}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\Local Settings\{EE89A82D-0E71-46AC-8A4F-956F83A00B85}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\Local Settings\{4B6FBBDE-671A-43FD-A460-1B58E485C1D2}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\AppData\Local\{EE89A82D-0E71-46AC-8A4F-956F83A00B85}
2012-05-17 00:36 - 2012-05-17 00:36 - 00000000 ____D C:\Users\Hill\AppData\Local\{4B6FBBDE-671A-43FD-A460-1B58E485C1D2}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{B0337274-EF05-4335-84D9-535ED062964A}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{31067BCD-9CF2-4636-B3DD-FEF5C284F33A}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\Local Settings\{B0337274-EF05-4335-84D9-535ED062964A}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\Local Settings\{31067BCD-9CF2-4636-B3DD-FEF5C284F33A}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\AppData\Local\{B0337274-EF05-4335-84D9-535ED062964A}
2012-05-15 23:09 - 2012-05-15 23:09 - 00000000 ____D C:\Users\Hill\AppData\Local\{31067BCD-9CF2-4636-B3DD-FEF5C284F33A}
2012-05-15 23:00 - 2012-05-15 23:00 - 00000000 ____D C:\Program Files (x86)\TotalRecipeSearch_14
2012-05-15 10:56 - 2012-05-08 15:14 - 00011717 ____A C:\Users\Hill\My Documents\weight Loss.xlsx
2012-05-15 10:56 - 2012-05-08 15:14 - 00011717 ____A C:\Users\Hill\Documents\weight Loss.xlsx
2012-05-15 10:56 - 2012-02-06 13:28 - 00011159 ____A C:\Users\Hill\My Documents\MedBills.xlsx
2012-05-15 10:56 - 2012-02-06 13:28 - 00011159 ____A C:\Users\Hill\Documents\MedBills.xlsx
2012-05-15 10:56 - 2010-11-04 20:21 - 00071628 ____A C:\Users\Hill\My Documents\Movie List.xlsx
2012-05-15 10:56 - 2010-11-04 20:21 - 00071628 ____A C:\Users\Hill\Documents\Movie List.xlsx
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E15ED8FE-9C94-4164-94EA-BAE5E499D070}
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{5D8AA3F9-35FF-40AE-8F37-0FBD552F77AC}
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\Local Settings\{E15ED8FE-9C94-4164-94EA-BAE5E499D070}
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\Local Settings\{5D8AA3F9-35FF-40AE-8F37-0FBD552F77AC}
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\AppData\Local\{E15ED8FE-9C94-4164-94EA-BAE5E499D070}
2012-05-12 12:41 - 2012-05-12 12:41 - 00000000 ____D C:\Users\Hill\AppData\Local\{5D8AA3F9-35FF-40AE-8F37-0FBD552F77AC}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{79F689B8-7CE3-4082-BAB4-B04FBCA57C9E}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{2D5143DE-9B6B-4822-82AC-2BA0412C2E5A}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\Local Settings\{79F689B8-7CE3-4082-BAB4-B04FBCA57C9E}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\Local Settings\{2D5143DE-9B6B-4822-82AC-2BA0412C2E5A}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\AppData\Local\{79F689B8-7CE3-4082-BAB4-B04FBCA57C9E}
2012-05-12 12:39 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Hill\AppData\Local\{2D5143DE-9B6B-4822-82AC-2BA0412C2E5A}
2012-05-12 12:27 - 2005-04-07 21:16 - 00779174 ___AH C:\Users\Hill\Application Data\Hilllog.dat
2012-05-12 12:27 - 2005-04-07 21:16 - 00779174 ___AH C:\Users\Hill\AppData\Roaming\Hilllog.dat
2012-05-12 12:26 - 2010-06-16 20:46 - 00000000 ____D C:\Users\Hill\My Documents\Newsbin Download
2012-05-12 12:26 - 2010-06-16 20:46 - 00000000 ____D C:\Users\Hill\Documents\Newsbin Download
2012-05-12 12:24 - 2012-05-12 12:24 - 00000000 ____D C:\Users\Hill\Application Data\install
2012-05-12 12:24 - 2012-05-12 12:24 - 00000000 ____D C:\Users\Hill\AppData\Roaming\install
2012-05-12 11:24 - 2012-05-12 11:23 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{7B51F00B-ED3F-4EEF-B5BA-D9EBF50082CA}
2012-05-12 11:24 - 2012-05-12 11:23 - 00000000 ____D C:\Users\Hill\Local Settings\{7B51F00B-ED3F-4EEF-B5BA-D9EBF50082CA}
2012-05-12 11:24 - 2012-05-12 11:23 - 00000000 ____D C:\Users\Hill\AppData\Local\{7B51F00B-ED3F-4EEF-B5BA-D9EBF50082CA}
2012-05-12 11:23 - 2012-05-12 11:23 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{292C8F91-044C-4E24-8E47-80B521F04B0F}
2012-05-12 11:23 - 2012-05-12 11:23 - 00000000 ____D C:\Users\Hill\Local Settings\{292C8F91-044C-4E24-8E47-80B521F04B0F}
2012-05-12 11:23 - 2012-05-12 11:23 - 00000000 ____D C:\Users\Hill\AppData\Local\{292C8F91-044C-4E24-8E47-80B521F04B0F}
2012-05-12 10:32 - 2010-06-12 22:40 - 00000000 ____D C:\Users\Hill\Local Settings\QuickPar
2012-05-12 10:32 - 2010-06-12 22:40 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\QuickPar
2012-05-12 10:32 - 2010-06-12 22:40 - 00000000 ____D C:\Users\Hill\AppData\Local\QuickPar
2012-05-11 20:04 - 2012-05-11 20:04 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{F9E2D3A5-78D8-4009-9DC0-53FD65FAB8AE}
2012-05-11 20:04 - 2012-05-11 20:04 - 00000000 ____D C:\Users\Hill\Local Settings\{F9E2D3A5-78D8-4009-9DC0-53FD65FAB8AE}
2012-05-11 20:04 - 2012-05-11 20:04 - 00000000 ____D C:\Users\Hill\AppData\Local\{F9E2D3A5-78D8-4009-9DC0-53FD65FAB8AE}
2012-05-11 20:04 - 2012-05-11 20:03 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{71B7A606-07E1-4715-9FCF-97F60DA1E6E2}
2012-05-11 20:04 - 2012-05-11 20:03 - 00000000 ____D C:\Users\Hill\Local Settings\{71B7A606-07E1-4715-9FCF-97F60DA1E6E2}
2012-05-11 20:04 - 2012-05-11 20:03 - 00000000 ____D C:\Users\Hill\AppData\Local\{71B7A606-07E1-4715-9FCF-97F60DA1E6E2}
2012-05-11 20:03 - 2012-05-11 20:03 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{C15D0A5C-B633-49DD-9426-BC596461C24E}
2012-05-11 20:03 - 2012-05-11 20:03 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{3D9D94D9-F57E-46DB-84CD-1573AA9ACDB7}
2012-05-11 20:03 - 2012-05-11 20:03 - 00000000 ____D C:\Users\Hill\Local Settings\{C15D0A5C-B633-49DD-9426-BC596461C24E}
2012-05-11 20:03 - 2012-05-11 20:03 - 00000000 ____D C:\Users\Hill\Local Settings\{3D9D94D9-F57E-46DB-84CD-1573AA9ACDB7}
2012-05-11 20:03 - 2012-05-11 20:03 - 00000000 ____D C:\Users\Hill\AppData\Local\{C15D0A5C-B633-49DD-9426-BC596461C24E}
2012-05-11 20:03 - 2012-05-11 20:03 - 00000000 ____D C:\Users\Hill\AppData\Local\{3D9D94D9-F57E-46DB-84CD-1573AA9ACDB7}
2012-05-11 02:02 - 2012-05-11 02:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 02:02 - 2012-05-11 02:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 02:01 - 2010-06-29 01:51 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 02:01 - 2010-06-29 01:51 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-05-10 22:32 - 2012-05-10 22:32 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{EB5687AF-1590-4B1B-AF07-E988373918B9}
2012-05-10 22:32 - 2012-05-10 22:32 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{34F7BEB4-53B5-4559-9BAE-5AE54E9F630E}
2012-05-10 22:32 - 2012-05-10 22:32 - 00000000 ____D C:\Users\Hill\Local Settings\{EB5687AF-1590-4B1B-AF07-E988373918B9}
2012-05-10 22:32 - 2012-05-10 22:32 - 00000000 ____D C:\Users\Hill\Local Settings\{34F7BEB4-53B5-4559-9BAE-5AE54E9F630E}
2012-05-10 22:32 - 2012-05-10 22:32 - 00000000 ____D C:\Users\Hill\AppData\Local\{EB5687AF-1590-4B1B-AF07-E988373918B9}
