Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win64/Sirefef.Y infection


  • This topic is locked This topic is locked
38 replies to this topic

#1 Paladin41us

Paladin41us

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 10 June 2012 - 09:13 PM

Hi

My spouses laptop picked this trojan up ,earlier today win64/Sirefef.Y infection with auto rebooting, I read Mathews post but being the script was written specificlly for his machine, I thought I would make a seperate post. I managed to run FRST and grab a log "see below" I'm posting from a different machine and disconnected my spouses laptop from the network. Thanks for help a head of time.

Scan result of Farbar Recovery Scan Tool Version: 10-06-2012 03
Ran by User at 10-06-2012 21:16:26
Running from C:\Users\User\Desktop
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
HKLM-x32\...\Winlogon: [Shell] [x ] ()
HKLM\...\InprocServer32: [Default] ATTENTION! ====> ZeroAccess?

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-10 21:08 - 2012-06-10 21:08 - 00001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-10 21:08 - 2012-06-10 21:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-06-10 21:08 - 2012-06-10 21:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-10 21:08 - 2012-06-10 21:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-10 21:08 - 2012-04-04 15:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-10 21:07 - 2012-06-10 20:43 - 01401619 ____A C:\Users\User\Desktop\FRST64.exe
2012-06-10 21:06 - 2012-06-10 20:55 - 00397451 ____A C:\Users\User\Desktop\MiniToolBox.exe
2012-06-10 21:06 - 2012-06-10 20:53 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
2012-06-10 19:12 - 2012-06-10 19:13 - 00000466 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-06-10 19:12 - 2012-06-10 19:13 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job
2012-06-10 19:12 - 2012-06-10 19:13 - 00000440 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-06-10 19:12 - 2012-06-10 19:13 - 00000420 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
2012-06-10 19:12 - 2012-06-10 19:12 - 00001101 ____A C:\Users\Public\Desktop\ParetoLogic Anti-Virus PLUS.lnk
2012-06-10 19:12 - 2012-06-10 19:12 - 00000000 ____D C:\Users\All Users\PLAV
2012-06-10 19:12 - 2012-06-10 19:12 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-06-10 19:04 - 2012-06-10 19:04 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS
2012-06-10 19:04 - 2012-06-10 19:04 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2012-06-10 19:01 - 2012-06-10 19:22 - 00005416 ____A C:\Users\User\Desktop\yorkyt.exe.log
2012-06-10 18:59 - 2012-06-10 17:21 - 72482336 ____A (Microsoft Corporation) C:\Users\User\Desktop\msert.exe
2012-06-10 18:59 - 2012-06-10 15:57 - 01415784 ____A C:\Users\User\Desktop\yorkyt.exe
2012-06-10 18:58 - 2012-06-10 17:37 - 08871304 ____A (ParetoLogic Inc.) C:\Users\User\Desktop\Pareto_AV_Setup_RW.exe
2012-06-10 16:07 - 2012-06-10 16:39 - 00222230 ____A C:\Users\User\Desktop\yorkyt (1).exe.log
2012-06-10 15:53 - 2012-06-10 15:53 - 01415784 ____A C:\Users\User\Downloads\yorkyt.exe
2012-06-10 15:26 - 2012-06-10 15:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-10 15:26 - 2012-06-10 15:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-10 15:25 - 2012-06-10 15:26 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall (1).exe
2012-06-10 15:20 - 2012-06-10 15:21 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall.exe
2012-06-10 15:16 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120610-151658.backup
2012-06-10 15:07 - 2012-06-10 15:16 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-10 15:07 - 2012-06-10 15:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-10 15:07 - 2012-06-10 15:07 - 00001233 ____A C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
2012-06-10 15:06 - 2012-06-10 15:06 - 16409960 ____A (Safer Networking Limited ) C:\Users\User\Downloads\spybotsd162.exe
2012-06-10 14:56 - 2012-06-10 14:56 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-10 14:53 - 2012-06-10 14:53 - 00001105 ____A C:\Users\User\Desktop\Live Security Platinum.lnk
2012-06-10 14:51 - 2012-06-10 15:02 - 00000000 ____D C:\Users\All Users\B7E858A7000083BB0004264BB4EB2367
2012-06-10 11:08 - 2012-06-10 11:09 - 00000000 ____D C:\Users\User\AppData\Local\{656304E9-C9F1-4B76-8255-B7D130770D10}
2012-06-10 11:08 - 2012-06-10 11:08 - 00000000 ____D C:\Users\User\AppData\Local\{702DF959-F11A-44A0-9E41-C334774BD21B}
2012-06-10 08:14 - 2012-06-10 08:14 - 00000000 ____D C:\Users\User\AppData\Local\{75D15F78-5D8B-40C3-9C5D-2AEA91FC815C}
2012-06-10 08:13 - 2012-06-10 08:14 - 00000000 ____D C:\Users\User\AppData\Local\{DAA3DB5B-047B-432A-AEBF-EB6D868F2FEA}
2012-06-09 21:50 - 2012-06-09 21:50 - 00000000 ____D C:\Users\User\AppData\Local\{90C7D4A3-5EC4-4F0E-979F-C8FFA292F7E6}
2012-06-09 16:47 - 2012-06-09 16:47 - 00000000 ____D C:\Users\User\AppData\Local\{354BCC9B-92AA-4FE0-B64E-0359040A919B}
2012-06-09 16:46 - 2012-06-09 16:47 - 00000000 ____D C:\Users\User\AppData\Local\{DCD61D25-6012-474B-8848-522602CB798F}
2012-06-09 16:29 - 2012-06-09 16:29 - 00000000 ____D C:\Users\User\AppData\Local\{B6E400F5-10B9-446D-95C7-39A127F47EFE}
2012-06-09 16:29 - 2012-06-09 16:29 - 00000000 ____D C:\Users\User\AppData\Local\{6826CE32-2001-464D-BD5A-167FCECAD8CB}
2012-06-09 16:25 - 2012-06-09 16:25 - 00000000 ____D C:\Users\User\AppData\Local\{E1FC788D-F3B4-49C6-930A-5CBD65723FFF}
2012-06-09 16:25 - 2012-06-09 16:25 - 00000000 ____D C:\Users\User\AppData\Local\{7792CECC-A088-42FC-92BF-0AD58C2525AC}
2012-06-09 14:43 - 2012-06-09 14:43 - 00000000 ____D C:\Users\User\AppData\Local\{5DA60556-6A0D-4C91-87AE-1041AA420017}
2012-06-09 14:43 - 2012-06-09 14:43 - 00000000 ____D C:\Users\User\AppData\Local\{269576A9-26F5-46FB-80F8-744137ABE13E}
2012-06-09 08:45 - 2012-06-09 08:45 - 00000000 ____D C:\Users\User\AppData\Local\{94AF2EA8-98E4-43CF-B31D-E7C05B666339}
2012-06-09 08:45 - 2012-06-09 08:45 - 00000000 ____D C:\Users\User\AppData\Local\{49B0FC0E-F50F-4068-8E14-801DFECE62E8}
2012-06-09 07:38 - 2012-06-09 07:38 - 00000000 ____D C:\Users\User\AppData\Local\{8D3B58C8-004A-4AF8-AB21-43151FBCE24B}
2012-06-09 07:38 - 2012-06-09 07:38 - 00000000 ____D C:\Users\User\AppData\Local\{59F68412-DBBC-474C-8524-5F408698BA6C}
2012-06-08 06:09 - 2012-06-08 06:09 - 00000000 ____D C:\Users\User\AppData\Local\{D73885EA-C215-4DC4-8411-9F61C76CC0EC}
2012-06-08 06:09 - 2012-06-08 06:09 - 00000000 ____D C:\Users\User\AppData\Local\{BD523A12-96B0-4788-B178-24E713F305DC}
2012-06-08 05:57 - 2012-06-08 05:58 - 00000000 ____D C:\Users\User\AppData\Local\{B9046C08-5BBB-4D12-941A-0FE02863F63D}
2012-06-08 05:57 - 2012-06-08 05:57 - 00000000 ____D C:\Users\User\AppData\Local\{8E7DC8FE-9417-4C3E-84AB-1A5A5AEF4EA7}
2012-06-07 20:37 - 2012-06-07 20:37 - 00000000 ____D C:\Users\User\AppData\Local\{A967786D-A61F-4E31-BC56-D4CF12D89FDB}
2012-06-07 20:36 - 2012-06-07 20:37 - 00000000 ____D C:\Users\User\AppData\Local\{4EE44B9B-CDB7-4448-914D-37F8DF3FEF5D}
2012-06-06 20:07 - 2012-06-06 20:08 - 00000000 ____D C:\Users\User\AppData\Local\{C60AC161-9F88-4E42-B34A-6FC3E969801D}
2012-06-06 20:07 - 2012-06-06 20:07 - 00000000 ____D C:\Users\User\AppData\Local\{E35DB8F0-FEB9-42D0-A496-A141F6CAD7C0}
2012-06-06 19:40 - 2012-06-06 19:40 - 00000000 ____D C:\Users\User\AppData\Local\{E4D1E5E3-0D15-40F3-9897-F57828CB24B7}
2012-06-06 19:40 - 2012-06-06 19:40 - 00000000 ____D C:\Users\User\AppData\Local\{129F5979-C355-42D9-8EFD-B657AE8C49AF}
2012-06-05 19:25 - 2012-06-05 19:25 - 00000000 ____D C:\Users\User\AppData\Local\{EFF4D235-314A-415F-821D-E360872C6AEA}
2012-06-05 19:24 - 2012-06-05 19:25 - 00000000 ____D C:\Users\User\AppData\Local\{C617299D-F78D-4B60-B43A-CC5EFB65F8DD}
2012-06-04 18:48 - 2012-06-04 18:48 - 00000000 ____D C:\Users\User\AppData\Local\{A15B4770-CC64-4952-A5D8-7DE1A7D290E0}
2012-06-04 18:48 - 2012-06-04 18:48 - 00000000 ____D C:\Users\User\AppData\Local\{879C0F97-339B-4623-AF63-81C3AA6C2898}
2012-06-03 09:07 - 2012-06-03 09:07 - 00000000 ____D C:\Users\User\AppData\Local\{DB2CBF87-5718-4F23-8FE6-008B90E40A49}
2012-06-03 09:06 - 2012-06-03 09:07 - 00000000 ____D C:\Users\User\AppData\Local\{828461BE-6580-495F-A02A-DEECDA258E19}
2012-06-03 07:58 - 2012-06-03 07:58 - 00034985 ____A C:\Users\User\Desktop\thegirls.jpg
2012-06-03 07:54 - 2012-06-03 07:55 - 00000000 ____D C:\Users\User\AppData\Local\{60F9B293-0A6C-4626-B9D9-0C2937E0F728}
2012-06-03 07:54 - 2012-06-03 07:54 - 00000000 ____D C:\Users\User\AppData\Local\{11B4D79D-018D-4CB6-9F1B-F4FE17AD03DF}
2012-06-01 23:19 - 2012-06-01 23:19 - 00000000 ____D C:\Users\User\AppData\Local\{4DA8A63D-609A-4145-817B-43FF73007518}
2012-06-01 23:19 - 2012-06-01 23:19 - 00000000 ____D C:\Users\User\AppData\Local\{4CBA1359-9AE0-4788-B424-1FE3294F8B15}
2012-06-01 20:10 - 2012-06-01 20:10 - 00000000 ____D C:\Users\User\AppData\Local\{B2EE8BDA-BA33-4159-A937-C391315C84E7}
2012-06-01 20:10 - 2012-06-01 20:10 - 00000000 ____D C:\Users\User\AppData\Local\{A3179F6D-23D2-4CBB-92FC-3D6B5FEEF029}
2012-06-01 20:03 - 2012-06-01 20:03 - 00153607 ____A C:\Users\User\Desktop\FromGeorgia.jpg
2012-06-01 19:52 - 2012-06-01 19:52 - 00000000 ____D C:\Users\User\AppData\Local\{3F2DFE81-441D-42CE-A7A7-A04D6184AEEE}
2012-06-01 19:52 - 2012-06-01 19:52 - 00000000 ____D C:\Users\User\AppData\Local\{07A244F2-8DB1-4CAC-9C18-1F36554B6478}
2012-06-01 05:45 - 2012-06-01 05:45 - 00000000 ____D C:\Users\User\AppData\Local\{BA284B7B-0C1F-4FB0-ACEE-7822282DE5A0}
2012-06-01 05:45 - 2012-06-01 05:45 - 00000000 ____D C:\Users\User\AppData\Local\{09305791-5F03-400F-BF7C-11E19DB6B4FD}
2012-05-30 18:40 - 2012-05-30 18:41 - 00000000 ____D C:\Users\User\AppData\Local\{F10503E3-D7C8-407D-A044-1DBED6A102AF}
2012-05-30 18:40 - 2012-05-30 18:40 - 00000000 ____D C:\Users\User\AppData\Local\{29467DBC-225F-43FE-BA91-76F64A595D40}
2012-05-29 20:42 - 2012-05-29 20:42 - 00000000 ____D C:\Users\User\AppData\Local\{E7160952-2B59-48EF-A826-C7FC45480574}
2012-05-29 20:42 - 2012-05-29 20:42 - 00000000 ____D C:\Users\User\AppData\Local\{15F4BF96-9DDC-4888-9287-B484A961CB2E}
2012-05-29 20:41 - 2012-05-29 20:41 - 00000000 ____D C:\Users\User\AppData\Local\{C31C2A78-9A90-43EE-9466-37B946B4027F}
2012-05-29 20:38 - 2012-05-29 20:38 - 00000000 ____D C:\Users\User\AppData\Local\{D51F39CF-2273-4077-A6C5-F54F190CDFB6}
2012-05-29 20:38 - 2012-05-29 20:38 - 00000000 ____D C:\Users\User\AppData\Local\{2907DE38-5BAC-4B95-8020-20303AC32EA2}
2012-05-29 20:37 - 2012-05-29 20:40 - 02015708 ____A C:\Users\User\Desktop\2012regform.pdf
2012-05-29 19:48 - 2012-05-29 19:48 - 00000000 ____D C:\Users\User\AppData\Local\{15666D4F-CAFB-4E2B-BF33-07AA9CD3F192}
2012-05-29 19:47 - 2012-05-29 19:48 - 00000000 ____D C:\Users\User\AppData\Local\{3DE904DE-9218-448B-83E9-667DC12EB62E}
2012-05-28 21:47 - 2012-05-28 21:47 - 00000000 ____D C:\Users\User\AppData\Local\{8E44C577-00CC-4531-A99C-D72897E67E0D}
2012-05-28 12:02 - 2012-05-28 12:03 - 00000000 ____D C:\Users\User\AppData\Local\{D9093B92-3324-4799-BAA1-A22E9D83674D}
2012-05-28 12:02 - 2012-05-28 12:02 - 00000000 ____D C:\Users\User\AppData\Local\{C5218768-C64A-4323-9381-B4BDB07FCB13}