2012-05-10 22:32 - 2012-05-10 22:32 - 00000000 ____D C:\Users\Hill\AppData\Local\{34F7BEB4-53B5-4559-9BAE-5AE54E9F630E}
2012-05-10 12:42 - 2012-05-10 12:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{B70CE3AD-65E7-49F5-B336-ED6F67E88EF4}
2012-05-10 12:42 - 2012-05-10 12:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{79299384-3A8A-481F-AFF9-1E4B9BA22C47}
2012-05-10 12:42 - 2012-05-10 12:42 - 00000000 ____D C:\Users\Hill\Local Settings\{B70CE3AD-65E7-49F5-B336-ED6F67E88EF4}
2012-05-10 12:42 - 2012-05-10 12:42 - 00000000 ____D C:\Users\Hill\Local Settings\{79299384-3A8A-481F-AFF9-1E4B9BA22C47}
2012-05-10 12:42 - 2012-05-10 12:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{B70CE3AD-65E7-49F5-B336-ED6F67E88EF4}
2012-05-10 12:42 - 2012-05-10 12:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{79299384-3A8A-481F-AFF9-1E4B9BA22C47}
2012-05-10 12:13 - 2009-07-13 23:45 - 00428760 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 07:47 - 2010-09-16 08:47 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 02:01 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 09:37 - 2012-05-09 09:37 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{DC02F064-7756-4D80-90D9-B0DA99806F57}
2012-05-09 09:37 - 2012-05-09 09:37 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{3866BA2C-BE52-4659-8F44-26E715775D5B}
2012-05-09 09:37 - 2012-05-09 09:37 - 00000000 ____D C:\Users\Hill\Local Settings\{DC02F064-7756-4D80-90D9-B0DA99806F57}
2012-05-09 09:37 - 2012-05-09 09:37 - 00000000 ____D C:\Users\Hill\Local Settings\{3866BA2C-BE52-4659-8F44-26E715775D5B}
2012-05-09 09:37 - 2012-05-09 09:37 - 00000000 ____D C:\Users\Hill\AppData\Local\{DC02F064-7756-4D80-90D9-B0DA99806F57}
2012-05-09 09:37 - 2012-05-09 09:37 - 00000000 ____D C:\Users\Hill\AppData\Local\{3866BA2C-BE52-4659-8F44-26E715775D5B}
2012-05-09 09:11 - 2012-05-09 09:11 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{ECB89A44-8953-4127-A7CD-9D2DF822A55E}
2012-05-09 09:11 - 2012-05-09 09:11 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{4C8C5B6B-7230-4D6F-B8BC-C5FAF1797BF8}
2012-05-09 09:11 - 2012-05-09 09:11 - 00000000 ____D C:\Users\Hill\Local Settings\{ECB89A44-8953-4127-A7CD-9D2DF822A55E}
2012-05-09 09:11 - 2012-05-09 09:11 - 00000000 ____D C:\Users\Hill\Local Settings\{4C8C5B6B-7230-4D6F-B8BC-C5FAF1797BF8}
2012-05-09 09:11 - 2012-05-09 09:11 - 00000000 ____D C:\Users\Hill\AppData\Local\{ECB89A44-8953-4127-A7CD-9D2DF822A55E}
2012-05-09 09:11 - 2012-05-09 09:11 - 00000000 ____D C:\Users\Hill\AppData\Local\{4C8C5B6B-7230-4D6F-B8BC-C5FAF1797BF8}
2012-05-07 21:04 - 2012-05-07 21:04 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{9010AB54-5A9A-4456-A994-052962B04785}
2012-05-07 21:04 - 2012-05-07 21:04 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{0CFF3457-308C-4204-A30D-40A7A8B595E0}
2012-05-07 21:04 - 2012-05-07 21:04 - 00000000 ____D C:\Users\Hill\Local Settings\{9010AB54-5A9A-4456-A994-052962B04785}
2012-05-07 21:04 - 2012-05-07 21:04 - 00000000 ____D C:\Users\Hill\Local Settings\{0CFF3457-308C-4204-A30D-40A7A8B595E0}
2012-05-07 21:04 - 2012-05-07 21:04 - 00000000 ____D C:\Users\Hill\AppData\Local\{9010AB54-5A9A-4456-A994-052962B04785}
2012-05-07 21:04 - 2012-05-07 21:04 - 00000000 ____D C:\Users\Hill\AppData\Local\{0CFF3457-308C-4204-A30D-40A7A8B595E0}
2012-05-07 12:32 - 2010-08-22 17:35 - 00000000 ____D C:\Users\Hill\Application Data\uTorrent
2012-05-07 12:32 - 2010-08-22 17:35 - 00000000 ____D C:\Users\Hill\AppData\Roaming\uTorrent
2012-05-07 10:46 - 2012-05-07 10:46 - 00004132 ____A C:\Users\Hill\Downloads\PokerMathThatMatters.pdf[www.bestpokertorrents.com](1).torrent
2012-05-06 21:40 - 2012-05-06 21:40 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{AE32DB09-B4E0-4FAF-84AC-E44A6FB4285F}
2012-05-06 21:40 - 2012-05-06 21:40 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{531E45C7-6520-4BD7-82C4-57511CDC7919}
2012-05-06 21:40 - 2012-05-06 21:40 - 00000000 ____D C:\Users\Hill\Local Settings\{AE32DB09-B4E0-4FAF-84AC-E44A6FB4285F}
2012-05-06 21:40 - 2012-05-06 21:40 - 00000000 ____D C:\Users\Hill\Local Settings\{531E45C7-6520-4BD7-82C4-57511CDC7919}
2012-05-06 21:40 - 2012-05-06 21:40 - 00000000 ____D C:\Users\Hill\AppData\Local\{AE32DB09-B4E0-4FAF-84AC-E44A6FB4285F}
2012-05-06 21:40 - 2012-05-06 21:40 - 00000000 ____D C:\Users\Hill\AppData\Local\{531E45C7-6520-4BD7-82C4-57511CDC7919}
2012-05-06 20:07 - 2012-05-06 20:07 - 00000000 ____D C:\Users\Hill\Local Settings\DIRECTV Player
2012-05-06 20:07 - 2012-05-06 20:07 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\DIRECTV Player
2012-05-06 20:07 - 2012-05-06 20:07 - 00000000 ____D C:\Users\Hill\AppData\Local\DIRECTV Player
2012-05-06 20:06 - 2012-05-06 20:06 - 15603168 ____A (DIRECTV) C:\Users\Hill\Downloads\DIRECTV_Player_4.00.exe
2012-05-03 09:11 - 2012-05-03 09:11 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-03 09:11 - 2012-05-03 09:11 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-05-03 09:11 - 2012-05-03 09:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-03 09:11 - 2010-06-11 07:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-03 07:25 - 2011-10-26 08:27 - 00000000 ____D C:\Users\Hill\Application Data\FileZilla
2012-05-03 07:25 - 2011-10-26 08:27 - 00000000 ____D C:\Users\Hill\AppData\Roaming\FileZilla
2012-05-01 21:53 - 2012-05-01 21:53 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{BA320485-5F75-4378-9118-E5A8832DEFAF}
2012-05-01 21:53 - 2012-05-01 21:53 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{23863F98-A3EF-49FD-80DB-E2A0F301C621}
2012-05-01 21:53 - 2012-05-01 21:53 - 00000000 ____D C:\Users\Hill\Local Settings\{BA320485-5F75-4378-9118-E5A8832DEFAF}
2012-05-01 21:53 - 2012-05-01 21:53 - 00000000 ____D C:\Users\Hill\Local Settings\{23863F98-A3EF-49FD-80DB-E2A0F301C621}
2012-05-01 21:53 - 2012-05-01 21:53 - 00000000 ____D C:\Users\Hill\AppData\Local\{BA320485-5F75-4378-9118-E5A8832DEFAF}
2012-05-01 21:53 - 2012-05-01 21:53 - 00000000 ____D C:\Users\Hill\AppData\Local\{23863F98-A3EF-49FD-80DB-E2A0F301C621}
2012-04-28 22:24 - 2012-04-28 22:24 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{758A3757-9E89-49A1-A108-D84D9ACB85F8}
2012-04-28 22:24 - 2012-04-28 22:24 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{2A96ADDE-5857-456B-8C34-CCC1DF9BE621}
2012-04-28 22:24 - 2012-04-28 22:24 - 00000000 ____D C:\Users\Hill\Local Settings\{758A3757-9E89-49A1-A108-D84D9ACB85F8}
2012-04-28 22:24 - 2012-04-28 22:24 - 00000000 ____D C:\Users\Hill\Local Settings\{2A96ADDE-5857-456B-8C34-CCC1DF9BE621}
2012-04-28 22:24 - 2012-04-28 22:24 - 00000000 ____D C:\Users\Hill\AppData\Local\{758A3757-9E89-49A1-A108-D84D9ACB85F8}
2012-04-28 22:24 - 2012-04-28 22:24 - 00000000 ____D C:\Users\Hill\AppData\Local\{2A96ADDE-5857-456B-8C34-CCC1DF9BE621}
2012-04-28 21:35 - 2012-04-28 15:40 - 00001035 ____A C:\Users\Hill\Desktop\Stieg Larsson The Girl with the Dragon Tattoo html.nzb