2012-05-28 11:53 - 2012-05-28 11:53 - 03491786 ____A C:\Users\User\Desktop\Velux-TGF-TMF-Flexible-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 11:49 - 2012-05-28 11:49 - 03346754 ____A C:\Users\User\Desktop\Velux-TGR-TMR-Rigid-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 07:21 - 2012-05-28 07:21 - 00000000 ____D C:\Users\User\AppData\Local\{ED1ED981-517A-49DD-94EF-975DC8283D76}
2012-05-28 07:20 - 2012-05-28 07:21 - 00000000 ____D C:\Users\User\AppData\Local\{63124923-D2AE-4C6F-B1B1-A85A1015368F}
2012-05-26 22:51 - 2012-05-26 22:51 - 00000000 ____D C:\Users\User\AppData\Local\{F55E8371-1D37-430B-A26F-21BD942C40A5}
2012-05-26 22:51 - 2012-05-26 22:51 - 00000000 ____D C:\Users\User\AppData\Local\{3876FFAB-EA9B-4D65-9337-A1A440D8D02F}
2012-05-26 12:01 - 2012-05-26 12:01 - 00000000 ____D C:\Users\User\AppData\Local\{602EE7BF-6B4B-4D27-863C-A2973C2C04EB}
2012-05-26 12:01 - 2012-05-26 12:01 - 00000000 ____D C:\Users\User\AppData\Local\{5A9056A5-09BA-4D24-9B1C-8F70D3DDB0D9}
2012-05-26 11:04 - 2012-05-26 11:04 - 00000000 ____D C:\Users\User\AppData\Local\{8280A3A0-BF7F-4474-A026-93E562E97287}
2012-05-26 11:04 - 2012-05-26 11:04 - 00000000 ____D C:\Users\User\AppData\Local\{6F4A8A52-CF9D-4A42-9C3E-AE2C774F5039}
2012-05-26 08:07 - 2012-05-26 08:07 - 00000000 ____D C:\Users\User\AppData\Local\{902DB2A4-B194-4B92-901B-38C60CB37133}
2012-05-26 08:07 - 2012-05-26 08:07 - 00000000 ____D C:\Users\User\AppData\Local\{8D12EE67-9CB7-442D-8958-D7BC666E626A}
2012-05-25 21:46 - 2012-05-25 21:46 - 00000000 ____D C:\Users\User\AppData\Local\{B433D679-2BCA-450B-91E8-017CC9F421FD}
2012-05-25 21:46 - 2012-05-25 21:46 - 00000000 ____D C:\Users\User\AppData\Local\{51D44CD4-091A-4E51-8444-677A83CCF6B5}
2012-05-25 06:17 - 2012-05-25 06:17 - 00000000 ____D C:\Users\User\AppData\Local\{56DB8D77-FCBD-4964-AA68-1C16F2D0C037}
2012-05-25 06:17 - 2012-05-25 06:17 - 00000000 ____D C:\Users\User\AppData\Local\{0F1E141A-9179-453B-8479-30A289D5D95D}
2012-05-25 05:45 - 2012-05-25 05:45 - 00000000 ____D C:\Users\User\AppData\Local\{48AE921E-7ABE-43AF-8CA8-E3EF667F33E9}
2012-05-25 05:44 - 2012-05-25 05:45 - 00000000 ____D C:\Users\User\AppData\Local\{2D80752B-6D9F-460D-BFB0-4892F0F24EB0}
2012-05-25 05:29 - 2012-05-25 05:29 - 00000000 ____D C:\Users\User\AppData\Local\{86632894-5C03-4210-98BC-C245F89D06AC}
2012-05-25 05:28 - 2012-05-25 05:29 - 00000000 ____D C:\Users\User\AppData\Local\{8D4673EE-1B68-4F6A-B2E0-7E8F7FCC4CEC}
2012-05-24 21:00 - 2012-05-24 21:00 - 00000000 ____D C:\Users\User\AppData\Local\{FC960C23-B6A1-4ED6-83CF-B395F865832F}
2012-05-24 21:00 - 2012-05-24 21:00 - 00000000 ____D C:\Users\User\AppData\Local\{E568E6A7-CCA1-4AFA-BDBB-E1BDEF17B901}
2012-05-24 20:04 - 2012-05-24 20:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-05-24 20:03 - 2012-05-24 20:03 - 00060304 ____A C:\Users\User\g2mdlhlpx.exe
2012-05-24 19:59 - 2012-05-24 20:00 - 00000000 ____D C:\Users\User\AppData\Local\{09296A3B-5772-4E46-B046-CECEFFD3A11D}
2012-05-24 19:59 - 2012-05-24 19:59 - 00000000 ____D C:\Users\User\AppData\Local\{B9D2FB60-C951-48AB-9C08-8F90D48150A6}
2012-05-24 19:24 - 2012-05-24 19:24 - 00000000 ____D C:\Users\User\AppData\Local\{4877B114-B393-4AB9-B440-9D97DA2493C3}
2012-05-24 19:24 - 2012-05-24 19:24 - 00000000 ____D C:\Users\User\AppData\Local\{41F7CE39-1B9D-48CC-B45E-1723092F4589}
2012-05-24 18:53 - 2012-05-24 18:53 - 00000000 ____D C:\Users\User\AppData\Local\{94F61BA7-8FF8-4605-9528-B4BE4F6463A7}
2012-05-24 18:53 - 2012-05-24 18:53 - 00000000 ____D C:\Users\User\AppData\Local\{319E84FA-49AC-446F-B751-291D5ADB0E28}
2012-05-24 18:33 - 2012-05-24 18:33 - 00000000 ____D C:\Users\User\AppData\Local\{748AD251-6F0C-4138-B925-E6DF1C4EC95A}
2012-05-24 18:33 - 2012-05-24 18:33 - 00000000 ____D C:\Users\User\AppData\Local\{2B60BBCF-872A-43C5-A54B-5419656A3C11}
2012-05-23 19:32 - 2012-05-23 19:32 - 00000000 ____D C:\Users\User\AppData\Local\{68C8D7D6-80F9-4028-9CBD-561027E6AF0A}
2012-05-23 19:32 - 2012-05-23 19:32 - 00000000 ____D C:\Users\User\AppData\Local\{14902574-9DBD-4182-AD13-1A5248E6A0C7}
2012-05-22 19:53 - 2012-05-22 19:53 - 00000000 ____D C:\Users\User\AppData\Local\{2AB2CC5E-8D2B-4EE6-AE2C-90B9502378BC}
2012-05-22 19:10 - 2012-05-22 19:10 - 00000000 ____D C:\Users\User\AppData\Local\{D52C3204-70FD-4B78-A85E-6377A936FE42}
2012-05-22 19:10 - 2012-05-22 19:10 - 00000000 ____D C:\Users\User\AppData\Local\{72C3F495-FB16-4C39-9C1E-B5FE67B84328}
2012-05-21 23:15 - 2012-05-21 23:15 - 00000000 ____D C:\Users\User\AppData\Local\{B74F0B37-BE7B-48A6-8812-3CA1ED46A528}
2012-05-21 23:15 - 2012-05-21 23:15 - 00000000 ____D C:\Users\User\AppData\Local\{521FF700-BD2A-4639-8CBC-16A8177768A4}
2012-05-21 20:38 - 2012-05-21 20:38 - 00000000 ____D C:\Users\User\AppData\Local\{CDF56A5C-B0DA-450D-AF98-5012DA6CF113}
2012-05-21 20:38 - 2012-05-21 20:38 - 00000000 ____D C:\Users\User\AppData\Local\{36A3FF96-EDE3-4A88-BF5F-8EB8CB4A3742}
2012-05-21 20:35 - 2012-05-21 20:35 - 00000000 ____D C:\Users\User\AppData\Local\{3D31D2F4-6DC4-42D2-B910-0BE7F480E8B8}
2012-05-21 20:35 - 2012-05-21 20:35 - 00000000 ____D C:\Users\User\AppData\Local\{0DDEA96D-7090-4D5F-9AC3-535D52A821A2}
2012-05-21 18:42 - 2012-05-21 18:42 - 00000000 ____D C:\Users\User\AppData\Local\{982FAE18-D8D4-413B-B908-71F229F855F5}
2012-05-21 18:42 - 2012-05-21 18:42 - 00000000 ____D C:\Users\User\AppData\Local\{4E5CDDA0-9893-4F34-BBEC-9260E688AF02}
2012-05-20 22:23 - 2012-05-20 22:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-20 22:23 - 2012-05-20 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-20 22:19 - 2012-05-20 22:19 - 00000000 ____D C:\Users\User\AppData\Local\{B1776432-1061-4E86-AA3E-890E8802D0D4}
2012-05-20 22:19 - 2012-05-20 22:19 - 00000000 ____D C:\Users\User\AppData\Local\{68429DA8-C75E-43FB-9081-4FBC9ADDF507}
2012-05-20 21:39 - 2012-05-20 21:39 - 00000000 ____D C:\Users\User\AppData\Local\{D9576DA4-98E7-4AB6-947B-682CFD6DD478}
2012-05-20 21:39 - 2012-05-20 21:39 - 00000000 ____D C:\Users\User\AppData\Local\{00877839-9E8A-4C05-8FDA-00605E0AFAA8}
2012-05-20 09:39 - 2012-05-20 09:40 - 00000000 ____D C:\Users\User\AppData\Local\{6168886D-88D1-4A70-8A1F-55DCB0E12D7B}
2012-05-20 09:39 - 2012-05-20 09:39 - 00000000 ____D C:\Users\User\AppData\Local\{D470E746-1899-4F85-8D2C-039ED7A313B5}
2012-05-20 09:06 - 2012-05-20 09:06 - 00000000 ____D C:\Users\User\AppData\Local\{D9C1EDCA-08C7-4088-8AA4-FF2064819CC4}
2012-05-20 09:06 - 2012-05-20 09:06 - 00000000 ____D C:\Users\User\AppData\Local\{93C7D3EA-E81E-4548-9DCC-4B3C8E0EF7A8}
2012-05-20 09:06 - 2012-05-20 09:06 - 00000000 ____D C:\Users\User\AppData\Local\{41882AF5-F615-4BC9-A2A2-C8A5885FDC3F}
2012-05-19 14:22 - 2012-05-19 14:23 - 00000000 ____D C:\Users\User\AppData\Local\{BEEBDFDA-BE48-4A20-88E6-0105A8CE8F07}
2012-05-19 14:22 - 2012-05-19 14:22 - 00000000 ____D C:\Users\User\AppData\Local\{814C7A71-7A69-4D76-84F7-C269DAE7D65A}
2012-05-19 05:50 - 2012-05-19 05:50 - 00000000 ____D C:\Users\User\AppData\Local\{F85ACC5F-3FC3-478F-BDA2-13B798BA5067}
2012-05-19 05:50 - 2012-05-19 05:50 - 00000000 ____D C:\Users\User\AppData\Local\{6657B0C4-EFEB-4027-86F2-F75A8D82CD47}
2012-05-18 22:51 - 2012-05-18 22:51 - 00000000 ____D C:\Users\User\AppData\Local\{0A1FF414-AC05-426F-A248-9DED8B5876E5}
2012-05-18 22:50 - 2012-05-18 22:50 - 00000000 ____D C:\Users\User\AppData\Local\{0BBBF547-E1A7-410C-97CF-634FB8BAD885}
2012-05-18 21:56 - 2012-05-18 21:56 - 00000000 ____D C:\Users\User\AppData\Local\{BF8DEB56-667D-4298-961E-971D20A3F706}
2012-05-18 19:38 - 2012-05-18 19:38 - 00000000 ____D C:\Users\User\AppData\Local\{BB688C1A-B42F-4EC0-AA31-89039D5A20F9}
2012-05-18 19:38 - 2012-05-18 19:38 - 00000000 ____D C:\Users\User\AppData\Local\{93479405-0632-4773-9FF4-CCFB10D2A909}
2012-05-17 22:50 - 2012-05-17 22:50 - 00000000 ____D C:\Users\User\AppData\Local\{4FF675A4-DF17-4996-A63F-0F4112DAD9D5}
2012-05-17 22:50 - 2012-05-17 22:50 - 00000000 ____D C:\Users\User\AppData\Local\{498A505B-925C-44FB-9CA9-DD6C8BB8CA45}
2012-05-17 18:54 - 2012-05-17 18:54 - 00000000 ____D C:\Users\User\AppData\Local\{78362277-FBD2-49E5-B1D8-5D3022D99A80}
2012-05-17 18:53 - 2012-05-17 18:54 - 00000000 ____D C:\Users\User\AppData\Local\{063FE9C3-7F9B-49D0-AA72-0E2358CBC0C7}
2012-05-17 18:51 - 2012-05-17 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{5F04605E-FD7A-4573-9297-608A80CE236D}
2012-05-17 18:51 - 2012-05-17 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{2A0307F0-0F24-4FD8-9B70-63BF1031B21B}
2012-05-16 22:37 - 2012-05-16 22:37 - 00000000 ____D C:\Users\User\AppData\Local\{F76A9B1E-AC34-43B7-B522-EF98406022CD}
2012-05-16 22:37 - 2012-05-16 22:37 - 00000000 ____D C:\Users\User\AppData\Local\{C0B7163C-A752-48C2-9F26-0C86AC36283F}
2012-05-16 20:01 - 2012-05-16 20:01 - 00000000 ____D C:\Users\User\AppData\Local\{71653197-B68F-40A2-93C3-D689F006037F}
2012-05-16 20:00 - 2012-05-16 20:01 - 00000000 ____D C:\Users\User\AppData\Local\{C561ABEB-F69B-4FF2-A381-EE3A17A6E475}
2012-05-16 19:58 - 2012-05-16 19:58 - 02981723 ____A C:\Users\User\Downloads\004.JPG
2012-05-16 19:53 - 2012-05-16 19:53 - 00000000 ____D C:\Users\User\AppData\Local\{D4F59CAD-5109-41DF-BBB8-D05D182825AB}
2012-05-16 19:53 - 2012-05-16 19:53 - 00000000 ____D C:\Users\User\AppData\Local\{97304BE1-CC11-4E29-B838-A14EBB6AD713}
2012-05-16 19:18 - 2012-05-16 19:18 - 00000000 ____D C:\Users\User\AppData\Local\{EA030AA6-8F13-4DF2-AC4E-FE040D3A413E}
2012-05-16 19:18 - 2012-05-16 19:18 - 00000000 ____D C:\Users\User\AppData\Local\{7D2856E6-A612-4811-9241-9748069E5051}
2012-05-16 18:04 - 2012-05-16 18:04 - 00000000 ____D C:\Users\User\AppData\Local\{99224CB6-03D5-4021-AFBB-01DDA1531928}
2012-05-16 06:29 - 2012-05-16 06:30 - 00000000 ____D C:\Users\User\AppData\Local\{8A12B1F5-8220-4C4E-8623-E1C3FE541284}
2012-05-16 06:29 - 2012-05-16 06:29 - 00000000 ____D C:\Users\User\AppData\Local\{C7339F38-9A54-459A-954D-A0EA8401898B}
2012-05-15 21:52 - 2012-05-15 21:52 - 00000000 ____D C:\Users\User\AppData\Local\{D534A849-5A0F-49C8-A18F-E84E3CC880C3}
2012-05-15 21:52 - 2012-05-15 21:52 - 00000000 ____D C:\Users\User\AppData\Local\{35DBDDDF-8426-4733-AF4B-0B2EBFC30AED}
2012-05-15 20:14 - 2012-05-15 20:14 - 00000000 ____D C:\Users\User\AppData\Local\{23B4120D-138E-47E8-86FB-468632A474AF}
2012-05-15 20:14 - 2012-05-15 20:14 - 00000000 ____D C:\Users\User\AppData\Local\{1D044CFB-D3DE-48BF-8107-1E36D950D11E}
2012-05-15 19:26 - 2012-05-15 19:26 - 00000000 ____D C:\Users\User\AppData\Local\{A1C6D679-B3D9-4C68-AEB4-5DF9629FD2AB}
2012-05-15 19:25 - 2012-05-15 19:26 - 00000000 ____D C:\Users\User\AppData\Local\{6E8EB4EA-480E-4EDF-9FC3-4F230AC6E761}
2012-05-13 12:34 - 2012-05-13 12:34 - 00000000 ____D C:\Users\User\AppData\Local\{60AFE895-E9DD-49B5-A38F-7FEC1A4960DB}
2012-05-13 12:34 - 2012-05-13 12:34 - 00000000 ____D C:\Users\User\AppData\Local\{396EF1D7-8E20-4497-A877-357CC0431554}
2012-05-12 09:51 - 2012-05-12 09:51 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2012-05-11 21:07 - 2012-05-11 21:07 - 00000000 ____D C:\Users\User\AppData\Local\{87DDE2D6-F483-47C5-A4EE-73CE0843EB00}
2012-05-11 21:07 - 2012-05-11 21:07 - 00000000 ____D C:\Users\User\AppData\Local\{1C5B43C5-F744-4C22-BE52-7863E8D3916D}


============ 3 Months Modified Files and Folders =============

2012-06-10 22:54 - 2010-11-21 03:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-10 22:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2012-06-10 21:16 - 2012-06-10 21:16 - 00000000 ____D C:\FRST
2012-06-10 21:15 - 2011-09-16 10:35 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-10 21:15 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-10 21:15 - 2009-07-14 00:51 - 00049235 ____A C:\Windows\setupact.log
2012-06-10 21:08 - 2012-06-10 21:08 - 00001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-10 21:08 - 2012-06-10 21:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-06-10 21:08 - 2012-06-10 21:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-10 21:08 - 2012-06-10 21:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-10 20:55 - 2012-06-10 21:06 - 00397451 ____A C:\Users\User\Desktop\MiniToolBox.exe
2012-06-10 20:53 - 2012-06-10 21:06 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
2012-06-10 20:43 - 2012-06-10 21:07 - 01401619 ____A C:\Users\User\Desktop\FRST64.exe
2012-06-10 19:45 - 2011-09-16 10:35 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-10 19:34 - 2012-04-05 07:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-10 19:22 - 2012-06-10 19:01 - 00005416 ____A C:\Users\User\Desktop\yorkyt.exe.log
2012-06-10 19:13 - 2012-06-10 19:12 - 00000466 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-06-10 19:13 - 2012-06-10 19:12 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job
2012-06-10 19:13 - 2012-06-10 19:12 - 00000440 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-06-10 19:13 - 2012-06-10 19:12 - 00000420 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
2012-06-10 19:12 - 2012-06-10 19:12 - 00001101 ____A C:\Users\Public\Desktop\ParetoLogic Anti-Virus PLUS.lnk
2012-06-10 19:12 - 2012-06-10 19:12 - 00000000 ____D C:\Users\All Users\PLAV
2012-06-10 19:12 - 2012-06-10 19:12 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-06-10 19:04 - 2012-06-10 19:04 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS
2012-06-10 19:04 - 2012-06-10 19:04 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2012-06-10 19:00 - 2009-07-14 01:13 - 00730746 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-10 18:55 - 2011-11-18 16:16 - 00000000 ____D C:\users\User
2012-06-10 18:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-10 17:37 - 2012-06-10 18:58 - 08871304 ____A (ParetoLogic Inc.) C:\Users\User\Desktop\Pareto_AV_Setup_RW.exe
2012-06-10 17:21 - 2012-06-10 18:59 - 72482336 ____A (Microsoft Corporation) C:\Users\User\Desktop\msert.exe
2012-06-10 16:39 - 2012-06-10 16:07 - 00222230 ____A C:\Users\User\Desktop\yorkyt (1).exe.log
2012-06-10 15:57 - 2012-06-10 18:59 - 01415784 ____A C:\Users\User\Desktop\yorkyt.exe
2012-06-10 15:56 - 2009-07-14 01:08 - 00032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-10 15:53 - 2012-06-10 15:53 - 01415784 ____A C:\Users\User\Downloads\yorkyt.exe
2012-06-10 15:28 - 2011-09-16 10:15 - 01260693 ____A C:\Windows\WindowsUpdate.log
2012-06-10 15:27 - 2011-12-03 09:51 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-10 15:26 - 2012-06-10 15:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-10 15:26 - 2012-06-10 15:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-10 15:26 - 2012-06-10 15:25 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall (1).exe
2012-06-10 15:26 - 2011-12-03 09:51 - 00744896 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-10 15:25 - 2009-07-14 00:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-10 15:25 - 2009-07-14 00:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-10 15:21 - 2012-06-10 15:20 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall.exe
2012-06-10 15:16 - 2012-06-10 15:07 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-10 15:16 - 2009-07-13 22:34 - 00442883 ____R C:\Windows\System32\Drivers\etc\hosts
2012-06-10 15:08 - 2012-06-10 15:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-10 15:07 - 2012-06-10 15:07 - 00001233 ____A C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
2012-06-10 15:06 - 2012-06-10 15:06 - 16409960 ____A (Safer Networking Limited ) C:\Users\User\Downloads\spybotsd162.exe
2012-06-10 15:02 - 2012-06-10 14:51 - 00000000 ____D C:\Users\All Users\B7E858A7000083BB0004264BB4EB2367
2012-06-10 14:56 - 2012-06-10 14:56 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-10 14:53 - 2012-06-10 14:53 - 00001105 ____A C:\Users\User\Desktop\Live Security Platinum.lnk
2012-06-10 14:53 - 2012-04-05 07:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-10 14:53 - 2011-08-01 03:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-10 14:52 - 2012-01-11 19:42 - 00000000 __SHD C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff}
2012-06-10 11:09 - 2012-06-10 11:08 - 00000000 ____D C:\Users\User\AppData\Local\{656304E9-C9F1-4B76-8255-B7D130770D10}
2012-06-10 11:08 - 2012-06-10 11:08 - 00000000 ____D C:\Users\User\AppData\Local\{702DF959-F11A-44A0-9E41-C334774BD21B}
2012-06-10 11:08 - 2012-01-04 22:11 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2012-06-10 08:14 - 2012-06-10 08:14 - 00000000 ____D C:\Users\User\AppData\Local\{75D15F78-5D8B-40C3-9C5D-2AEA91FC815C}
2012-06-10 08:14 - 2012-06-10 08:13 - 00000000 ____D C:\Users\User\AppData\Local\{DAA3DB5B-047B-432A-AEBF-EB6D868F2FEA}
2012-06-09 23:19 - 2011-11-26 10:29 - 01041012 ____A C:\Users\User\Desktop\11_2010_2012.ynab3
2012-06-09 23:19 - 2011-11-26 10:29 - 00000000 ____D C:\Users\User\Desktop\YNAB-Backup
2012-06-09 21:50 - 2012-06-09 21:50 - 00000000 ____D C:\Users\User\AppData\Local\{90C7D4A3-5EC4-4F0E-979F-C8FFA292F7E6}
2012-06-09 16:47 - 2012-06-09 16:47 - 00000000 ____D C:\Users\User\AppData\Local\{354BCC9B-92AA-4FE0-B64E-0359040A919B}
2012-06-09 16:47 - 2012-06-09 16:46 - 00000000 ____D C:\Users\User\AppData\Local\{DCD61D25-6012-474B-8848-522602CB798F}
2012-06-09 16:29 - 2012-06-09 16:29 - 00000000 ____D C:\Users\User\AppData\Local\{B6E400F5-10B9-446D-95C7-39A127F47EFE}
2012-06-09 16:29 - 2012-06-09 16:29 - 00000000 ____D C:\Users\User\AppData\Local\{6826CE32-2001-464D-BD5A-167FCECAD8CB}
2012-06-09 16:25 - 2012-06-09 16:25 - 00000000 ____D C:\Users\User\AppData\Local\{E1FC788D-F3B4-49C6-930A-5CBD65723FFF}
2012-06-09 16:25 - 2012-06-09 16:25 - 00000000 ____D C:\Users\User\AppData\Local\{7792CECC-A088-42FC-92BF-0AD58C2525AC}
2012-06-09 14:43 - 2012-06-09 14:43 - 00000000 ____D C:\Users\User\AppData\Local\{5DA60556-6A0D-4C91-87AE-1041AA420017}
2012-06-09 14:43 - 2012-06-09 14:43 - 00000000 ____D C:\Users\User\AppData\Local\{269576A9-26F5-46FB-80F8-744137ABE13E}
2012-06-09 08:45 - 2012-06-09 08:45 - 00000000 ____D C:\Users\User\AppData\Local\{94AF2EA8-98E4-43CF-B31D-E7C05B666339}
2012-06-09 08:45 - 2012-06-09 08:45 - 00000000 ____D C:\Users\User\AppData\Local\{49B0FC0E-F50F-4068-8E14-801DFECE62E8}
2012-06-09 07:38 - 2012-06-09 07:38 - 00000000 ____D C:\Users\User\AppData\Local\{8D3B58C8-004A-4AF8-AB21-43151FBCE24B}
2012-06-09 07:38 - 2012-06-09 07:38 - 00000000 ____D C:\Users\User\AppData\Local\{59F68412-DBBC-474C-8524-5F408698BA6C}
2012-06-08 06:09 - 2012-06-08 06:09 - 00000000 ____D C:\Users\User\AppData\Local\{D73885EA-C215-4DC4-8411-9F61C76CC0EC}
2012-06-08 06:09 - 2012-06-08 06:09 - 00000000 ____D C:\Users\User\AppData\Local\{BD523A12-96B0-4788-B178-24E713F305DC}
2012-06-08 05:58 - 2012-06-08 05:57 - 00000000 ____D C:\Users\User\AppData\Local\{B9046C08-5BBB-4D12-941A-0FE02863F63D}
2012-06-08 05:57 - 2012-06-08 05:57 - 00000000 ____D C:\Users\User\AppData\Local\{8E7DC8FE-9417-4C3E-84AB-1A5A5AEF4EA7}
2012-06-07 20:37 - 2012-06-07 20:37 - 00000000 ____D C:\Users\User\AppData\Local\{A967786D-A61F-4E31-BC56-D4CF12D89FDB}
2012-06-07 20:37 - 2012-06-07 20:36 - 00000000 ____D C:\Users\User\AppData\Local\{4EE44B9B-CDB7-4448-914D-37F8DF3FEF5D}
2012-06-06 20:08 - 2012-06-06 20:07 - 00000000 ____D C:\Users\User\AppData\Local\{C60AC161-9F88-4E42-B34A-6FC3E969801D}
2012-06-06 20:07 - 2012-06-06 20:07 - 00000000 ____D C:\Users\User\AppData\Local\{E35DB8F0-FEB9-42D0-A496-A141F6CAD7C0}
2012-06-06 19:40 - 2012-06-06 19:40 - 00000000 ____D C:\Users\User\AppData\Local\{E4D1E5E3-0D15-40F3-9897-F57828CB24B7}
2012-06-06 19:40 - 2012-06-06 19:40 - 00000000 ____D C:\Users\User\AppData\Local\{129F5979-C355-42D9-8EFD-B657AE8C49AF}
2012-06-05 19:25 - 2012-06-05 19:25 - 00000000 ____D C:\Users\User\AppData\Local\{EFF4D235-314A-415F-821D-E360872C6AEA}
2012-06-05 19:25 - 2012-06-05 19:24 - 00000000 ____D C:\Users\User\AppData\Local\{C617299D-F78D-4B60-B43A-CC5EFB65F8DD}
2012-06-04 18:48 - 2012-06-04 18:48 - 00000000 ____D C:\Users\User\AppData\Local\{A15B4770-CC64-4952-A5D8-7DE1A7D290E0}
2012-06-04 18:48 - 2012-06-04 18:48 - 00000000 ____D C:\Users\User\AppData\Local\{879C0F97-339B-4623-AF63-81C3AA6C2898}