2012-04-28 21:35 - 2012-04-28 15:40 - 00001026 ____A C:\Users\Hill\Desktop\Stieg Larsson The Girl with the Dragon Tattoo mobi.nzb
2012-04-28 21:35 - 2012-04-28 15:40 - 00000889 ____A C:\Users\Hill\Desktop\The Girl with the Dragon Tattoo Stieg Larsson(epub) 561k.nzb
2012-04-28 21:35 - 2012-04-28 15:40 - 00000726 ____A C:\Users\Hill\Desktop\Larsson, Stieg Millennium 01 The Girl with the Dragon Tattoo (v5 0) [epub].nzb
2012-04-28 21:17 - 2012-04-28 15:41 - 00001154 ____A C:\Users\Hill\Desktop\Suzanne Collins The Hunger Games 2 Catching Fire mobi.nzb
2012-04-28 21:17 - 2012-04-28 15:41 - 00001153 ____A C:\Users\Hill\Desktop\Suzanne Collins The Hunger Games 3 Mockingjay mobi.nzb
2012-04-28 21:17 - 2012-04-28 15:41 - 00001107 ____A C:\Users\Hill\Desktop\Suzanne Collins The Hunger Games mobi.nzb
2012-04-28 21:17 - 2012-04-28 15:41 - 00000927 ____A C:\Users\Hill\Desktop\Collins, Suzanne Hunger Games 02 Catching Fire [html, epub, lit].nzb
2012-04-28 21:17 - 2012-04-28 15:41 - 00000713 ____A C:\Users\Hill\Desktop\Collins, Suzanne Hunger Games 03 Mockingjay (epub).nzb
2012-04-28 21:17 - 2012-04-28 15:41 - 00000701 ____A C:\Users\Hill\Desktop\Collins, Suzanne Hunger Games 01 The Hunger Games (v2 0) [epub].nzb
2012-04-28 21:17 - 2012-04-28 15:41 - 00000667 ____A C:\Users\Hill\Desktop\Dog Labrador Retriever Training Secrets pdf.nzb
2012-04-28 15:40 - 2012-04-28 15:40 - 00002797 ____A C:\Users\Hill\Downloads\dragon tattoonzbs.zip
2012-04-28 15:22 - 2012-04-28 15:22 - 00004851 ____A C:\Users\Hill\Downloads\ebooksnzbs.zip
2012-04-27 22:58 - 2012-04-27 22:58 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{644F0ABB-371E-4756-A332-D9D45A3B1C7D}
2012-04-27 22:58 - 2012-04-27 22:58 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{032C4256-BA3E-4DCB-8C1C-C1C0953FF0A7}
2012-04-27 22:58 - 2012-04-27 22:58 - 00000000 ____D C:\Users\Hill\Local Settings\{644F0ABB-371E-4756-A332-D9D45A3B1C7D}
2012-04-27 22:58 - 2012-04-27 22:58 - 00000000 ____D C:\Users\Hill\Local Settings\{032C4256-BA3E-4DCB-8C1C-C1C0953FF0A7}
2012-04-27 22:58 - 2012-04-27 22:58 - 00000000 ____D C:\Users\Hill\AppData\Local\{644F0ABB-371E-4756-A332-D9D45A3B1C7D}
2012-04-27 22:58 - 2012-04-27 22:58 - 00000000 ____D C:\Users\Hill\AppData\Local\{032C4256-BA3E-4DCB-8C1C-C1C0953FF0A7}
2012-04-26 17:10 - 2012-04-26 17:10 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{24263D87-CB0B-40E0-8A14-09AC3630C643}
2012-04-26 17:10 - 2012-04-26 17:10 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{10B57001-8508-428C-A995-D52F9127FBCB}
2012-04-26 17:10 - 2012-04-26 17:10 - 00000000 ____D C:\Users\Hill\Local Settings\{24263D87-CB0B-40E0-8A14-09AC3630C643}
2012-04-26 17:10 - 2012-04-26 17:10 - 00000000 ____D C:\Users\Hill\Local Settings\{10B57001-8508-428C-A995-D52F9127FBCB}
2012-04-26 17:10 - 2012-04-26 17:10 - 00000000 ____D C:\Users\Hill\AppData\Local\{24263D87-CB0B-40E0-8A14-09AC3630C643}
2012-04-26 17:10 - 2012-04-26 17:10 - 00000000 ____D C:\Users\Hill\AppData\Local\{10B57001-8508-428C-A995-D52F9127FBCB}
2012-04-25 20:13 - 2012-04-25 20:13 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{DB1FFC4C-2B4C-4D27-AF47-621C89A1F8E5}
2012-04-25 20:13 - 2012-04-25 20:13 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{88F485AA-8DD9-4985-B315-39CCE35BEE3C}
2012-04-25 20:13 - 2012-04-25 20:13 - 00000000 ____D C:\Users\Hill\Local Settings\{DB1FFC4C-2B4C-4D27-AF47-621C89A1F8E5}
2012-04-25 20:13 - 2012-04-25 20:13 - 00000000 ____D C:\Users\Hill\Local Settings\{88F485AA-8DD9-4985-B315-39CCE35BEE3C}
2012-04-25 20:13 - 2012-04-25 20:13 - 00000000 ____D C:\Users\Hill\AppData\Local\{DB1FFC4C-2B4C-4D27-AF47-621C89A1F8E5}
2012-04-25 20:13 - 2012-04-25 20:13 - 00000000 ____D C:\Users\Hill\AppData\Local\{88F485AA-8DD9-4985-B315-39CCE35BEE3C}
2012-04-25 18:17 - 2012-04-25 18:17 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{992D7C2E-5CD9-48F0-96E6-B4CFC228E9BD}
2012-04-25 18:17 - 2012-04-25 18:17 - 00000000 ____D C:\Users\Hill\Local Settings\{992D7C2E-5CD9-48F0-96E6-B4CFC228E9BD}
2012-04-25 18:17 - 2012-04-25 18:17 - 00000000 ____D C:\Users\Hill\AppData\Local\{992D7C2E-5CD9-48F0-96E6-B4CFC228E9BD}
2012-04-25 18:17 - 2012-04-25 18:16 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{4BB64390-E200-42B9-BAAB-06096DCCFFA9}
2012-04-25 18:17 - 2012-04-25 18:16 - 00000000 ____D C:\Users\Hill\Local Settings\{4BB64390-E200-42B9-BAAB-06096DCCFFA9}
2012-04-25 18:17 - 2012-04-25 18:16 - 00000000 ____D C:\Users\Hill\AppData\Local\{4BB64390-E200-42B9-BAAB-06096DCCFFA9}
2012-04-24 15:58 - 2012-04-24 15:58 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E02CFE13-CD6C-4D8C-AEFD-D1E7C6A92A8E}
2012-04-24 15:58 - 2012-04-24 15:58 - 00000000 ____D C:\Users\Hill\Local Settings\{E02CFE13-CD6C-4D8C-AEFD-D1E7C6A92A8E}
2012-04-24 15:58 - 2012-04-24 15:58 - 00000000 ____D C:\Users\Hill\AppData\Local\{E02CFE13-CD6C-4D8C-AEFD-D1E7C6A92A8E}
2012-04-22 20:21 - 2012-04-22 20:21 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{50016360-0353-4A7F-953B-150459D25518}
2012-04-22 20:21 - 2012-04-22 20:21 - 00000000 ____D C:\Users\Hill\Local Settings\{50016360-0353-4A7F-953B-150459D25518}
2012-04-22 20:21 - 2012-04-22 20:21 - 00000000 ____D C:\Users\Hill\AppData\Local\{50016360-0353-4A7F-953B-150459D25518}
2012-04-22 20:21 - 2012-04-22 20:20 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{CBCD8E2E-9A3C-4893-8D99-29C979309994}
2012-04-22 20:21 - 2012-04-22 20:20 - 00000000 ____D C:\Users\Hill\Local Settings\{CBCD8E2E-9A3C-4893-8D99-29C979309994}
2012-04-22 20:21 - 2012-04-22 20:20 - 00000000 ____D C:\Users\Hill\AppData\Local\{CBCD8E2E-9A3C-4893-8D99-29C979309994}
2012-04-21 19:21 - 2012-04-21 19:21 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{DE7A80C6-F119-40C0-995B-C954E575D8F8}
2012-04-21 19:21 - 2012-04-21 19:21 - 00000000 ____D C:\Users\Hill\Local Settings\{DE7A80C6-F119-40C0-995B-C954E575D8F8}
2012-04-21 19:21 - 2012-04-21 19:21 - 00000000 ____D C:\Users\Hill\AppData\Local\{DE7A80C6-F119-40C0-995B-C954E575D8F8}
2012-04-21 19:21 - 2012-04-21 19:20 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{11264CDF-8AD8-4AC3-81D9-CDBE25F13B04}
2012-04-21 19:21 - 2012-04-21 19:20 - 00000000 ____D C:\Users\Hill\Local Settings\{11264CDF-8AD8-4AC3-81D9-CDBE25F13B04}
2012-04-21 19:21 - 2012-04-21 19:20 - 00000000 ____D C:\Users\Hill\AppData\Local\{11264CDF-8AD8-4AC3-81D9-CDBE25F13B04}
2012-04-19 20:12 - 2012-04-19 20:12 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{B83CBAC8-2BDA-4114-A14D-7A43A016440A}
2012-04-19 20:12 - 2012-04-19 20:12 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{6BCCF8CD-CA5D-4846-9977-07E6111A41B5}
2012-04-19 20:12 - 2012-04-19 20:12 - 00000000 ____D C:\Users\Hill\Local Settings\{B83CBAC8-2BDA-4114-A14D-7A43A016440A}
2012-04-19 20:12 - 2012-04-19 20:12 - 00000000 ____D C:\Users\Hill\Local Settings\{6BCCF8CD-CA5D-4846-9977-07E6111A41B5}
2012-04-19 20:12 - 2012-04-19 20:12 - 00000000 ____D C:\Users\Hill\AppData\Local\{B83CBAC8-2BDA-4114-A14D-7A43A016440A}