2012-06-03 09:07 - 2012-06-03 09:07 - 00000000 ____D C:\Users\User\AppData\Local\{DB2CBF87-5718-4F23-8FE6-008B90E40A49}
2012-06-03 09:07 - 2012-06-03 09:06 - 00000000 ____D C:\Users\User\AppData\Local\{828461BE-6580-495F-A02A-DEECDA258E19}
2012-06-03 07:58 - 2012-06-03 07:58 - 00034985 ____A C:\Users\User\Desktop\thegirls.jpg
2012-06-03 07:55 - 2012-06-03 07:54 - 00000000 ____D C:\Users\User\AppData\Local\{60F9B293-0A6C-4626-B9D9-0C2937E0F728}
2012-06-03 07:54 - 2012-06-03 07:54 - 00000000 ____D C:\Users\User\AppData\Local\{11B4D79D-018D-4CB6-9F1B-F4FE17AD03DF}
2012-06-01 23:19 - 2012-06-01 23:19 - 00000000 ____D C:\Users\User\AppData\Local\{4DA8A63D-609A-4145-817B-43FF73007518}
2012-06-01 23:19 - 2012-06-01 23:19 - 00000000 ____D C:\Users\User\AppData\Local\{4CBA1359-9AE0-4788-B424-1FE3294F8B15}
2012-06-01 20:10 - 2012-06-01 20:10 - 00000000 ____D C:\Users\User\AppData\Local\{B2EE8BDA-BA33-4159-A937-C391315C84E7}
2012-06-01 20:10 - 2012-06-01 20:10 - 00000000 ____D C:\Users\User\AppData\Local\{A3179F6D-23D2-4CBB-92FC-3D6B5FEEF029}
2012-06-01 20:03 - 2012-06-01 20:03 - 00153607 ____A C:\Users\User\Desktop\FromGeorgia.jpg
2012-06-01 19:52 - 2012-06-01 19:52 - 00000000 ____D C:\Users\User\AppData\Local\{3F2DFE81-441D-42CE-A7A7-A04D6184AEEE}
2012-06-01 19:52 - 2012-06-01 19:52 - 00000000 ____D C:\Users\User\AppData\Local\{07A244F2-8DB1-4CAC-9C18-1F36554B6478}
2012-06-01 19:52 - 2011-11-25 16:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2012-06-01 06:28 - 2012-01-04 21:42 - 00000000 ____D C:\Users\User\AppData\Roaming\SoftGrid Client
2012-06-01 05:45 - 2012-06-01 05:45 - 00000000 ____D C:\Users\User\AppData\Local\{BA284B7B-0C1F-4FB0-ACEE-7822282DE5A0}
2012-06-01 05:45 - 2012-06-01 05:45 - 00000000 ____D C:\Users\User\AppData\Local\{09305791-5F03-400F-BF7C-11E19DB6B4FD}
2012-05-30 18:41 - 2012-05-30 18:40 - 00000000 ____D C:\Users\User\AppData\Local\{F10503E3-D7C8-407D-A044-1DBED6A102AF}
2012-05-30 18:40 - 2012-05-30 18:40 - 00000000 ____D C:\Users\User\AppData\Local\{29467DBC-225F-43FE-BA91-76F64A595D40}
2012-05-29 20:42 - 2012-05-29 20:42 - 00000000 ____D C:\Users\User\AppData\Local\{E7160952-2B59-48EF-A826-C7FC45480574}
2012-05-29 20:42 - 2012-05-29 20:42 - 00000000 ____D C:\Users\User\AppData\Local\{15F4BF96-9DDC-4888-9287-B484A961CB2E}
2012-05-29 20:41 - 2012-05-29 20:41 - 00000000 ____D C:\Users\User\AppData\Local\{C31C2A78-9A90-43EE-9466-37B946B4027F}
2012-05-29 20:40 - 2012-05-29 20:37 - 02015708 ____A C:\Users\User\Desktop\2012regform.pdf
2012-05-29 20:38 - 2012-05-29 20:38 - 00000000 ____D C:\Users\User\AppData\Local\{D51F39CF-2273-4077-A6C5-F54F190CDFB6}
2012-05-29 20:38 - 2012-05-29 20:38 - 00000000 ____D C:\Users\User\AppData\Local\{2907DE38-5BAC-4B95-8020-20303AC32EA2}
2012-05-29 19:48 - 2012-05-29 19:48 - 00000000 ____D C:\Users\User\AppData\Local\{15666D4F-CAFB-4E2B-BF33-07AA9CD3F192}
2012-05-29 19:48 - 2012-05-29 19:47 - 00000000 ____D C:\Users\User\AppData\Local\{3DE904DE-9218-448B-83E9-667DC12EB62E}
2012-05-28 21:47 - 2012-05-28 21:47 - 00000000 ____D C:\Users\User\AppData\Local\{8E44C577-00CC-4531-A99C-D72897E67E0D}
2012-05-28 12:03 - 2012-05-28 12:02 - 00000000 ____D C:\Users\User\AppData\Local\{D9093B92-3324-4799-BAA1-A22E9D83674D}
2012-05-28 12:02 - 2012-05-28 12:02 - 00000000 ____D C:\Users\User\AppData\Local\{C5218768-C64A-4323-9381-B4BDB07FCB13}
2012-05-28 11:53 - 2012-05-28 11:53 - 03491786 ____A C:\Users\User\Desktop\Velux-TGF-TMF-Flexible-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 11:49 - 2012-05-28 11:49 - 03346754 ____A C:\Users\User\Desktop\Velux-TGR-TMR-Rigid-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 07:21 - 2012-05-28 07:21 - 00000000 ____D C:\Users\User\AppData\Local\{ED1ED981-517A-49DD-94EF-975DC8283D76}
2012-05-28 07:21 - 2012-05-28 07:20 - 00000000 ____D C:\Users\User\AppData\Local\{63124923-D2AE-4C6F-B1B1-A85A1015368F}
2012-05-26 22:51 - 2012-05-26 22:51 - 00000000 ____D C:\Users\User\AppData\Local\{F55E8371-1D37-430B-A26F-21BD942C40A5}
2012-05-26 22:51 - 2012-05-26 22:51 - 00000000 ____D C:\Users\User\AppData\Local\{3876FFAB-EA9B-4D65-9337-A1A440D8D02F}
2012-05-26 12:01 - 2012-05-26 12:01 - 00000000 ____D C:\Users\User\AppData\Local\{602EE7BF-6B4B-4D27-863C-A2973C2C04EB}
2012-05-26 12:01 - 2012-05-26 12:01 - 00000000 ____D C:\Users\User\AppData\Local\{5A9056A5-09BA-4D24-9B1C-8F70D3DDB0D9}
2012-05-26 11:04 - 2012-05-26 11:04 - 00000000 ____D C:\Users\User\AppData\Local\{8280A3A0-BF7F-4474-A026-93E562E97287}
2012-05-26 11:04 - 2012-05-26 11:04 - 00000000 ____D C:\Users\User\AppData\Local\{6F4A8A52-CF9D-4A42-9C3E-AE2C774F5039}
2012-05-26 08:07 - 2012-05-26 08:07 - 00000000 ____D C:\Users\User\AppData\Local\{902DB2A4-B194-4B92-901B-38C60CB37133}
2012-05-26 08:07 - 2012-05-26 08:07 - 00000000 ____D C:\Users\User\AppData\Local\{8D12EE67-9CB7-442D-8958-D7BC666E626A}
2012-05-25 21:46 - 2012-05-25 21:46 - 00000000 ____D C:\Users\User\AppData\Local\{B433D679-2BCA-450B-91E8-017CC9F421FD}
2012-05-25 21:46 - 2012-05-25 21:46 - 00000000 ____D C:\Users\User\AppData\Local\{51D44CD4-091A-4E51-8444-677A83CCF6B5}
2012-05-25 06:17 - 2012-05-25 06:17 - 00000000 ____D C:\Users\User\AppData\Local\{56DB8D77-FCBD-4964-AA68-1C16F2D0C037}
2012-05-25 06:17 - 2012-05-25 06:17 - 00000000 ____D C:\Users\User\AppData\Local\{0F1E141A-9179-453B-8479-30A289D5D95D}
2012-05-25 05:45 - 2012-05-25 05:45 - 00000000 ____D C:\Users\User\AppData\Local\{48AE921E-7ABE-43AF-8CA8-E3EF667F33E9}
2012-05-25 05:45 - 2012-05-25 05:44 - 00000000 ____D C:\Users\User\AppData\Local\{2D80752B-6D9F-460D-BFB0-4892F0F24EB0}
2012-05-25 05:29 - 2012-05-25 05:29 - 00000000 ____D C:\Users\User\AppData\Local\{86632894-5C03-4210-98BC-C245F89D06AC}
2012-05-25 05:29 - 2012-05-25 05:28 - 00000000 ____D C:\Users\User\AppData\Local\{8D4673EE-1B68-4F6A-B2E0-7E8F7FCC4CEC}
2012-05-24 21:00 - 2012-05-24 21:00 - 00000000 ____D C:\Users\User\AppData\Local\{FC960C23-B6A1-4ED6-83CF-B395F865832F}
2012-05-24 21:00 - 2012-05-24 21:00 - 00000000 ____D C:\Users\User\AppData\Local\{E568E6A7-CCA1-4AFA-BDBB-E1BDEF17B901}
2012-05-24 20:04 - 2012-05-24 20:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-05-24 20:03 - 2012-05-24 20:03 - 00060304 ____A C:\Users\User\g2mdlhlpx.exe
2012-05-24 20:00 - 2012-05-24 19:59 - 00000000 ____D C:\Users\User\AppData\Local\{09296A3B-5772-4E46-B046-CECEFFD3A11D}
2012-05-24 19:59 - 2012-05-24 19:59 - 00000000 ____D C:\Users\User\AppData\Local\{B9D2FB60-C951-48AB-9C08-8F90D48150A6}
2012-05-24 19:24 - 2012-05-24 19:24 - 00000000 ____D C:\Users\User\AppData\Local\{4877B114-B393-4AB9-B440-9D97DA2493C3}
2012-05-24 19:24 - 2012-05-24 19:24 - 00000000 ____D C:\Users\User\AppData\Local\{41F7CE39-1B9D-48CC-B45E-1723092F4589}
2012-05-24 18:53 - 2012-05-24 18:53 - 00000000 ____D C:\Users\User\AppData\Local\{94F61BA7-8FF8-4605-9528-B4BE4F6463A7}
2012-05-24 18:53 - 2012-05-24 18:53 - 00000000 ____D C:\Users\User\AppData\Local\{319E84FA-49AC-446F-B751-291D5ADB0E28}
2012-05-24 18:33 - 2012-05-24 18:33 - 00000000 ____D C:\Users\User\AppData\Local\{748AD251-6F0C-4138-B925-E6DF1C4EC95A}
2012-05-24 18:33 - 2012-05-24 18:33 - 00000000 ____D C:\Users\User\AppData\Local\{2B60BBCF-872A-43C5-A54B-5419656A3C11}
2012-05-23 19:32 - 2012-05-23 19:32 - 00000000 ____D C:\Users\User\AppData\Local\{68C8D7D6-80F9-4028-9CBD-561027E6AF0A}
2012-05-23 19:32 - 2012-05-23 19:32 - 00000000 ____D C:\Users\User\AppData\Local\{14902574-9DBD-4182-AD13-1A5248E6A0C7}
2012-05-22 19:53 - 2012-05-22 19:53 - 00000000 ____D C:\Users\User\AppData\Local\{2AB2CC5E-8D2B-4EE6-AE2C-90B9502378BC}
2012-05-22 19:10 - 2012-05-22 19:10 - 00000000 ____D C:\Users\User\AppData\Local\{D52C3204-70FD-4B78-A85E-6377A936FE42}
2012-05-22 19:10 - 2012-05-22 19:10 - 00000000 ____D C:\Users\User\AppData\Local\{72C3F495-FB16-4C39-9C1E-B5FE67B84328}
2012-05-21 23:15 - 2012-05-21 23:15 - 00000000 ____D C:\Users\User\AppData\Local\{B74F0B37-BE7B-48A6-8812-3CA1ED46A528}
2012-05-21 23:15 - 2012-05-21 23:15 - 00000000 ____D C:\Users\User\AppData\Local\{521FF700-BD2A-4639-8CBC-16A8177768A4}
2012-05-21 20:38 - 2012-05-21 20:38 - 00000000 ____D C:\Users\User\AppData\Local\{CDF56A5C-B0DA-450D-AF98-5012DA6CF113}
2012-05-21 20:38 - 2012-05-21 20:38 - 00000000 ____D C:\Users\User\AppData\Local\{36A3FF96-EDE3-4A88-BF5F-8EB8CB4A3742}
2012-05-21 20:35 - 2012-05-21 20:35 - 00000000 ____D C:\Users\User\AppData\Local\{3D31D2F4-6DC4-42D2-B910-0BE7F480E8B8}
2012-05-21 20:35 - 2012-05-21 20:35 - 00000000 ____D C:\Users\User\AppData\Local\{0DDEA96D-7090-4D5F-9AC3-535D52A821A2}
2012-05-21 18:42 - 2012-05-21 18:42 - 00000000 ____D C:\Users\User\AppData\Local\{982FAE18-D8D4-413B-B908-71F229F855F5}
2012-05-21 18:42 - 2012-05-21 18:42 - 00000000 ____D C:\Users\User\AppData\Local\{4E5CDDA0-9893-4F34-BBEC-9260E688AF02}
2012-05-20 22:23 - 2012-05-20 22:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-20 22:23 - 2012-05-20 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-20 22:19 - 2012-05-20 22:19 - 00000000 ____D C:\Users\User\AppData\Local\{B1776432-1061-4E86-AA3E-890E8802D0D4}
2012-05-20 22:19 - 2012-05-20 22:19 - 00000000 ____D C:\Users\User\AppData\Local\{68429DA8-C75E-43FB-9081-4FBC9ADDF507}
2012-05-20 21:39 - 2012-05-20 21:39 - 00000000 ____D C:\Users\User\AppData\Local\{D9576DA4-98E7-4AB6-947B-682CFD6DD478}
2012-05-20 21:39 - 2012-05-20 21:39 - 00000000 ____D C:\Users\User\AppData\Local\{00877839-9E8A-4C05-8FDA-00605E0AFAA8}
2012-05-20 09:40 - 2012-05-20 09:39 - 00000000 ____D C:\Users\User\AppData\Local\{6168886D-88D1-4A70-8A1F-55DCB0E12D7B}
2012-05-20 09:39 - 2012-05-20 09:39 - 00000000 ____D C:\Users\User\AppData\Local\{D470E746-1899-4F85-8D2C-039ED7A313B5}
2012-05-20 09:06 - 2012-05-20 09:06 - 00000000 ____D C:\Users\User\AppData\Local\{D9C1EDCA-08C7-4088-8AA4-FF2064819CC4}
2012-05-20 09:06 - 2012-05-20 09:06 - 00000000 ____D C:\Users\User\AppData\Local\{93C7D3EA-E81E-4548-9DCC-4B3C8E0EF7A8}
2012-05-20 09:06 - 2012-05-20 09:06 - 00000000 ____D C:\Users\User\AppData\Local\{41882AF5-F615-4BC9-A2A2-C8A5885FDC3F}
2012-05-19 14:23 - 2012-05-19 14:22 - 00000000 ____D C:\Users\User\AppData\Local\{BEEBDFDA-BE48-4A20-88E6-0105A8CE8F07}
2012-05-19 14:22 - 2012-05-19 14:22 - 00000000 ____D C:\Users\User\AppData\Local\{814C7A71-7A69-4D76-84F7-C269DAE7D65A}
2012-05-19 08:04 - 2012-01-12 23:30 - 00039936 ____A C:\Users\User\Documents\MelindaMcLeodResume2.doc
2012-05-19 05:50 - 2012-05-19 05:50 - 00000000 ____D C:\Users\User\AppData\Local\{F85ACC5F-3FC3-478F-BDA2-13B798BA5067}
2012-05-19 05:50 - 2012-05-19 05:50 - 00000000 ____D C:\Users\User\AppData\Local\{6657B0C4-EFEB-4027-86F2-F75A8D82CD47}
2012-05-18 22:51 - 2012-05-18 22:51 - 00000000 ____D C:\Users\User\AppData\Local\{0A1FF414-AC05-426F-A248-9DED8B5876E5}
2012-05-18 22:50 - 2012-05-18 22:50 - 00000000 ____D C:\Users\User\AppData\Local\{0BBBF547-E1A7-410C-97CF-634FB8BAD885}
2012-05-18 21:56 - 2012-05-18 21:56 - 00000000 ____D C:\Users\User\AppData\Local\{BF8DEB56-667D-4298-961E-971D20A3F706}
2012-05-18 19:38 - 2012-05-18 19:38 - 00000000 ____D C:\Users\User\AppData\Local\{BB688C1A-B42F-4EC0-AA31-89039D5A20F9}
2012-05-18 19:38 - 2012-05-18 19:38 - 00000000 ____D C:\Users\User\AppData\Local\{93479405-0632-4773-9FF4-CCFB10D2A909}
2012-05-17 22:50 - 2012-05-17 22:50 - 00000000 ____D C:\Users\User\AppData\Local\{4FF675A4-DF17-4996-A63F-0F4112DAD9D5}
2012-05-17 22:50 - 2012-05-17 22:50 - 00000000 ____D C:\Users\User\AppData\Local\{498A505B-925C-44FB-9CA9-DD6C8BB8CA45}
2012-05-17 18:54 - 2012-05-17 18:54 - 00000000 ____D C:\Users\User\AppData\Local\{78362277-FBD2-49E5-B1D8-5D3022D99A80}
2012-05-17 18:54 - 2012-05-17 18:53 - 00000000 ____D C:\Users\User\AppData\Local\{063FE9C3-7F9B-49D0-AA72-0E2358CBC0C7}
2012-05-17 18:51 - 2012-05-17 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{5F04605E-FD7A-4573-9297-608A80CE236D}
2012-05-17 18:51 - 2012-05-17 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{2A0307F0-0F24-4FD8-9B70-63BF1031B21B}
2012-05-16 22:37 - 2012-05-16 22:37 - 00000000 ____D C:\Users\User\AppData\Local\{F76A9B1E-AC34-43B7-B522-EF98406022CD}
2012-05-16 22:37 - 2012-05-16 22:37 - 00000000 ____D C:\Users\User\AppData\Local\{C0B7163C-A752-48C2-9F26-0C86AC36283F}
2012-05-16 20:01 - 2012-05-16 20:01 - 00000000 ____D C:\Users\User\AppData\Local\{71653197-B68F-40A2-93C3-D689F006037F}
2012-05-16 20:01 - 2012-05-16 20:00 - 00000000 ____D C:\Users\User\AppData\Local\{C561ABEB-F69B-4FF2-A381-EE3A17A6E475}
2012-05-16 19:58 - 2012-05-16 19:58 - 02981723 ____A C:\Users\User\Downloads\004.JPG
2012-05-16 19:53 - 2012-05-16 19:53 - 00000000 ____D C:\Users\User\AppData\Local\{D4F59CAD-5109-41DF-BBB8-D05D182825AB}
2012-05-16 19:53 - 2012-05-16 19:53 - 00000000 ____D C:\Users\User\AppData\Local\{97304BE1-CC11-4E29-B838-A14EBB6AD713}
2012-05-16 19:18 - 2012-05-16 19:18 - 00000000 ____D C:\Users\User\AppData\Local\{EA030AA6-8F13-4DF2-AC4E-FE040D3A413E}
2012-05-16 19:18 - 2012-05-16 19:18 - 00000000 ____D C:\Users\User\AppData\Local\{7D2856E6-A612-4811-9241-9748069E5051}
2012-05-16 18:04 - 2012-05-16 18:04 - 00000000 ____D C:\Users\User\AppData\Local\{99224CB6-03D5-4021-AFBB-01DDA1531928}
2012-05-16 06:30 - 2012-05-16 06:29 - 00000000 ____D C:\Users\User\AppData\Local\{8A12B1F5-8220-4C4E-8623-E1C3FE541284}
2012-05-16 06:29 - 2012-05-16 06:29 - 00000000 ____D C:\Users\User\AppData\Local\{C7339F38-9A54-459A-954D-A0EA8401898B}
2012-05-15 21:52 - 2012-05-15 21:52 - 00000000 ____D C:\Users\User\AppData\Local\{D534A849-5A0F-49C8-A18F-E84E3CC880C3}
2012-05-15 21:52 - 2012-05-15 21:52 - 00000000 ____D C:\Users\User\AppData\Local\{35DBDDDF-8426-4733-AF4B-0B2EBFC30AED}
2012-05-15 20:14 - 2012-05-15 20:14 - 00000000 ____D C:\Users\User\AppData\Local\{23B4120D-138E-47E8-86FB-468632A474AF}
2012-05-15 20:14 - 2012-05-15 20:14 - 00000000 ____D C:\Users\User\AppData\Local\{1D044CFB-D3DE-48BF-8107-1E36D950D11E}
2012-05-15 19:26 - 2012-05-15 19:26 - 00000000 ____D C:\Users\User\AppData\Local\{A1C6D679-B3D9-4C68-AEB4-5DF9629FD2AB}
2012-05-15 19:26 - 2012-05-15 19:25 - 00000000 ____D C:\Users\User\AppData\Local\{6E8EB4EA-480E-4EDF-9FC3-4F230AC6E761}
2012-05-13 12:34 - 2012-05-13 12:34 - 00000000 ____D C:\Users\User\AppData\Local\{60AFE895-E9DD-49B5-A38F-7FEC1A4960DB}
2012-05-13 12:34 - 2012-05-13 12:34 - 00000000 ____D C:\Users\User\AppData\Local\{396EF1D7-8E20-4497-A877-357CC0431554}
2012-05-12 09:51 - 2012-05-12 09:51 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2012-05-12 07:06 - 2009-07-14 00:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 06:48 - 2011-11-18 16:40 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 21:07 - 2012-05-11 21:07 - 00000000 ____D C:\Users\User\AppData\Local\{87DDE2D6-F483-47C5-A4EE-73CE0843EB00}
2012-05-11 21:07 - 2012-05-11 21:07 - 00000000 ____D C:\Users\User\AppData\Local\{1C5B43C5-F744-4C22-BE52-7863E8D3916D}
2012-05-10 21:36 - 2012-05-10 21:36 - 00000000 ____D C:\33f4ec94127ffb07e9f67db0
2012-05-10 21:35 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 19:34 - 2012-05-10 19:34 - 00000000 ____D C:\Users\User\AppData\Local\{9C5B2551-A9B5-4CDB-9B66-F0BF622C6A39}
2012-05-10 19:34 - 2012-05-10 19:34 - 00000000 ____D C:\Users\User\AppData\Local\{904106E1-D4D2-4A99-8EF6-2C976BDF4968}
2012-05-10 19:08 - 2012-05-10 19:08 - 00000000 ____D C:\Users\User\AppData\Local\{FEEAD077-B214-46FC-8282-63E438FF8B58}
2012-05-10 19:08 - 2012-05-10 19:08 - 00000000 ____D C:\Users\User\AppData\Local\{58784215-A289-4957-8DA3-45AE23D50434}
2012-05-10 18:32 - 2012-05-10 18:32 - 00000000 ____D C:\Users\User\AppData\Local\{1B0BB40E-BAC1-4B48-A794-F480A607205C}
2012-05-10 18:32 - 2012-05-10 18:32 - 00000000 ____D C:\Users\User\AppData\Local\{17D8CFAC-3E93-4BC4-A0E4-A47474A8ABCE}
2012-05-09 19:15 - 2012-05-09 19:15 - 00000000 ____D C:\Users\User\AppData\Local\{F09BEF2F-968B-4572-B012-28116C49BFE2}
2012-05-09 19:15 - 2012-05-09 19:15 - 00000000 ____D C:\Users\User\AppData\Local\{883698B8-E577-4274-9267-DA3C01E8239E}
2012-05-08 18:33 - 2012-05-08 18:33 - 00000000 ____D C:\Users\User\AppData\Local\{D17758CC-24D9-4D33-8385-2262C6B2BBF7}
2012-05-08 18:33 - 2012-05-08 18:33 - 00000000 ____D C:\Users\User\AppData\Local\{42EF4F75-DE62-4524-9DA6-5258D141023D}
2012-05-08 18:01 - 2012-05-08 18:01 - 00000000 ____D C:\Users\User\AppData\Local\{291476FE-4E59-4C17-B2E9-4A2BBA24FDC5}
2012-05-08 18:01 - 2012-05-08 18:01 - 00000000 ____D C:\Users\User\AppData\Local\{24F05E20-E0DB-489E-BF58-5DA4D478A5B8}
2012-05-07 21:10 - 2012-05-07 21:10 - 00000000 ____D C:\Users\User\AppData\Local\{7B7EB9E5-4221-4983-854D-6B0FE9E00A4F}
2012-05-07 21:10 - 2012-05-07 21:10 - 00000000 ____D C:\Users\User\AppData\Local\{7339BB38-0BC7-4BCF-9615-51DB2495BB55}
2012-05-07 19:19 - 2012-05-07 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{C9CE25DE-830F-4FE2-8199-4BBA2B3599C0}
2012-05-07 19:19 - 2012-05-07 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{AB4130DC-5CEE-4AE0-89E6-CD624D1244FE}
2012-05-06 21:11 - 2012-05-06 21:11 - 00000000 ____D C:\Users\User\AppData\Local\{AED33378-123E-4389-A556-ECF32F951A2E}
2012-05-06 21:11 - 2012-05-06 21:11 - 00000000 ____D C:\Users\User\AppData\Local\{318CF2B5-C747-494A-A02C-4962B8B6F06A}
2012-05-05 21:07 - 2012-05-05 21:07 - 00000000 ____D C:\Users\User\AppData\Local\{4380E760-BC66-46E6-84B0-E2A3D64F8CEF}
2012-05-05 21:07 - 2012-05-05 21:06 - 00000000 ____D C:\Users\User\AppData\Local\{6B184592-9E60-4A9E-B638-A533D3F13A52}
2012-05-05 17:49 - 2012-05-05 17:48 - 00000000 ____D C:\Users\User\AppData\Local\{C12A7AB3-49CE-4359-8825-7EA85D0404BD}