2012-04-19 20:12 - 2012-04-19 20:12 - 00000000 ____D C:\Users\Hill\AppData\Local\{6BCCF8CD-CA5D-4846-9977-07E6111A41B5}
2012-04-18 22:18 - 2012-04-18 22:18 - 00004314 ____A C:\Users\Hill\My Documents\Teepa-Approach-D2of2.mds
2012-04-18 22:18 - 2012-04-18 22:18 - 00004314 ____A C:\Users\Hill\Documents\Teepa-Approach-D2of2.mds
2012-04-18 22:18 - 2012-04-18 22:09 - 1648590848 ____A C:\Users\Hill\My Documents\Teepa-Approach-D2of2.iso
2012-04-18 22:18 - 2012-04-18 22:09 - 1648590848 ____A C:\Users\Hill\Documents\Teepa-Approach-D2of2.iso
2012-04-18 21:18 - 2012-04-18 21:17 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{9CB77F32-3794-4B8B-AF8A-838F9B455C28}
2012-04-18 21:18 - 2012-04-18 21:17 - 00000000 ____D C:\Users\Hill\Local Settings\{9CB77F32-3794-4B8B-AF8A-838F9B455C28}
2012-04-18 21:18 - 2012-04-18 21:17 - 00000000 ____D C:\Users\Hill\AppData\Local\{9CB77F32-3794-4B8B-AF8A-838F9B455C28}
2012-04-18 21:17 - 2012-04-18 21:17 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{52AE210D-9B50-4086-82C6-891EB914D4C4}
2012-04-18 21:17 - 2012-04-18 21:17 - 00000000 ____D C:\Users\Hill\Local Settings\{52AE210D-9B50-4086-82C6-891EB914D4C4}
2012-04-18 21:17 - 2012-04-18 21:17 - 00000000 ____D C:\Users\Hill\AppData\Local\{52AE210D-9B50-4086-82C6-891EB914D4C4}
2012-04-17 20:58 - 2012-04-17 20:58 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{23948285-E9D0-4B9E-8A91-1BDC28BCD1B7}
2012-04-17 20:58 - 2012-04-17 20:58 - 00000000 ____D C:\Users\Hill\Local Settings\{23948285-E9D0-4B9E-8A91-1BDC28BCD1B7}
2012-04-17 20:58 - 2012-04-17 20:58 - 00000000 ____D C:\Users\Hill\AppData\Local\{23948285-E9D0-4B9E-8A91-1BDC28BCD1B7}
2012-04-17 20:36 - 2010-08-22 17:58 - 00000000 ____D C:\Users\Hill\Downloads\Utorrent
2012-04-17 20:35 - 2012-04-17 20:35 - 00001263 ____A C:\Users\Hill\Downloads\PokerMathThatMatters.pdf[www.bestpokertorrents.com].torrent
2012-04-17 20:20 - 2012-04-17 20:20 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{EBE3F417-DEE7-4528-BB00-C20AAAA0920D}
2012-04-17 20:20 - 2012-04-17 20:20 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{8A8E5D24-DEF3-4D1F-90F8-3E0A26FD1BF1}
2012-04-17 20:20 - 2012-04-17 20:20 - 00000000 ____D C:\Users\Hill\Local Settings\{EBE3F417-DEE7-4528-BB00-C20AAAA0920D}
2012-04-17 20:20 - 2012-04-17 20:20 - 00000000 ____D C:\Users\Hill\Local Settings\{8A8E5D24-DEF3-4D1F-90F8-3E0A26FD1BF1}
2012-04-17 20:20 - 2012-04-17 20:20 - 00000000 ____D C:\Users\Hill\AppData\Local\{EBE3F417-DEE7-4528-BB00-C20AAAA0920D}
2012-04-17 20:20 - 2012-04-17 20:20 - 00000000 ____D C:\Users\Hill\AppData\Local\{8A8E5D24-DEF3-4D1F-90F8-3E0A26FD1BF1}
2012-04-16 19:49 - 2012-04-16 19:49 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{CE2442DF-ABC3-4101-B1BF-042AF35141E9}
2012-04-16 19:49 - 2012-04-16 19:49 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{3B1D39C7-BAE6-460E-8B20-093C20A0A872}
2012-04-16 19:49 - 2012-04-16 19:49 - 00000000 ____D C:\Users\Hill\Local Settings\{CE2442DF-ABC3-4101-B1BF-042AF35141E9}
2012-04-16 19:49 - 2012-04-16 19:49 - 00000000 ____D C:\Users\Hill\Local Settings\{3B1D39C7-BAE6-460E-8B20-093C20A0A872}
2012-04-16 19:49 - 2012-04-16 19:49 - 00000000 ____D C:\Users\Hill\AppData\Local\{CE2442DF-ABC3-4101-B1BF-042AF35141E9}
2012-04-16 19:49 - 2012-04-16 19:49 - 00000000 ____D C:\Users\Hill\AppData\Local\{3B1D39C7-BAE6-460E-8B20-093C20A0A872}
2012-04-15 20:44 - 2012-04-15 20:44 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{994F2232-810B-485F-8973-40CF6AA61D98}
2012-04-15 20:44 - 2012-04-15 20:44 - 00000000 ____D C:\Users\Hill\Local Settings\{994F2232-810B-485F-8973-40CF6AA61D98}
2012-04-15 20:44 - 2012-04-15 20:44 - 00000000 ____D C:\Users\Hill\AppData\Local\{994F2232-810B-485F-8973-40CF6AA61D98}
2012-04-14 23:02 - 2012-04-14 23:02 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{D41AB398-7DF9-472B-8C3D-85EAB007C437}
2012-04-14 23:02 - 2012-04-14 23:02 - 00000000 ____D C:\Users\Hill\Local Settings\{D41AB398-7DF9-472B-8C3D-85EAB007C437}
2012-04-14 23:02 - 2012-04-14 23:02 - 00000000 ____D C:\Users\Hill\AppData\Local\{D41AB398-7DF9-472B-8C3D-85EAB007C437}
2012-04-14 23:02 - 2012-04-14 23:01 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{85FD2CE5-8005-47CE-8BC3-1BE874B4CDEC}
2012-04-14 23:02 - 2012-04-14 23:01 - 00000000 ____D C:\Users\Hill\Local Settings\{85FD2CE5-8005-47CE-8BC3-1BE874B4CDEC}
2012-04-14 23:02 - 2012-04-14 23:01 - 00000000 ____D C:\Users\Hill\AppData\Local\{85FD2CE5-8005-47CE-8BC3-1BE874B4CDEC}
2012-04-13 11:52 - 2012-04-13 11:52 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{B5CEA108-04C6-41F0-984D-CF6E782CF982}
2012-04-13 11:52 - 2012-04-13 11:52 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{94301C43-3D4C-4E1F-A8C9-C992472C5A6D}
2012-04-13 11:52 - 2012-04-13 11:52 - 00000000 ____D C:\Users\Hill\Local Settings\{B5CEA108-04C6-41F0-984D-CF6E782CF982}
2012-04-13 11:52 - 2012-04-13 11:52 - 00000000 ____D C:\Users\Hill\Local Settings\{94301C43-3D4C-4E1F-A8C9-C992472C5A6D}
2012-04-13 11:52 - 2012-04-13 11:52 - 00000000 ____D C:\Users\Hill\AppData\Local\{B5CEA108-04C6-41F0-984D-CF6E782CF982}
2012-04-13 11:52 - 2012-04-13 11:52 - 00000000 ____D C:\Users\Hill\AppData\Local\{94301C43-3D4C-4E1F-A8C9-C992472C5A6D}
2012-04-13 08:02 - 2012-04-13 08:01 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{B915535B-CA01-4DF0-BFD9-00890F064E77}
2012-04-13 08:02 - 2012-04-13 08:01 - 00000000 ____D C:\Users\Hill\Local Settings\{B915535B-CA01-4DF0-BFD9-00890F064E77}
2012-04-13 08:02 - 2012-04-13 08:01 - 00000000 ____D C:\Users\Hill\AppData\Local\{B915535B-CA01-4DF0-BFD9-00890F064E77}
2012-04-13 08:01 - 2012-04-13 08:01 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{D9334644-B5EE-4F63-9702-E64ECBC5348B}
2012-04-13 08:01 - 2012-04-13 08:01 - 00000000 ____D C:\Users\Hill\Local Settings\{D9334644-B5EE-4F63-9702-E64ECBC5348B}
2012-04-13 08:01 - 2012-04-13 08:01 - 00000000 ____D C:\Users\Hill\AppData\Local\{D9334644-B5EE-4F63-9702-E64ECBC5348B}
2012-04-12 22:59 - 2012-04-12 22:59 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{08EB3594-6E59-4ED8-B5B1-6C477C073867}
2012-04-12 22:59 - 2012-04-12 22:59 - 00000000 ____D C:\Users\Hill\Local Settings\{08EB3594-6E59-4ED8-B5B1-6C477C073867}
2012-04-12 22:59 - 2012-04-12 22:59 - 00000000 ____D C:\Users\Hill\AppData\Local\{08EB3594-6E59-4ED8-B5B1-6C477C073867}
2012-04-12 22:59 - 2012-04-12 22:58 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{86F7EB5A-23E6-4FDE-B803-0C0B727AE26B}
2012-04-12 22:59 - 2012-04-12 22:58 - 00000000 ____D C:\Users\Hill\Local Settings\{86F7EB5A-23E6-4FDE-B803-0C0B727AE26B}
2012-04-12 22:59 - 2012-04-12 22:58 - 00000000 ____D C:\Users\Hill\AppData\Local\{86F7EB5A-23E6-4FDE-B803-0C0B727AE26B}
2012-04-12 22:59 - 2010-10-27 01:48 - 00000000 ____D C:\Users\Hill\Local Settings\Windows Live
2012-04-12 22:59 - 2010-10-27 01:48 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\Windows Live
2012-04-12 22:59 - 2010-10-27 01:48 - 00000000 ____D C:\Users\Hill\AppData\Local\Windows Live