2012-05-05 17:48 - 2012-05-05 17:48 - 00000000 ____D C:\Users\User\AppData\Local\{4A9414ED-8E37-4FF9-9A4C-0F1198C865BC}
2012-05-05 16:20 - 2012-05-05 16:20 - 00000000 ____D C:\Users\User\AppData\Local\{D9EAC512-4CB5-41D8-AB38-9DF874D3B71D}
2012-05-05 16:20 - 2012-05-05 16:20 - 00000000 ____D C:\Users\User\AppData\Local\{A118476F-DCC9-4B45-B6DA-59CCDEF5C280}
2012-05-05 15:33 - 2012-04-05 20:33 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 13:42 - 2012-05-05 13:42 - 00000000 ____D C:\Users\User\AppData\Local\{696957D7-9AE0-4F25-9E2E-5FF1B1D82621}
2012-05-05 13:42 - 2012-05-05 13:42 - 00000000 ____D C:\Users\User\AppData\Local\{382838C5-23E4-4280-8722-87880C381441}
2012-05-04 18:50 - 2012-05-04 18:49 - 00000000 ____D C:\Users\User\AppData\Local\{98F7FC25-CECD-4386-A0B7-B3297ABBF6A1}
2012-05-04 18:49 - 2012-05-04 18:49 - 00000000 ____D C:\Users\User\AppData\Local\{2DD1F9C4-B40D-4375-B79B-9852CDB689A7}
2012-05-04 18:12 - 2012-05-04 18:12 - 00000000 ____D C:\Users\User\AppData\Local\{E644DD79-35C8-4B4F-BD4B-FB4A19C52AAE}
2012-05-04 18:12 - 2012-05-04 18:11 - 00000000 ____D C:\Users\User\AppData\Local\{A15C2BB8-3E12-4327-82FD-967E96C9AC83}
2012-05-03 19:30 - 2012-05-03 19:30 - 00000000 ____D C:\Users\User\AppData\Local\{0075FD79-43E6-433B-A80A-23B90B5FF60D}
2012-05-03 19:30 - 2012-05-03 19:29 - 00000000 ____D C:\Users\User\AppData\Local\{8D61AD79-8093-4D88-82C7-E53A8283E55E}
2012-05-02 23:29 - 2012-05-02 23:29 - 00000000 ____D C:\Users\User\AppData\Local\{5C0F62E6-6BB2-43A7-B4A1-97C1A3AD0380}
2012-05-02 23:29 - 2012-05-02 23:29 - 00000000 ____D C:\Users\User\AppData\Local\{21BCE174-32DA-4F68-8919-04AD69A3E241}
2012-05-02 19:48 - 2012-05-02 19:48 - 00000000 ____D C:\Users\User\AppData\Local\{F84A2A23-ED55-4EA5-A4B4-0B3BD8D2A78B}
2012-05-02 19:48 - 2012-05-02 19:48 - 00000000 ____D C:\Users\User\AppData\Local\{8FBA9DB3-D60B-4224-B4BE-E19248A0AB28}
2012-05-02 19:30 - 2012-05-02 19:30 - 00000000 ____D C:\Users\User\AppData\Local\{0A7BA59D-2D81-41AD-8B19-2D29DE71DCC7}
2012-05-02 19:30 - 2012-05-02 19:29 - 00000000 ____D C:\Users\User\AppData\Local\{87567E16-42BB-4958-B7EE-F8D087B41617}
2012-05-01 19:32 - 2012-05-01 19:32 - 00000000 ____D C:\Users\User\AppData\Local\{5A011EA6-0FF2-4CFE-AB5C-28E94B027B4F}
2012-05-01 19:32 - 2012-05-01 19:31 - 00000000 ____D C:\Users\User\AppData\Local\{C23E27E9-BD06-4E9D-8BD0-528DA42976ED}
2012-05-01 18:28 - 2012-05-01 18:27 - 00000000 ____D C:\Users\User\AppData\Local\{A52AA1AF-D924-4705-A63D-505C1EB2DC6D}
2012-05-01 18:27 - 2012-05-01 18:27 - 00000000 ____D C:\Users\User\AppData\Local\{DFC95FFC-798E-49BD-8794-49774C1627E6}
2012-05-01 18:14 - 2012-05-01 18:14 - 00000000 ____D C:\Users\User\AppData\Local\{BBB99DB0-1C4E-4FE0-946E-55F7C9B53664}
2012-05-01 18:14 - 2012-05-01 18:14 - 00000000 ____D C:\Users\User\AppData\Local\{7E26BDBF-05FF-4E22-A3FF-FA662D0899E3}
2012-05-01 06:07 - 2012-05-01 06:07 - 00000000 ____D C:\Users\User\AppData\Local\{FD49589D-0B11-47D2-9E8D-93CF7EC8FBB6}
2012-05-01 06:07 - 2012-05-01 06:07 - 00000000 ____D C:\Users\User\AppData\Local\{9B2F3405-D56A-4770-B175-552ADF26CCB8}
2012-05-01 05:46 - 2012-05-01 05:46 - 00000000 ____D C:\Users\User\AppData\Local\{65FBF8F4-AE8E-4027-9DFF-6994D73EE745}
2012-04-30 22:04 - 2012-04-30 22:04 - 00000000 ____D C:\Users\User\AppData\Local\{ADDB08E3-FBC9-44C7-BE96-33F145C36658}
2012-04-30 19:41 - 2012-04-30 19:41 - 00000000 ____D C:\Users\User\AppData\Local\{61C8D3E3-602D-43EB-A006-CEED51C017B0}
2012-04-30 19:41 - 2012-04-30 19:40 - 00000000 ____D C:\Users\User\AppData\Local\{6D9F56D4-B2E4-486F-B0C5-A1A890D48001}
2012-04-28 22:20 - 2012-04-28 22:20 - 00000000 ____D C:\Users\User\AppData\Local\{5CEFAC8B-5FC2-41E6-91A8-EC08F60FDDF9}
2012-04-28 22:20 - 2012-04-28 22:20 - 00000000 ____D C:\Users\User\AppData\Local\{22773740-12AE-448D-9B32-AD1EDA25D943}
2012-04-28 09:03 - 2012-04-28 09:03 - 02586616 ____A C:\Users\User\Desktop\Motorcycle2.jpg
2012-04-28 09:02 - 2012-04-28 09:02 - 02600454 ____A C:\Users\User\Desktop\Motorcycle1.jpg
2012-04-28 08:58 - 2012-04-28 08:58 - 00000000 ____D C:\Users\User\AppData\Local\{4ECE2200-9E88-49A1-A987-3017ADA23CF8}
2012-04-28 08:58 - 2012-04-28 08:57 - 00000000 ____D C:\Users\User\AppData\Local\{EBF4E741-DB65-4441-808C-EE3E310459DD}
2012-04-28 08:38 - 2012-04-28 08:38 - 00000000 ____D C:\Users\User\AppData\Local\{4B96B202-FDBC-4511-AF4E-D93B414FAF47}
2012-04-28 08:38 - 2012-04-28 08:38 - 00000000 ____D C:\Users\User\AppData\Local\{43C8BF12-3357-4230-BCFB-EAA830148E5F}
2012-04-27 21:44 - 2012-04-27 21:44 - 00000000 ____D C:\Users\User\AppData\Local\{F62B7AFB-A660-4966-B4F2-E4716A98802A}
2012-04-27 21:44 - 2012-04-27 21:44 - 00000000 ____D C:\Users\User\AppData\Local\{E796D2FF-CACA-40E1-83CA-EBCB4A3780F5}
2012-04-25 21:19 - 2012-04-25 21:19 - 00000000 ____D C:\Users\User\AppData\Local\{92D4C640-CF20-4584-B29A-50036AB704EA}
2012-04-25 21:19 - 2012-04-25 21:19 - 00000000 ____D C:\Users\User\AppData\Local\{77F05764-78AF-4FF0-BE78-B20C326D5F43}
2012-04-25 20:51 - 2012-04-25 20:51 - 00000000 ____D C:\Users\User\AppData\Local\{BF4A43FB-3177-498C-BD6B-76D98641306B}
2012-04-25 20:51 - 2012-04-25 20:51 - 00000000 ____D C:\Users\User\AppData\Local\{2E5AE036-F73C-4D11-866E-5FBC20F62619}
2012-04-25 20:50 - 2012-04-25 20:50 - 00008576 ____A C:\Users\User\Desktop\Zappos_com UPS Return Label.htm
2012-04-25 20:50 - 2012-04-25 20:50 - 00000000 ____D C:\Users\User\Desktop\Zappos_com UPS Return Label_files
2012-04-25 20:47 - 2012-04-25 20:47 - 00000000 ____D C:\Users\User\AppData\Local\{88B4964B-3B0B-4AB1-9BDF-EF4B965737F6}
2012-04-25 20:47 - 2012-04-25 20:47 - 00000000 ____D C:\Users\User\AppData\Local\{0A5DFA74-A076-4581-82ED-427AE7308D2D}
2012-04-25 19:03 - 2012-04-25 19:03 - 00000000 ____D C:\Users\User\AppData\Local\{C8731582-BC54-4531-A5FB-C940D847C161}
2012-04-25 19:03 - 2012-04-25 19:03 - 00000000 ____D C:\Users\User\AppData\Local\{8EF97793-6DD0-440A-ABD1-C89A4116B8E7}
2012-04-24 22:20 - 2012-04-24 22:20 - 00000000 ____D C:\Users\User\AppData\Local\{55AACCD6-064C-438A-A179-EBC681ED0D4C}
2012-04-24 21:42 - 2012-04-24 21:42 - 00000000 ____D C:\Users\User\AppData\Local\{ECC7F273-748B-48CF-A978-A987CBB4C886}
2012-04-24 21:42 - 2012-04-24 21:42 - 00000000 ____D C:\Users\User\AppData\Local\{4C0028D5-398C-4EF2-AA75-70677DD6FD92}
2012-04-24 19:19 - 2012-04-24 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{D4476D54-D63A-4E00-8B4D-56209B68E3FD}
2012-04-24 19:19 - 2012-04-24 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{AD8335EA-77AF-4B7E-859E-B4FAB655459E}
2012-04-23 21:35 - 2012-04-23 21:35 - 00000000 ____D C:\Users\User\AppData\Local\{13BAAC3B-147A-4ABE-B08C-E108E0B25612}
2012-04-23 21:35 - 2012-04-23 21:35 - 00000000 ____D C:\Users\User\AppData\Local\{00A10A20-CB49-40D4-9254-D01F75466D95}
2012-04-23 21:03 - 2012-04-23 21:03 - 00000000 ____D C:\Users\User\AppData\Local\{9D84E6BB-CE7F-45B4-A4B1-92F918F0E3D8}
2012-04-23 21:03 - 2012-04-23 21:03 - 00000000 ____D C:\Users\User\AppData\Local\{77915769-267E-4ABF-9983-58FC3044492C}
2012-04-23 20:45 - 2012-04-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\{09F9DC69-63B0-499C-A526-EBA3D1327091}
2012-04-23 20:45 - 2012-04-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\{06934D78-57F2-45A4-BBAD-C92A0E2B5642}
2012-04-23 20:29 - 2012-04-23 20:28 - 00000000 ____D C:\Users\User\AppData\Local\{4B7D57FA-8176-4537-AFFC-98F9E50D2BE1}
2012-04-23 20:28 - 2012-04-23 20:28 - 00000000 ____D C:\Users\User\AppData\Local\{57DC2614-AA1F-4D43-A63E-E9F0E8E1088C}
2012-04-23 20:18 - 2012-04-23 20:18 - 00000000 ____D C:\Users\User\AppData\Local\{417821D8-8288-4403-AFF7-2E27902613FD}
2012-04-23 20:18 - 2012-04-23 20:18 - 00000000 ____D C:\Users\User\AppData\Local\{3AF9803A-D7EE-45C8-8FE9-E853D86478B4}
2012-04-23 18:53 - 2012-04-23 18:53 - 00000000 ____D C:\Users\User\AppData\Local\{CC5B9C57-7339-4FEC-8876-349DD60F03B5}
2012-04-23 18:53 - 2012-04-23 18:53 - 00000000 ____D C:\Users\User\AppData\Local\{49857F62-C9BE-4886-AA98-3548989DCEC8}
2012-04-23 18:35 - 2012-04-23 18:35 - 00000000 ____D C:\Users\All Users\Symantec
2012-04-22 21:25 - 2012-04-22 21:25 - 00000000 ____D C:\Users\User\AppData\Local\{A6E66B4B-BA5F-4068-BBFA-B4CC06DDA028}
2012-04-22 21:25 - 2012-04-22 21:25 - 00000000 ____D C:\Users\User\AppData\Local\{6A189963-C014-4300-9A0C-F28DDFDAB835}
2012-04-22 20:48 - 2012-04-22 20:48 - 00000000 ____D C:\Users\User\AppData\Local\{995313DD-57B2-40EE-BA56-ABED1E642241}
2012-04-22 20:48 - 2012-04-22 20:47 - 00000000 ____D C:\Users\User\AppData\Local\{9E1A2DBE-C487-4585-9D23-CAC4BB811436}
2012-04-22 15:34 - 2012-04-22 15:34 - 00000000 ____D C:\Users\User\AppData\Local\{EBFDD77F-D3FF-44C8-A5AD-D08B1AF0DF52}
2012-04-22 15:34 - 2012-04-22 15:34 - 00000000 ____D C:\Users\User\AppData\Local\{A7F5FDE9-A285-4388-A79E-8E9325ECD96B}
2012-04-22 10:33 - 2012-04-22 10:33 - 00000000 ____D C:\Users\User\AppData\Local\{F7FB3DD9-525E-47D6-834C-29FF79520DD5}
2012-04-22 10:33 - 2012-04-22 10:33 - 00000000 ____D C:\Users\User\AppData\Local\{79240A10-6232-4F20-888A-08F86A3DE24C}
2012-04-21 15:29 - 2012-04-21 15:29 - 00000000 ____D C:\Users\User\AppData\Local\{ECA70B80-EB9B-4334-9791-7A83D20FC007}
2012-04-21 15:29 - 2012-04-21 15:28 - 00000000 ____D C:\Users\User\AppData\Local\{D4E4CFEE-19CF-43D7-98CE-21D12D7CBACD}
2012-04-19 22:01 - 2012-04-19 22:01 - 00000000 ____D C:\Users\User\AppData\Local\{70C98239-AE11-44CA-8E79-5478D93DF7E1}
2012-04-19 22:01 - 2012-04-19 22:01 - 00000000 ____D C:\Users\User\AppData\Local\{5697B072-4E75-4590-ABAF-A4B505353493}
2012-04-19 19:04 - 2012-04-19 19:04 - 00000000 ____D C:\Users\User\AppData\Local\{F108789A-3E18-44BD-9296-E6D6FF535130}
2012-04-19 19:04 - 2012-04-19 19:04 - 00000000 ____D C:\Users\User\AppData\Local\{CB55106B-78F8-41DC-B87E-2B73E4EBC7FE}
2012-04-17 06:16 - 2012-04-17 06:15 - 00000000 ____D C:\Users\User\AppData\Local\{7AC702AF-427A-4EDF-BD9C-C4C9077C570B}
2012-04-15 19:54 - 2012-04-15 19:54 - 00000000 ____D C:\Users\User\AppData\Local\{F3D56CBE-F87B-41B0-B3A5-9459B6F11C01}
2012-04-15 19:54 - 2012-04-15 19:54 - 00000000 ____D C:\Users\User\AppData\Local\{EF5B90C8-D3C6-46FD-AD07-A9947F7AABC1}
2012-04-15 11:03 - 2012-04-15 11:03 - 00000000 ____D C:\Users\User\AppData\Local\{728E297F-B8DE-4E4E-9F01-D118AEE71A55}
2012-04-15 11:03 - 2011-11-25 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2012-04-12 19:09 - 2012-04-12 19:08 - 00000000 ____D C:\Users\User\AppData\Local\{395FB587-C5ED-486F-8B71-458C4D34B7D2}
2012-04-11 21:04 - 2012-04-11 21:03 - 00000000 ____D C:\Users\User\AppData\Local\{71395694-D50D-449A-8A88-7CBF4CEB5404}
2012-04-10 20:47 - 2012-04-10 20:47 - 00000000 ____D C:\Users\User\AppData\Local\{F48CC920-8E82-4793-A58A-5B517B6873A4}
2012-04-07 21:02 - 2012-04-07 21:01 - 00000000 ____D C:\Users\User\AppData\Local\{40027805-626E-4943-9FAF-33D0754C9398}
2012-04-07 08:29 - 2012-04-07 08:28 - 00000000 ____D C:\Users\User\AppData\Local\{B57F932C-D9AE-4800-B8E6-18027A2F8028}
2012-04-06 19:59 - 2012-04-06 19:58 - 00000000 ____D C:\Users\User\AppData\Local\{CA788F06-9471-4C91-83E6-AC6B3EC29AE1}
2012-04-05 20:02 - 2012-04-05 20:02 - 00000000 ____D C:\Users\User\AppData\Local\{592FBDE0-F815-4C8D-805D-BA36F097AC3A}
2012-04-04 22:18 - 2012-04-04 22:18 - 00000000 ____D C:\Users\User\AppData\Local\{6A3BCA32-CC77-4179-869F-75513D75ECE7}
2012-04-04 15:56 - 2012-06-10 21:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 19:18 - 2012-04-02 19:18 - 00000000 ____D C:\Users\User\AppData\Local\{76557AC7-8FE8-408D-A287-46035255B716}
2012-04-01 19:50 - 2012-04-01 19:50 - 00000000 ____D C:\Users\User\AppData\Local\{B344CF6E-9611-4CE2-8F8F-CC7664F44C3B}
2012-04-01 07:25 - 2012-04-01 07:25 - 00000000 ____D C:\Users\User\AppData\Local\{BE1EB9D4-8E61-483A-A47D-4D8AAB8A110A}
2012-03-31 02:05 - 2012-05-10 18:37 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 00:39 - 2012-05-10 18:37 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-31 00:39 - 2012-05-10 18:37 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 23:10 - 2012-05-10 18:37 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 20:38 - 2012-03-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\{D7A2E46A-3174-4667-A440-43DA6803AE15}
2012-03-30 07:35 - 2012-05-10 18:36 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 21:49 - 2012-03-29 21:49 - 02759882 ____A C:\Users\User\Desktop\7tipsToSuccess.pdf
2012-03-29 21:31 - 2012-03-29 21:31 - 00000000 ____D C:\Users\User\AppData\Local\{3C704C1E-C693-4B10-9ED8-1D609B343607}
2012-03-28 19:51 - 2012-03-28 19:51 - 00000000 ____D C:\Users\User\AppData\Local\{D4D64884-4A55-4822-A115-F61B3D1F8A24}
2012-03-28 19:51 - 2012-03-28 19:51 - 00000000 ____D C:\Users\User\AppData\Local\{5C187546-CEAE-4D95-A630-5C7F519183A7}
2012-03-27 20:14 - 2012-03-27 20:13 - 00000000 ____D C:\Users\User\AppData\Local\{866A68AC-4AF9-4DCE-965E-7052BB7ECDC4}
2012-03-27 20:13 - 2012-03-27 20:13 - 00000000 ____D C:\Users\User\AppData\Local\{8E0973AE-F824-4AAC-A3DC-560F72C64107}
2012-03-26 20:17 - 2012-03-26 20:17 - 00000000 ____D C:\Users\User\AppData\Local\{3D6B1D58-504D-4D04-95BE-3E30B0D1B507}
2012-03-26 20:17 - 2012-03-26 20:16 - 00000000 ____D C:\Users\User\AppData\Local\{4548A43D-B81F-415E-AAD0-A542E1113694}
2012-03-25 20:53 - 2012-03-25 20:53 - 00000000 ____D C:\Users\User\AppData\Local\{DD12EEDC-B21F-48E2-864D-939E2E25D195}
2012-03-25 20:53 - 2012-03-25 20:53 - 00000000 ____D C:\Users\User\AppData\Local\{D2A22418-CCBB-4E90-AD0D-59CC0C99D095}
2012-03-25 08:35 - 2012-03-25 08:35 - 00000000 ____D C:\Users\User\AppData\Local\{7F4D3F41-9FBB-4321-8DA4-472C09F7892A}
2012-03-25 08:35 - 2012-03-25 08:35 - 00000000 ____D C:\Users\User\AppData\Local\{438220A4-532F-40E4-8D8C-6EC2FBD5731C}
2012-03-24 15:04 - 2012-03-24 15:03 - 00000000 ____D C:\Users\User\AppData\Local\{D5C13D83-E364-4D7B-AE46-A62032443CC0}
2012-03-24 15:03 - 2012-03-24 15:03 - 00000000 ____D C:\Users\User\AppData\Local\{5E20C968-AD95-4AE9-A077-1E7698E252B1}
2012-03-23 19:27 - 2012-03-23 19:27 - 00000000 ____D C:\Users\User\AppData\Local\{9C1E85A9-ECDB-4DCE-A9CD-9BB62B6B5DA0}
2012-03-23 19:27 - 2012-03-23 19:27 - 00000000 ____D C:\Users\User\AppData\Local\{3ABA4D3C-3239-4E77-8F7C-7D9E6C1DFB58}
2012-03-22 19:20 - 2012-03-22 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{E37AA7AF-164C-4798-99D3-956859B82504}
2012-03-22 19:19 - 2012-03-22 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{67996E08-D817-48CB-A83F-27C38C5F9439}
2012-03-21 18:53 - 2012-03-21 18:53 - 00000000 ____D C:\Users\User\AppData\Local\{4EBDC34E-1612-4912-BA01-525B3B38DEEA}
2012-03-21 18:52 - 2012-03-21 18:52 - 00000000 ____D C:\Users\User\AppData\Local\{148B237D-D8AB-43CD-9DCE-3EFBA96F1B26}
2012-03-20 20:44 - 2012-03-20 20:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 20:44 - 2012-03-20 20:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 18:56 - 2012-03-20 18:55 - 00000000 ____D C:\Users\User\AppData\Local\{58CB87BC-D9B2-49D7-B481-184A8EBE9D7B}
2012-03-20 18:55 - 2012-03-20 18:55 - 00000000 ____D C:\Users\User\AppData\Local\{3EE1183A-E183-48D7-AF7F-BCBBCDE7F800}
2012-03-19 20:02 - 2012-03-19 20:02 - 00000000 ____D C:\Users\User\AppData\Local\{97DBF55B-247C-4372-8303-A17BB2CF5867}
2012-03-19 20:02 - 2012-03-19 20:02 - 00000000 ____D C:\Users\User\AppData\Local\{1CFFAFE2-AAF4-42A3-AB2E-7D4954909E06}
2012-03-18 22:08 - 2012-03-18 22:08 - 00000000 ____D C:\Users\User\AppData\Local\{D9541C59-27CA-4A1C-B3F7-2C551E398C36}
2012-03-18 22:08 - 2012-03-18 22:08 - 00000000 ____D C:\Users\User\AppData\Local\{C13162EF-165A-414E-99FC-3A0EF9E86CB6}
2012-03-18 21:35 - 2012-03-18 21:35 - 00000000 ____D C:\Users\User\AppData\Local\{A6F5E5F8-CC8E-4DC5-96DF-54176A1AB9B0}
2012-03-18 21:35 - 2012-03-18 21:35 - 00000000 ____D C:\Users\User\AppData\Local\{8399BCFC-9D64-49AE-AD66-E6C22C8FFBAF}
2012-03-17 23:30 - 2012-03-17 23:30 - 00000000 ____D C:\Users\User\AppData\Local\{89952C09-7228-430E-884B-7F43BDA668F2}
2012-03-17 23:30 - 2012-03-17 23:29 - 00000000 ____D C:\Users\User\AppData\Local\{8661F80D-A496-44E2-A3A2-798A537AC64B}
2012-03-17 15:06 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF
2012-03-17 08:32 - 2012-03-17 08:32 - 00000000 ____D C:\Users\User\AppData\Local\{F34D3D02-7C2E-4B9C-B598-FE3573CBEC12}
2012-03-17 08:32 - 2012-03-17 08:32 - 00000000 ____D C:\Users\User\AppData\Local\{7907D397-B6AC-474D-B916-3D6D86AC4E94}
2012-03-17 03:58 - 2012-05-10 18:36 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 07:46 - 2012-03-16 07:46 - 00000000 ____D C:\Users\User\AppData\Local\{9E523936-B949-4072-835A-7E70AC9FD13C}
2012-03-16 07:46 - 2012-03-16 07:46 - 00000000 ____D C:\Users\User\AppData\Local\{3819FBF6-0F6E-409C-B3EA-250B06B99507}
2012-03-16 06:37 - 2012-03-14 20:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Ekmeu
2012-03-16 06:06 - 2012-03-14 20:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Seneqo
2012-03-15 19:39 - 2012-03-15 19:38 - 00000000 ____D C:\Users\User\AppData\Local\{1B670022-A53D-4AF9-9255-069A87392A1C}
2012-03-15 19:38 - 2012-03-15 19:38 - 00000000 ____D C:\Users\User\AppData\Local\{253544B8-8B01-4FEF-B02F-1AB9CB9E4929}
2012-03-14 20:31 - 2012-03-14 20:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Atme
2012-03-14 20:05 - 2012-03-14 20:05 - 00000000 ____D C:\Users\User\AppData\Local\{309BE847-8D53-425A-9913-9B1F99081D60}
2012-03-14 20:05 - 2012-03-14 20:05 - 00000000 ____D C:\Users\User\AppData\Local\{199235C3-7AF1-479D-BC41-AC05A3F1AF9D}
2012-03-13 19:08 - 2012-03-13 19:08 - 00000000 ____D C:\Users\User\AppData\Local\{F92890F1-B648-4FED-BE87-9F1C25AD199C}
2012-03-13 19:08 - 2012-03-13 19:08 - 00000000 ____D C:\Users\User\AppData\Local\{D343412E-6836-45B4-8398-22B95AA864E6}