2012-04-12 22:58 - 2012-04-12 22:58 - 00000000 ____D C:\Users\Hill\Local Settings\AVG Secure Search
2012-04-12 22:58 - 2012-04-12 22:58 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\AVG Secure Search
2012-04-12 22:58 - 2012-04-12 22:58 - 00000000 ____D C:\Users\Hill\AppData\Local\AVG Secure Search
2012-04-12 03:33 - 2012-01-21 12:29 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-04-12 03:33 - 2012-01-21 12:29 - 00000000 ____D C:\Users\All Users\Application Data\AVG Secure Search
2012-04-12 03:33 - 2012-01-21 12:29 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-04-12 02:07 - 2009-07-13 21:34 - 00000478 ____A C:\Windows\win.ini
2012-04-11 19:18 - 2012-04-11 19:18 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E1DC2D2F-AB2C-412D-9E4E-6BAE9D3ACF0A}
2012-04-11 19:18 - 2012-04-11 19:18 - 00000000 ____D C:\Users\Hill\Local Settings\{E1DC2D2F-AB2C-412D-9E4E-6BAE9D3ACF0A}
2012-04-11 19:18 - 2012-04-11 19:18 - 00000000 ____D C:\Users\Hill\AppData\Local\{E1DC2D2F-AB2C-412D-9E4E-6BAE9D3ACF0A}
2012-04-11 07:18 - 2012-04-11 07:18 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{02AD653D-3F7F-4561-8FF9-3C258B2B8E05}
2012-04-11 07:18 - 2012-04-11 07:18 - 00000000 ____D C:\Users\Hill\Local Settings\{02AD653D-3F7F-4561-8FF9-3C258B2B8E05}
2012-04-11 07:18 - 2012-04-11 07:18 - 00000000 ____D C:\Users\Hill\AppData\Local\{02AD653D-3F7F-4561-8FF9-3C258B2B8E05}
2012-04-10 16:00 - 2012-04-10 16:00 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E6E3F88F-0D00-4719-A2C1-062DFFB6F364}
2012-04-10 16:00 - 2012-04-10 16:00 - 00000000 ____D C:\Users\Hill\Local Settings\{E6E3F88F-0D00-4719-A2C1-062DFFB6F364}
2012-04-10 16:00 - 2012-04-10 16:00 - 00000000 ____D C:\Users\Hill\AppData\Local\{E6E3F88F-0D00-4719-A2C1-062DFFB6F364}
2012-04-09 20:34 - 2012-04-09 19:30 - 00026624 ____A C:\Users\Hill\My Documents\BTR Sheet.xls
2012-04-09 20:34 - 2012-04-09 19:30 - 00026624 ____A C:\Users\Hill\Documents\BTR Sheet.xls
2012-04-09 18:57 - 2012-04-09 18:57 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{5CF8DFB5-B9F5-4ACC-B863-8831FAF447A6}
2012-04-09 18:57 - 2012-04-09 18:57 - 00000000 ____D C:\Users\Hill\Local Settings\{5CF8DFB5-B9F5-4ACC-B863-8831FAF447A6}
2012-04-09 18:57 - 2012-04-09 18:57 - 00000000 ____D C:\Users\Hill\AppData\Local\{5CF8DFB5-B9F5-4ACC-B863-8831FAF447A6}
2012-04-08 20:45 - 2012-04-08 20:44 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{6BE940D7-67D4-4233-9195-316E1595166A}
2012-04-08 20:45 - 2012-04-08 20:44 - 00000000 ____D C:\Users\Hill\Local Settings\{6BE940D7-67D4-4233-9195-316E1595166A}
2012-04-08 20:45 - 2012-04-08 20:44 - 00000000 ____D C:\Users\Hill\AppData\Local\{6BE940D7-67D4-4233-9195-316E1595166A}
2012-04-07 21:49 - 2012-04-07 21:49 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{818B56B3-8A7D-4579-B8AD-04AB2916A89B}
2012-04-07 21:49 - 2012-04-07 21:49 - 00000000 ____D C:\Users\Hill\Local Settings\{818B56B3-8A7D-4579-B8AD-04AB2916A89B}
2012-04-07 21:49 - 2012-04-07 21:49 - 00000000 ____D C:\Users\Hill\AppData\Local\{818B56B3-8A7D-4579-B8AD-04AB2916A89B}
2012-04-06 10:45 - 2012-04-06 10:45 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{D78A3B17-97A9-404F-AE49-FFC90715317B}
2012-04-06 10:45 - 2012-04-06 10:45 - 00000000 ____D C:\Users\Hill\Local Settings\{D78A3B17-97A9-404F-AE49-FFC90715317B}
2012-04-06 10:45 - 2012-04-06 10:45 - 00000000 ____D C:\Users\Hill\AppData\Local\{D78A3B17-97A9-404F-AE49-FFC90715317B}
2012-04-05 22:45 - 2012-04-05 22:44 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{4874E858-3FD6-4953-B70B-7E976FF27931}
2012-04-05 22:45 - 2012-04-05 22:44 - 00000000 ____D C:\Users\Hill\Local Settings\{4874E858-3FD6-4953-B70B-7E976FF27931}
2012-04-05 22:45 - 2012-04-05 22:44 - 00000000 ____D C:\Users\Hill\AppData\Local\{4874E858-3FD6-4953-B70B-7E976FF27931}
2012-04-04 15:39 - 2012-04-04 15:39 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{543A3A05-1118-492D-9E3F-A8DF6FA3C608}
2012-04-04 15:39 - 2012-04-04 15:39 - 00000000 ____D C:\Users\Hill\Local Settings\{543A3A05-1118-492D-9E3F-A8DF6FA3C608}
2012-04-04 15:39 - 2012-04-04 15:39 - 00000000 ____D C:\Users\Hill\AppData\Local\{543A3A05-1118-492D-9E3F-A8DF6FA3C608}
2012-04-03 20:53 - 2012-04-03 20:53 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{1A64EF6B-F17D-4C68-BE5C-C659F7DA4A5E}
2012-04-03 20:53 - 2012-04-03 20:53 - 00000000 ____D C:\Users\Hill\Local Settings\{1A64EF6B-F17D-4C68-BE5C-C659F7DA4A5E}
2012-04-03 20:53 - 2012-04-03 20:53 - 00000000 ____D C:\Users\Hill\AppData\Local\{1A64EF6B-F17D-4C68-BE5C-C659F7DA4A5E}
2012-04-02 21:10 - 2012-04-02 21:10 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{6F201B11-E2EF-4140-A9C8-8F30A961576B}
2012-04-02 21:10 - 2012-04-02 21:10 - 00000000 ____D C:\Users\Hill\Local Settings\{6F201B11-E2EF-4140-A9C8-8F30A961576B}
2012-04-02 21:10 - 2012-04-02 21:10 - 00000000 ____D C:\Users\Hill\AppData\Local\{6F201B11-E2EF-4140-A9C8-8F30A961576B}
2012-04-02 00:34 - 2012-05-09 04:27 - 05504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-01 23:46 - 2012-05-09 04:27 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-01 23:46 - 2012-05-09 04:27 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-01 22:10 - 2012-04-01 22:10 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{65C52CC8-820F-4426-BAD2-3EA20FFFDB79}
2012-04-01 22:10 - 2012-04-01 22:10 - 00000000 ____D C:\Users\Hill\Local Settings\{65C52CC8-820F-4426-BAD2-3EA20FFFDB79}
2012-04-01 22:10 - 2012-04-01 22:10 - 00000000 ____D C:\Users\Hill\AppData\Local\{65C52CC8-820F-4426-BAD2-3EA20FFFDB79}
2012-04-01 22:01 - 2012-05-09 04:27 - 03143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-31 22:55 - 2012-03-31 22:55 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{00A335B3-58B2-4CE5-BB6A-B7DC69B6B200}
2012-03-31 22:55 - 2012-03-31 22:55 - 00000000 ____D C:\Users\Hill\Local Settings\{00A335B3-58B2-4CE5-BB6A-B7DC69B6B200}
2012-03-31 22:55 - 2012-03-31 22:55 - 00000000 ____D C:\Users\Hill\AppData\Local\{00A335B3-58B2-4CE5-BB6A-B7DC69B6B200}
2012-03-30 09:04 - 2012-03-30 09:04 - 00002833 ____A C:\Users\Hill\Downloads\holecard confessions owen gaines[www.bestpokertorrents.com].torrent
2012-03-30 08:59 - 2012-03-30 08:59 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{14A1EA09-A394-4759-83CB-B74AA9096A93}
2012-03-30 08:59 - 2012-03-30 08:59 - 00000000 ____D C:\Users\Hill\Local Settings\{14A1EA09-A394-4759-83CB-B74AA9096A93}
2012-03-30 08:59 - 2012-03-30 08:59 - 00000000 ____D C:\Users\Hill\AppData\Local\{14A1EA09-A394-4759-83CB-B74AA9096A93}
2012-03-30 06:09 - 2012-05-09 04:27 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 23:50 - 2012-03-28 23:49 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{E38F2D43-0152-4DC0-9F30-2C3FFC7C51BD}
2012-03-28 23:50 - 2012-03-28 23:49 - 00000000 ____D C:\Users\Hill\Local Settings\{E38F2D43-0152-4DC0-9F30-2C3FFC7C51BD}
2012-03-28 23:50 - 2012-03-28 23:49 - 00000000 ____D C:\Users\Hill\AppData\Local\{E38F2D43-0152-4DC0-9F30-2C3FFC7C51BD}
2012-03-28 20:48 - 2010-10-07 15:34 - 00000000 ____D C:\Users\Hill\My Documents\TurboTax
2012-03-28 20:48 - 2010-10-07 15:34 - 00000000 ____D C:\Users\Hill\Documents\TurboTax
2012-03-28 20:11 - 2012-03-28 19:06 - 00000469 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-03-28 20:11 - 2012-03-28 19:06 - 00000469 ____A C:\Users\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2012-03-28 19:09 - 2010-06-17 22:17 - 00000000 ____D C:\Users\Hill\My Documents\Archives
2012-03-28 19:09 - 2010-06-17 22:17 - 00000000 ____D C:\Users\Hill\Documents\Archives
2012-03-28 19:06 - 2012-03-28 19:06 - 00002513 ____A C:\Users\Public\Desktop\TurboTax 2011.lnk
2012-03-28 19:06 - 2012-03-28 19:06 - 00002513 ____A C:\Users\All Users\Desktop\TurboTax 2011.lnk
2012-03-28 19:05 - 2010-10-07 14:06 - 00000000 ____D C:\Program Files (x86)\TurboTax
2012-03-28 08:09 - 2012-03-28 08:08 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{354BF072-CBBF-48C0-9BB6-982F33D18E98}
2012-03-28 08:09 - 2012-03-28 08:08 - 00000000 ____D C:\Users\Hill\Local Settings\{354BF072-CBBF-48C0-9BB6-982F33D18E98}
2012-03-28 08:09 - 2012-03-28 08:08 - 00000000 ____D C:\Users\Hill\AppData\Local\{354BF072-CBBF-48C0-9BB6-982F33D18E98}
2012-03-28 08:08 - 2012-03-28 08:08 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{C4C9C607-0F51-413D-AA53-6B214424D8E8}
2012-03-28 08:08 - 2012-03-28 08:08 - 00000000 ____D C:\Users\Hill\Local Settings\{C4C9C607-0F51-413D-AA53-6B214424D8E8}
2012-03-28 08:08 - 2012-03-28 08:08 - 00000000 ____D C:\Users\Hill\AppData\Local\{C4C9C607-0F51-413D-AA53-6B214424D8E8}
2012-03-27 20:08 - 2012-03-27 20:08 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{A901DC7E-24B0-4838-83AA-C5C494D911C1}
2012-03-27 20:08 - 2012-03-27 20:08 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{02713C05-F113-4B2C-9710-A0E1A8E347BE}
2012-03-27 20:08 - 2012-03-27 20:08 - 00000000 ____D C:\Users\Hill\Local Settings\{A901DC7E-24B0-4838-83AA-C5C494D911C1}
2012-03-27 20:08 - 2012-03-27 20:08 - 00000000 ____D C:\Users\Hill\Local Settings\{02713C05-F113-4B2C-9710-A0E1A8E347BE}
2012-03-27 20:08 - 2012-03-27 20:08 - 00000000 ____D C:\Users\Hill\AppData\Local\{A901DC7E-24B0-4838-83AA-C5C494D911C1}
2012-03-27 20:08 - 2012-03-27 20:08 - 00000000 ____D C:\Users\Hill\AppData\Local\{02713C05-F113-4B2C-9710-A0E1A8E347BE}
2012-03-27 08:08 - 2012-03-27 08:08 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{47462F65-442B-438F-B50A-493C5CEDD208}
2012-03-27 08:08 - 2012-03-27 08:08 - 00000000 ____D C:\Users\Hill\Local Settings\{47462F65-442B-438F-B50A-493C5CEDD208}
2012-03-27 08:08 - 2012-03-27 08:08 - 00000000 ____D C:\Users\Hill\AppData\Local\{47462F65-442B-438F-B50A-493C5CEDD208}
2012-03-27 08:08 - 2012-03-27 08:07 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{7069A21D-29F7-4A52-80CF-A567867039BC}
2012-03-27 08:08 - 2012-03-27 08:07 - 00000000 ____D C:\Users\Hill\Local Settings\{7069A21D-29F7-4A52-80CF-A567867039BC}
2012-03-27 08:08 - 2012-03-27 08:07 - 00000000 ____D C:\Users\Hill\AppData\Local\{7069A21D-29F7-4A52-80CF-A567867039BC}
2012-03-26 11:28 - 2012-03-26 11:27 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{20F5E3A5-A17B-4C74-BF32-CACC4E9FE987}
2012-03-26 11:28 - 2012-03-26 11:27 - 00000000 ____D C:\Users\Hill\Local Settings\{20F5E3A5-A17B-4C74-BF32-CACC4E9FE987}
2012-03-26 11:28 - 2012-03-26 11:27 - 00000000 ____D C:\Users\Hill\AppData\Local\{20F5E3A5-A17B-4C74-BF32-CACC4E9FE987}
2012-03-26 11:27 - 2012-03-26 11:27 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{47E13E19-2F7D-4D7A-AF17-50CC297ABFAE}
2012-03-26 11:27 - 2012-03-26 11:27 - 00000000 ____D C:\Users\Hill\Local Settings\{47E13E19-2F7D-4D7A-AF17-50CC297ABFAE}
2012-03-26 11:27 - 2012-03-26 11:27 - 00000000 ____D C:\Users\Hill\AppData\Local\{47E13E19-2F7D-4D7A-AF17-50CC297ABFAE}
2012-03-25 19:31 - 2012-03-25 19:31 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{5A100432-8701-4482-BE95-60E8DD5C47F4}
2012-03-25 19:31 - 2012-03-25 19:31 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{118DDF81-FC55-42E2-8DB7-7B11AA891A31}
2012-03-25 19:31 - 2012-03-25 19:31 - 00000000 ____D C:\Users\Hill\Local Settings\{5A100432-8701-4482-BE95-60E8DD5C47F4}
2012-03-25 19:31 - 2012-03-25 19:31 - 00000000 ____D C:\Users\Hill\Local Settings\{118DDF81-FC55-42E2-8DB7-7B11AA891A31}
2012-03-25 19:31 - 2012-03-25 19:31 - 00000000 ____D C:\Users\Hill\AppData\Local\{5A100432-8701-4482-BE95-60E8DD5C47F4}
2012-03-25 19:31 - 2012-03-25 19:31 - 00000000 ____D C:\Users\Hill\AppData\Local\{118DDF81-FC55-42E2-8DB7-7B11AA891A31}
2012-03-24 18:52 - 2012-03-24 18:52 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{43DB01CD-7DF8-4565-8B98-1BDF43E7A930}
2012-03-24 18:52 - 2012-03-24 18:52 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{14014410-0562-4B93-9325-8BAEE7D1A92A}
2012-03-24 18:52 - 2012-03-24 18:52 - 00000000 ____D C:\Users\Hill\Local Settings\{43DB01CD-7DF8-4565-8B98-1BDF43E7A930}
2012-03-24 18:52 - 2012-03-24 18:52 - 00000000 ____D C:\Users\Hill\Local Settings\{14014410-0562-4B93-9325-8BAEE7D1A92A}
2012-03-24 18:52 - 2012-03-24 18:52 - 00000000 ____D C:\Users\Hill\AppData\Local\{43DB01CD-7DF8-4565-8B98-1BDF43E7A930}
2012-03-24 18:52 - 2012-03-24 18:52 - 00000000 ____D C:\Users\Hill\AppData\Local\{14014410-0562-4B93-9325-8BAEE7D1A92A}
2012-03-23 22:45 - 2012-03-23 22:45 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{A455E413-2C95-43B5-902A-E568776DE757}
2012-03-23 22:45 - 2012-03-23 22:45 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{463BE7EC-0A1C-48EC-931C-5C8BF3D5E262}
2012-03-23 22:45 - 2012-03-23 22:45 - 00000000 ____D C:\Users\Hill\Local Settings\{A455E413-2C95-43B5-902A-E568776DE757}
2012-03-23 22:45 - 2012-03-23 22:45 - 00000000 ____D C:\Users\Hill\Local Settings\{463BE7EC-0A1C-48EC-931C-5C8BF3D5E262}
2012-03-23 22:45 - 2012-03-23 22:45 - 00000000 ____D C:\Users\Hill\AppData\Local\{A455E413-2C95-43B5-902A-E568776DE757}
2012-03-23 22:45 - 2012-03-23 22:45 - 00000000 ____D C:\Users\Hill\AppData\Local\{463BE7EC-0A1C-48EC-931C-5C8BF3D5E262}
2012-03-23 08:55 - 2012-03-23 08:55 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{F1A5452B-86FB-4447-9D50-D3D54A50629C}
2012-03-23 08:55 - 2012-03-23 08:55 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{78546CA4-2260-49C2-AEF7-E438EA64685B}
2012-03-23 08:55 - 2012-03-23 08:55 - 00000000 ____D C:\Users\Hill\Local Settings\{F1A5452B-86FB-4447-9D50-D3D54A50629C}
2012-03-23 08:55 - 2012-03-23 08:55 - 00000000 ____D C:\Users\Hill\Local Settings\{78546CA4-2260-49C2-AEF7-E438EA64685B}
2012-03-23 08:55 - 2012-03-23 08:55 - 00000000 ____D C:\Users\Hill\AppData\Local\{F1A5452B-86FB-4447-9D50-D3D54A50629C}
2012-03-23 08:55 - 2012-03-23 08:55 - 00000000 ____D C:\Users\Hill\AppData\Local\{78546CA4-2260-49C2-AEF7-E438EA64685B}
2012-03-21 10:21 - 2012-03-21 10:21 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{2FA3A468-EFB9-4540-A4D2-47BE05370149}
2012-03-21 10:21 - 2012-03-21 10:21 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{16294DDD-B6E1-447C-9B3E-D38E48ED728A}
2012-03-21 10:21 - 2012-03-21 10:21 - 00000000 ____D C:\Users\Hill\Local Settings\{2FA3A468-EFB9-4540-A4D2-47BE05370149}
2012-03-21 10:21 - 2012-03-21 10:21 - 00000000 ____D C:\Users\Hill\Local Settings\{16294DDD-B6E1-447C-9B3E-D38E48ED728A}
2012-03-21 10:21 - 2012-03-21 10:21 - 00000000 ____D C:\Users\Hill\AppData\Local\{2FA3A468-EFB9-4540-A4D2-47BE05370149}
2012-03-21 10:21 - 2012-03-21 10:21 - 00000000 ____D C:\Users\Hill\AppData\Local\{16294DDD-B6E1-447C-9B3E-D38E48ED728A}
2012-03-20 22:21 - 2012-03-20 22:21 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{4CDD5D62-E58F-4522-89C1-64887A705CFF}
2012-03-20 22:21 - 2012-03-20 22:21 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{1DFCB54C-3E82-4FBA-A303-E544E4472672}
2012-03-20 22:21 - 2012-03-20 22:21 - 00000000 ____D C:\Users\Hill\Local Settings\{4CDD5D62-E58F-4522-89C1-64887A705CFF}
2012-03-20 22:21 - 2012-03-20 22:21 - 00000000 ____D C:\Users\Hill\Local Settings\{1DFCB54C-3E82-4FBA-A303-E544E4472672}
2012-03-20 22:21 - 2012-03-20 22:21 - 00000000 ____D C:\Users\Hill\AppData\Local\{4CDD5D62-E58F-4522-89C1-64887A705CFF}
2012-03-20 22:21 - 2012-03-20 22:21 - 00000000 ____D C:\Users\Hill\AppData\Local\{1DFCB54C-3E82-4FBA-A303-E544E4472672}
2012-03-20 10:20 - 2012-03-20 10:20 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{8A7E97C8-F542-4F14-A932-6B85C9D0F2CF}
2012-03-20 10:20 - 2012-03-20 10:20 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{76065013-5DFC-43E5-A67B-2A6BC1C331B7}
2012-03-20 10:20 - 2012-03-20 10:20 - 00000000 ____D C:\Users\Hill\Local Settings\{8A7E97C8-F542-4F14-A932-6B85C9D0F2CF}
2012-03-20 10:20 - 2012-03-20 10:20 - 00000000 ____D C:\Users\Hill\Local Settings\{76065013-5DFC-43E5-A67B-2A6BC1C331B7}
2012-03-20 10:20 - 2012-03-20 10:20 - 00000000 ____D C:\Users\Hill\AppData\Local\{8A7E97C8-F542-4F14-A932-6B85C9D0F2CF}
2012-03-20 10:20 - 2012-03-20 10:20 - 00000000 ____D C:\Users\Hill\AppData\Local\{76065013-5DFC-43E5-A67B-2A6BC1C331B7}
2012-03-19 18:55 - 2012-03-19 18:55 - 00001149 ____A C:\Users\Hill\Desktop\Tag&Rename.lnk
2012-03-19 18:55 - 2012-01-07 17:31 - 00000000 ____D C:\Program Files (x86)\TagRename
2012-03-19 18:53 - 2012-03-19 18:53 - 03726744 ____A (Softpointer Inc ) C:\Users\Hill\Downloads\TagRename357(1).exe
2012-03-19 14:58 - 2012-03-19 14:58 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{ECEF0C6F-C54D-4FCF-9FC6-05179186A69F}
2012-03-19 14:58 - 2012-03-19 14:58 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{CB4F28FD-FAD1-43E1-A466-7118479DE369}
2012-03-19 14:58 - 2012-03-19 14:58 - 00000000 ____D C:\Users\Hill\Local Settings\{ECEF0C6F-C54D-4FCF-9FC6-05179186A69F}
2012-03-19 14:58 - 2012-03-19 14:58 - 00000000 ____D C:\Users\Hill\Local Settings\{CB4F28FD-FAD1-43E1-A466-7118479DE369}
2012-03-19 14:58 - 2012-03-19 14:58 - 00000000 ____D C:\Users\Hill\AppData\Local\{ECEF0C6F-C54D-4FCF-9FC6-05179186A69F}
2012-03-19 14:58 - 2012-03-19 14:58 - 00000000 ____D C:\Users\Hill\AppData\Local\{CB4F28FD-FAD1-43E1-A466-7118479DE369}
2012-03-18 20:43 - 2012-03-18 20:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{706E6D39-6AF6-45DB-965E-558AFFCDE004}
2012-03-18 20:43 - 2012-03-18 20:42 - 00000000 ____D C:\Users\Hill\Local Settings\{706E6D39-6AF6-45DB-965E-558AFFCDE004}
2012-03-18 20:43 - 2012-03-18 20:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{706E6D39-6AF6-45DB-965E-558AFFCDE004}
2012-03-18 20:42 - 2012-03-18 20:42 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{3DB6CD77-0169-4775-8DE1-01EE777C30C4}
2012-03-18 20:42 - 2012-03-18 20:42 - 00000000 ____D C:\Users\Hill\Local Settings\{3DB6CD77-0169-4775-8DE1-01EE777C30C4}
2012-03-18 20:42 - 2012-03-18 20:42 - 00000000 ____D C:\Users\Hill\AppData\Local\{3DB6CD77-0169-4775-8DE1-01EE777C30C4}
2012-03-17 22:08 - 2012-03-17 21:59 - 102031784 ____A C:\Users\Hill\Downloads\CPDvdUltra.11.0.1919.51.rar
2012-03-17 21:04 - 2012-03-17 21:04 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{5CF550B7-2A79-4770-B1CE-2F3C03BB7096}
2012-03-17 21:04 - 2012-03-17 21:04 - 00000000 ____D C:\Users\Hill\Local Settings\{5CF550B7-2A79-4770-B1CE-2F3C03BB7096}
2012-03-17 21:04 - 2012-03-17 21:04 - 00000000 ____D C:\Users\Hill\AppData\Local\{5CF550B7-2A79-4770-B1CE-2F3C03BB7096}
2012-03-17 21:04 - 2012-03-17 21:03 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{11C7900C-CBC7-4923-914E-6211AD372E30}
2012-03-17 21:04 - 2012-03-17 21:03 - 00000000 ____D C:\Users\Hill\Local Settings\{11C7900C-CBC7-4923-914E-6211AD372E30}
2012-03-17 21:04 - 2012-03-17 21:03 - 00000000 ____D C:\Users\Hill\AppData\Local\{11C7900C-CBC7-4923-914E-6211AD372E30}
2012-03-17 02:55 - 2012-05-09 04:27 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 19:30 - 2012-03-16 19:29 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{06B1F45C-49A7-46C2-AB8C-B19E1F0F2619}
2012-03-16 19:30 - 2012-03-16 19:29 - 00000000 ____D C:\Users\Hill\Local Settings\{06B1F45C-49A7-46C2-AB8C-B19E1F0F2619}
2012-03-16 19:30 - 2012-03-16 19:29 - 00000000 ____D C:\Users\Hill\AppData\Local\{06B1F45C-49A7-46C2-AB8C-B19E1F0F2619}
2012-03-16 19:29 - 2012-03-16 19:29 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{3E9F3828-1E67-4CA9-814B-5A0618595FA5}
2012-03-16 19:29 - 2012-03-16 19:29 - 00000000 ____D C:\Users\Hill\Local Settings\{3E9F3828-1E67-4CA9-814B-5A0618595FA5}
2012-03-16 19:29 - 2012-03-16 19:29 - 00000000 ____D C:\Users\Hill\AppData\Local\{3E9F3828-1E67-4CA9-814B-5A0618595FA5}
2012-03-16 07:29 - 2012-03-16 07:29 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{D8AA4DBB-D533-47E5-9A0B-CB19E6880700}
2012-03-16 07:29 - 2012-03-16 07:29 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{7A7158EF-4DE6-4743-BC34-30477FC26EAE}
2012-03-16 07:29 - 2012-03-16 07:29 - 00000000 ____D C:\Users\Hill\Local Settings\{D8AA4DBB-D533-47E5-9A0B-CB19E6880700}
2012-03-16 07:29 - 2012-03-16 07:29 - 00000000 ____D C:\Users\Hill\Local Settings\{7A7158EF-4DE6-4743-BC34-30477FC26EAE}
2012-03-16 07:29 - 2012-03-16 07:29 - 00000000 ____D C:\Users\Hill\AppData\Local\{D8AA4DBB-D533-47E5-9A0B-CB19E6880700}
2012-03-16 07:29 - 2012-03-16 07:29 - 00000000 ____D C:\Users\Hill\AppData\Local\{7A7158EF-4DE6-4743-BC34-30477FC26EAE}
2012-03-14 17:09 - 2012-03-14 17:09 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{912CCF84-CAD5-4708-8960-A301F72A30B5}
2012-03-14 17:09 - 2012-03-14 17:09 - 00000000 ____D C:\Users\Hill\Local Settings\Application Data\{8C5AA78A-741F-47AC-9CD3-19D89B776708}
2012-03-14 17:09 - 2012-03-14 17:09 - 00000000 ____D C:\Users\Hill\Local Settings\{912CCF84-CAD5-4708-8960-A301F72A30B5}
2012-03-14 17:09 - 2012-03-14 17:09 - 00000000 ____D C:\Users\Hill\Local Settings\{8C5AA78A-741F-47AC-9CD3-19D89B776708}
2012-03-14 17:09 - 2012-03-14 17:09 - 00000000 ____D C:\Users\Hill\AppData\Local\{912CCF84-CAD5-4708-8960-A301F72A30B5}
2012-03-14 17:09 - 2012-03-14 17:09 - 00000000 ____D C:\Users\Hill\AppData\Local\{8C5AA78A-741F-47AC-9CD3-19D89B776708}

ZeroAccess:
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\00000004.@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\1afb2d56
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\201d3dde
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000004.@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000008.@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\000000cb.@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000000.@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000032.@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3764.54 MB
Available physical RAM: 3166.68 MB
Total Pagefile: 3762.69 MB
Available Pagefile: 3161.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:3.77 GB) NTFS
3 Drive e: (TOSHIBA) (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.05 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 451 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E TOSHIBA FAT32 Removable 14 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-18 23:16

======================= End Of Log ==========================

#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:49 PM

Posted 11 June 2012 - 05:38 PM

packbacker83,

:step1: FRST Fix
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM-x32\...\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
HKLM-x32\...\Run: [SzokEtZa1L8A2xO] C:\Users\Hill\AppData\Roaming\javaupdate_KBD12S.exe
HKLM-x32\...\Run: [Visual Drive] C:\Users\Hill\AppData\Local\Temp\N9TM8DD9P7.exe
HKU\Hill\...\Run: [KB00441392.exe] "C:\Users\Hill\AppData\Roaming\KB00441392.exe" 
HKU\Hill\...\Run: [SzokEtZa1L8A2xO] C:\Users\Hill\AppData\Roaming\javaupdate_KBD12S.exe
HKU\Hill\...\Run: [Visual Drive] C:\Users\Hill\AppData\Local\Temp\N9TM8DD9P7.exe
HKU\postgres\...\Run: [0x017] 0x017
HKU\postgres\...\Run: [Windows Updater] C:\Users\postgres\AppData\Local\winsvchost.exe
HKU\postgres\...\Run: [Audio Device] C:\Users\postgres\AppData\Roaming\M3jzKWwJHu4b.exe
2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please enter System Recovery Options, as we did previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

:step2: Please download RestoreBFE from: http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe
Double click on the downloaded file. It should only take a few seconds to run.
When complete, it will say: "Done! Please check if BFE service is running now"

:step3: Delete the Combofix.exe file on your desktop. Don't make any other changes to your computer!

Please download a NEW version of Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer


In your next reply, please include:
  • FRST log
  • Combofix log
  • How's your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 packbacker83

packbacker83
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 13 June 2012 - 10:47 PM

Here are the two logs. I just finished them and have to go to bed so I can work tomorrow. I will post comments about how the PC is running tomorrow night after I get home from work.


FRST log


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-06-2012 03
Ran by SYSTEM at 2012-06-13 21:51:12 Run:1
Running from E:\

==============================================

HKLM-x32\\\.\.\.\\Run\\StartNowToolbarHelper Value deleted successfully.
HKLM-x32\\\.\.\.\\Run\\SzokEtZa1L8A2xO Value deleted successfully.
HKLM-x32\\\.\.\.\\Run\\Visual Drive Value deleted successfully.
HKEY_USERS\Hill\Software\Microsoft\Windows\CurrentVersion\Run\\KB00441392.exe Value deleted successfully.
HKEY_USERS\Hill\Software\Microsoft\Windows\CurrentVersion\Run\\SzokEtZa1L8A2xO Value deleted successfully.
HKEY_USERS\Hill\Software\Microsoft\Windows\CurrentVersion\Run\\Visual Drive Value deleted successfully.
HKEY_USERS\postgres\Software\Microsoft\Windows\CurrentVersion\Run\\0x017 Value deleted successfully.
HKEY_USERS\postgres\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Updater Value deleted successfully.
HKEY_USERS\postgres\Software\Microsoft\Windows\CurrentVersion\Run\\Audio Device Value deleted successfully.
Updater Service for StartNow Toolbar service deleted successfully.
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb} moved successfully.

==== End of Fixlog ====





ComboFix log

ComboFix 12-06-13.05 - Hill 06/13/2012 22:10:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2234 [GMT -4:00]
Running from: c:\users\Hill\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\TotalRecipeSearch_14
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14brstub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14datact.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14dyn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14highin.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14hkstub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14httpct.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14idle.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14impipe.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14medint.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14msg.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14radio.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14regfft.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14reghk.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14regiet.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14script.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skin.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skplay.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CREXT.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CrExtP14.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\installKeys.js
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8EXTEX.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8EXTPEX.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8HTML.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\gen1\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\users\Hill\AppData\Local\assembly\tmp
c:\users\Hill\AppData\Roaming\Hill3SQLite3.dll
c:\users\Hill\AppData\Roaming\Hilllog.dat
c:\users\Hill\AppData\Roaming\javaupdate_KBD12S.exe
c:\users\Hill\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Hill\g2mdlhlpx.exe
c:\users\Hill\GoToAssistDownloadHelper.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TotalRecipeSearch_14Service
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-14 02:28 . 2012-06-14 02:28 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-06-14 02:28 . 2012-06-14 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 22:10 . 2012-06-13 22:10 -------- d-----w- c:\users\Hill\AppData\Local\Macromedia
2012-06-13 05:22 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 05:22 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 05:22 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 05:22 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 05:22 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 05:22 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 05:22 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 05:22 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 05:22 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 05:22 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-13 05:22 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 05:22 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 05:21 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 05:21 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 05:21 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 05:21 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 05:21 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 17:28 . 2012-06-11 22:59 -------- d-----w- C:\FRST
2012-06-10 04:23 . 2012-06-10 04:23 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-08 16:05 . 2012-06-08 16:05 -------- d-----w- C:\Roxio
2012-05-28 01:25 . 2011-11-25 04:25 15360 ----a-w- c:\windows\system32\drivers\pneteth.sys
2012-05-24 00:08 . 2012-05-24 00:08 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-23 23:58 . 2012-06-13 22:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 22:05 . 2011-06-22 03:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-07 01:07 . 2012-05-07 01:07 63080 ----a-r- c:\users\Hill\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
2012-03-30 11:09 . 2012-05-09 09:27 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:55 . 2012-05-09 09:27 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}]
2010-10-29 01:12 1530368 ----a-w- c:\program files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2011-06-13 15:47 2447360 ----a-w- c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 13:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 04:04 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files (x86)\Gamers Unite! Snag Bar\Toolbar.dll" [2010-10-29 1530368]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mikogo"="c:\users\Hill\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2011-11-06 5420408]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-05 4786048]
"PCShowServer"="c:\users\Hill\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-30 928096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-11-04 560128]
.
c:\users\Hill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-11-23 484976]
.
c:\users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 257224]
R3 B-Service;B-Service;c:\users\Hill\AppData\Roaming\Mikogo\B-Service.exe [2010-12-02 185640]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-06 79360]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2010-12-23 385024]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe [2010-12-23 245760]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-06-06 79360]
R3 STSService;STSService;c:\program files (x86)\SoundTaxi Media Suite\STSService.exe [2010-12-23 385024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/08 22:05];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-06-29 02:50 146928]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/09/27 00:11];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 19:59 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 22:05]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 02:14]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 02:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2011-03-24 16:16 398000 ----a-w- c:\program files (x86)\DAP\DAPIELoader64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe" [2011-08-12 50576]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-09-24 3168416]
"combofix"="c:\combofix\CF7126.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;192.168.*.*
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: + Offline &Explorer: Download the link - file://c:\program files (x86)\Offline Explorer Pro\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files (x86)\Offline Explorer Pro\Add_AllO.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: Download All by FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
Trusted Zone: pilotcat.com
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
FF - ProfilePath - c:\users\Hill\AppData\Roaming\Mozilla\Firefox\Profiles\5c1snfeq.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bdfa5f9b3-1e95-4853-ac5d-9e067f913677%7D&mid=aca2a84e7a6c47d1a5cbd16fff3f59aa-a8d8481c7c3429f4a396a3cd655cdc4a00a3547f&ds=AVG&v=10.0.0.7&lang=en&pr=pr&d=2012-01-21%2012%3A29%3A37&sap=ku&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extentions.y2layers.installId - a35f3494-8d0d-4824-b2a1-d2b71dd080a1
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TotalRecipeSearch Search Scope Monitor - c:\progra~2\TOTALR~2\bar\1.bin\14srchmn.exe
Wow6432Node-HKLM-Run-TotalRecipeSearch_14 Browser Plugin Loader - c:\progra~2\TOTALR~2\bar\1.bin\14brmon.exe
HKLM_Wow6432Node-ActiveSetup-{F7B0B4F4-75A6-E80D-5F9F-C4CBBAECFBD5} - c:\users\Hill\AppData\Local\Temp\N9TM8DD9P7.exe
Toolbar-Locked - (no file)
WebBrowser-{25515A79-C1C7-4B97-97F8-31A711694487} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\users\Hill\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-13 23:09:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-14 03:09
.
Pre-Run: 1,519,808,512 bytes free
Post-Run: 3,377,770,496 bytes free
.
- - End Of File - - 6A3FF7711CF0A9BED04199F3FAC45863




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users