ZeroAccess:
C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}
C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}\@
C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}\L
C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}\n
C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}\U

ZeroAccess:
C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff}
C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff}\@
C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff}\L
C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-08-01 03:21] - [2011-03-01 04:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\SysWOW64\svchost.exe
[2011-08-01 03:22] - [2011-03-01 04:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe
[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-08-01 03:17] - [2011-02-25 02:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 25%
Total physical RAM: 4043.86 MB
Available physical RAM: 3000.3 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 6984.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: (TI106234W0C) (Fixed) (Total:449.77 GB) (Free:407.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]

DiskPart has encountered an error: The RPC server is unavailable.
See the System Event Log for more information.


==========================================================

Last Boot: 2012-03-20 21:23

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 AM

Posted 10 June 2012 - 11:49 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Paladin41us

Paladin41us
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 11 June 2012 - 06:05 AM

Thanks for the quick response Gringo here is a copy of the requested log.

Thank you!

Scan result of Farbar Recovery Scan Tool Version: 10-06-2012 03
Ran by SYSTEM at 11-06-2012 06:20:05
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

==================== Services (Whitelisted) ======

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe /s [135608 2012-02-20] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 [132984 2011-07-19] (Symantec Corporation)
3 PLAVService; "C:\Program Files (x86)\Common Files\PLAV\PLAVservice.exe" [601008 2012-02-07] (ParetoLogic Inc.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 kl1; C:\Windows\System32\Drivers\kl1.sys [460888 2010-08-09] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [354320 2010-05-28] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [27736 2010-08-09] (Kaspersky Lab ZAO)
3 QIOMem; C:\Windows\System32\Drivers\QIOMem.sys [12800 2009-06-15] (TOSHIBA)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [250984 2010-12-01] (Realtek Semiconductor Corp.)
3 RSUSBVSTOR; C:\Windows\System32\Drivers\RTSUVSTOR.sys [307304 2011-07-08] (Realtek Semiconductor Corp.)
3 RTL8192Ce; C:\Windows\System32\Drivers\RTL8192Ce.sys [1109096 2011-01-05] (Realtek Semiconductor Corporation )
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-10 17:16 - 2012-06-11 06:20 - 00000000 ____D C:\FRST
2012-06-10 17:16 - 2012-06-10 17:16 - 00070695 ____A C:\Users\User\Desktop\FRST.txt
2012-06-10 17:08 - 2012-06-10 17:08 - 00001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-10 17:08 - 2012-04-04 11:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-10 17:07 - 2012-06-10 16:43 - 01401619 ____A C:\Users\User\Desktop\FRST64.exe
2012-06-10 17:06 - 2012-06-10 16:55 - 00397451 ____A C:\Users\User\Desktop\MiniToolBox.exe
2012-06-10 17:06 - 2012-06-10 16:53 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
2012-06-10 15:12 - 2012-06-10 15:13 - 00000466 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-06-10 15:12 - 2012-06-10 15:13 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job
2012-06-10 15:12 - 2012-06-10 15:13 - 00000440 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-06-10 15:12 - 2012-06-10 15:13 - 00000420 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
2012-06-10 15:12 - 2012-06-10 15:12 - 00001101 ____A C:\Users\Public\Desktop\ParetoLogic Anti-Virus PLUS.lnk
2012-06-10 15:12 - 2012-06-10 15:12 - 00000000 ____D C:\Users\All Users\PLAV
2012-06-10 15:12 - 2012-06-10 15:12 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-06-10 15:04 - 2012-06-10 15:04 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS
2012-06-10 15:04 - 2012-06-10 15:04 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2012-06-10 15:01 - 2012-06-10 15:22 - 00005416 ____A C:\Users\User\Desktop\yorkyt.exe.log
2012-06-10 14:59 - 2012-06-10 13:21 - 72482336 ____A (Microsoft Corporation) C:\Users\User\Desktop\msert.exe
2012-06-10 14:59 - 2012-06-10 11:57 - 01415784 ____A C:\Users\User\Desktop\yorkyt.exe
2012-06-10 14:58 - 2012-06-10 13:37 - 08871304 ____A (ParetoLogic Inc.) C:\Users\User\Desktop\Pareto_AV_Setup_RW.exe
2012-06-10 12:07 - 2012-06-10 12:39 - 00222230 ____A C:\Users\User\Desktop\yorkyt (1).exe.log
2012-06-10 11:53 - 2012-06-10 11:53 - 01415784 ____A C:\Users\User\Downloads\yorkyt.exe
2012-06-10 11:26 - 2012-06-10 11:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-10 11:26 - 2012-06-10 11:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-10 11:25 - 2012-06-10 11:26 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall (1).exe
2012-06-10 11:20 - 2012-06-10 11:21 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall.exe
2012-06-10 11:16 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120610-151658.backup
2012-06-10 11:07 - 2012-06-10 11:16 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-10 11:07 - 2012-06-10 11:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-10 11:07 - 2012-06-10 11:07 - 00001233 ____A C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
2012-06-10 11:06 - 2012-06-10 11:06 - 16409960 ____A (Safer Networking Limited ) C:\Users\User\Downloads\spybotsd162.exe
2012-06-10 10:56 - 2012-06-10 10:56 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-10 10:53 - 2012-06-10 10:53 - 00001105 ____A C:\Users\User\Desktop\Live Security Platinum.lnk
2012-06-10 10:51 - 2012-06-10 11:02 - 00000000 ____D C:\Users\All Users\B7E858A7000083BB0004264BB4EB2367
2012-06-10 07:08 - 2012-06-10 07:09 - 00000000 ____D C:\Users\User\AppData\Local\{656304E9-C9F1-4B76-8255-B7D130770D10}
2012-06-10 07:08 - 2012-06-10 07:08 - 00000000 ____D C:\Users\User\AppData\Local\{702DF959-F11A-44A0-9E41-C334774BD21B}
2012-06-10 04:14 - 2012-06-10 04:14 - 00000000 ____D C:\Users\User\AppData\Local\{75D15F78-5D8B-40C3-9C5D-2AEA91FC815C}
2012-06-10 04:13 - 2012-06-10 04:14 - 00000000 ____D C:\Users\User\AppData\Local\{DAA3DB5B-047B-432A-AEBF-EB6D868F2FEA}
2012-06-09 17:50 - 2012-06-09 17:50 - 00000000 ____D C:\Users\User\AppData\Local\{90C7D4A3-5EC4-4F0E-979F-C8FFA292F7E6}
2012-06-09 12:47 - 2012-06-09 12:47 - 00000000 ____D C:\Users\User\AppData\Local\{354BCC9B-92AA-4FE0-B64E-0359040A919B}
2012-06-09 12:46 - 2012-06-09 12:47 - 00000000 ____D C:\Users\User\AppData\Local\{DCD61D25-6012-474B-8848-522602CB798F}
2012-06-09 12:29 - 2012-06-09 12:29 - 00000000 ____D C:\Users\User\AppData\Local\{B6E400F5-10B9-446D-95C7-39A127F47EFE}
2012-06-09 12:29 - 2012-06-09 12:29 - 00000000 ____D C:\Users\User\AppData\Local\{6826CE32-2001-464D-BD5A-167FCECAD8CB}
2012-06-09 12:25 - 2012-06-09 12:25 - 00000000 ____D C:\Users\User\AppData\Local\{E1FC788D-F3B4-49C6-930A-5CBD65723FFF}
2012-06-09 12:25 - 2012-06-09 12:25 - 00000000 ____D C:\Users\User\AppData\Local\{7792CECC-A088-42FC-92BF-0AD58C2525AC}
2012-06-09 10:43 - 2012-06-09 10:43 - 00000000 ____D C:\Users\User\AppData\Local\{5DA60556-6A0D-4C91-87AE-1041AA420017}
2012-06-09 10:43 - 2012-06-09 10:43 - 00000000 ____D C:\Users\User\AppData\Local\{269576A9-26F5-46FB-80F8-744137ABE13E}
2012-06-09 04:45 - 2012-06-09 04:45 - 00000000 ____D C:\Users\User\AppData\Local\{94AF2EA8-98E4-43CF-B31D-E7C05B666339}
2012-06-09 04:45 - 2012-06-09 04:45 - 00000000 ____D C:\Users\User\AppData\Local\{49B0FC0E-F50F-4068-8E14-801DFECE62E8}
2012-06-09 03:38 - 2012-06-09 03:38 - 00000000 ____D C:\Users\User\AppData\Local\{8D3B58C8-004A-4AF8-AB21-43151FBCE24B}
2012-06-09 03:38 - 2012-06-09 03:38 - 00000000 ____D C:\Users\User\AppData\Local\{59F68412-DBBC-474C-8524-5F408698BA6C}
2012-06-08 02:09 - 2012-06-08 02:09 - 00000000 ____D C:\Users\User\AppData\Local\{D73885EA-C215-4DC4-8411-9F61C76CC0EC}
2012-06-08 02:09 - 2012-06-08 02:09 - 00000000 ____D C:\Users\User\AppData\Local\{BD523A12-96B0-4788-B178-24E713F305DC}
2012-06-08 01:57 - 2012-06-08 01:58 - 00000000 ____D C:\Users\User\AppData\Local\{B9046C08-5BBB-4D12-941A-0FE02863F63D}
2012-06-08 01:57 - 2012-06-08 01:57 - 00000000 ____D C:\Users\User\AppData\Local\{8E7DC8FE-9417-4C3E-84AB-1A5A5AEF4EA7}
2012-06-07 16:37 - 2012-06-07 16:37 - 00000000 ____D C:\Users\User\AppData\Local\{A967786D-A61F-4E31-BC56-D4CF12D89FDB}
2012-06-07 16:36 - 2012-06-07 16:37 - 00000000 ____D C:\Users\User\AppData\Local\{4EE44B9B-CDB7-4448-914D-37F8DF3FEF5D}
2012-06-06 16:07 - 2012-06-06 16:08 - 00000000 ____D C:\Users\User\AppData\Local\{C60AC161-9F88-4E42-B34A-6FC3E969801D}
2012-06-06 16:07 - 2012-06-06 16:07 - 00000000 ____D C:\Users\User\AppData\Local\{E35DB8F0-FEB9-42D0-A496-A141F6CAD7C0}
2012-06-06 15:40 - 2012-06-06 15:40 - 00000000 ____D C:\Users\User\AppData\Local\{E4D1E5E3-0D15-40F3-9897-F57828CB24B7}
2012-06-06 15:40 - 2012-06-06 15:40 - 00000000 ____D C:\Users\User\AppData\Local\{129F5979-C355-42D9-8EFD-B657AE8C49AF}
2012-06-05 15:25 - 2012-06-05 15:25 - 00000000 ____D C:\Users\User\AppData\Local\{EFF4D235-314A-415F-821D-E360872C6AEA}
2012-06-05 15:24 - 2012-06-05 15:25 - 00000000 ____D C:\Users\User\AppData\Local\{C617299D-F78D-4B60-B43A-CC5EFB65F8DD}
2012-06-04 14:48 - 2012-06-04 14:48 - 00000000 ____D C:\Users\User\AppData\Local\{A15B4770-CC64-4952-A5D8-7DE1A7D290E0}
2012-06-04 14:48 - 2012-06-04 14:48 - 00000000 ____D C:\Users\User\AppData\Local\{879C0F97-339B-4623-AF63-81C3AA6C2898}
2012-06-03 05:07 - 2012-06-03 05:07 - 00000000 ____D C:\Users\User\AppData\Local\{DB2CBF87-5718-4F23-8FE6-008B90E40A49}
2012-06-03 05:06 - 2012-06-03 05:07 - 00000000 ____D C:\Users\User\AppData\Local\{828461BE-6580-495F-A02A-DEECDA258E19}
2012-06-03 03:58 - 2012-06-03 03:58 - 00034985 ____A C:\Users\User\Desktop\thegirls.jpg
2012-06-03 03:54 - 2012-06-03 03:55 - 00000000 ____D C:\Users\User\AppData\Local\{60F9B293-0A6C-4626-B9D9-0C2937E0F728}
2012-06-03 03:54 - 2012-06-03 03:54 - 00000000 ____D C:\Users\User\AppData\Local\{11B4D79D-018D-4CB6-9F1B-F4FE17AD03DF}
2012-06-01 19:19 - 2012-06-01 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{4DA8A63D-609A-4145-817B-43FF73007518}
2012-06-01 19:19 - 2012-06-01 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{4CBA1359-9AE0-4788-B424-1FE3294F8B15}
2012-06-01 16:10 - 2012-06-01 16:10 - 00000000 ____D C:\Users\User\AppData\Local\{B2EE8BDA-BA33-4159-A937-C391315C84E7}
2012-06-01 16:10 - 2012-06-01 16:10 - 00000000 ____D C:\Users\User\AppData\Local\{A3179F6D-23D2-4CBB-92FC-3D6B5FEEF029}
2012-06-01 16:03 - 2012-06-01 16:03 - 00153607 ____A C:\Users\User\Desktop\FromGeorgia.jpg
2012-06-01 15:52 - 2012-06-01 15:52 - 00000000 ____D C:\Users\User\AppData\Local\{3F2DFE81-441D-42CE-A7A7-A04D6184AEEE}
2012-06-01 15:52 - 2012-06-01 15:52 - 00000000 ____D C:\Users\User\AppData\Local\{07A244F2-8DB1-4CAC-9C18-1F36554B6478}
2012-06-01 01:45 - 2012-06-01 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{BA284B7B-0C1F-4FB0-ACEE-7822282DE5A0}
2012-06-01 01:45 - 2012-06-01 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{09305791-5F03-400F-BF7C-11E19DB6B4FD}
2012-05-30 14:40 - 2012-05-30 14:41 - 00000000 ____D C:\Users\User\AppData\Local\{F10503E3-D7C8-407D-A044-1DBED6A102AF}
2012-05-30 14:40 - 2012-05-30 14:40 - 00000000 ____D C:\Users\User\AppData\Local\{29467DBC-225F-43FE-BA91-76F64A595D40}
2012-05-29 16:42 - 2012-05-29 16:42 - 00000000 ____D C:\Users\User\AppData\Local\{E7160952-2B59-48EF-A826-C7FC45480574}
2012-05-29 16:42 - 2012-05-29 16:42 - 00000000 ____D C:\Users\User\AppData\Local\{15F4BF96-9DDC-4888-9287-B484A961CB2E}
2012-05-29 16:41 - 2012-05-29 16:41 - 00000000 ____D C:\Users\User\AppData\Local\{C31C2A78-9A90-43EE-9466-37B946B4027F}
2012-05-29 16:38 - 2012-05-29 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{D51F39CF-2273-4077-A6C5-F54F190CDFB6}
2012-05-29 16:38 - 2012-05-29 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{2907DE38-5BAC-4B95-8020-20303AC32EA2}
2012-05-29 16:37 - 2012-05-29 16:40 - 02015708 ____A C:\Users\User\Desktop\2012regform.pdf
2012-05-29 15:48 - 2012-05-29 15:48 - 00000000 ____D C:\Users\User\AppData\Local\{15666D4F-CAFB-4E2B-BF33-07AA9CD3F192}
2012-05-29 15:47 - 2012-05-29 15:48 - 00000000 ____D C:\Users\User\AppData\Local\{3DE904DE-9218-448B-83E9-667DC12EB62E}
2012-05-28 17:47 - 2012-05-28 17:47 - 00000000 ____D C:\Users\User\AppData\Local\{8E44C577-00CC-4531-A99C-D72897E67E0D}
2012-05-28 08:02 - 2012-05-28 08:03 - 00000000 ____D C:\Users\User\AppData\Local\{D9093B92-3324-4799-BAA1-A22E9D83674D}
2012-05-28 08:02 - 2012-05-28 08:02 - 00000000 ____D C:\Users\User\AppData\Local\{C5218768-C64A-4323-9381-B4BDB07FCB13}
2012-05-28 07:53 - 2012-05-28 07:53 - 03491786 ____A C:\Users\User\Desktop\Velux-TGF-TMF-Flexible-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 07:49 - 2012-05-28 07:49 - 03346754 ____A C:\Users\User\Desktop\Velux-TGR-TMR-Rigid-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 03:21 - 2012-05-28 03:21 - 00000000 ____D C:\Users\User\AppData\Local\{ED1ED981-517A-49DD-94EF-975DC8283D76}
2012-05-28 03:20 - 2012-05-28 03:21 - 00000000 ____D C:\Users\User\AppData\Local\{63124923-D2AE-4C6F-B1B1-A85A1015368F}
2012-05-26 18:51 - 2012-05-26 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{F55E8371-1D37-430B-A26F-21BD942C40A5}
2012-05-26 18:51 - 2012-05-26 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{3876FFAB-EA9B-4D65-9337-A1A440D8D02F}
2012-05-26 08:01 - 2012-05-26 08:01 - 00000000 ____D C:\Users\User\AppData\Local\{602EE7BF-6B4B-4D27-863C-A2973C2C04EB}
2012-05-26 08:01 - 2012-05-26 08:01 - 00000000 ____D C:\Users\User\AppData\Local\{5A9056A5-09BA-4D24-9B1C-8F70D3DDB0D9}
2012-05-26 07:04 - 2012-05-26 07:04 - 00000000 ____D C:\Users\User\AppData\Local\{8280A3A0-BF7F-4474-A026-93E562E97287}
2012-05-26 07:04 - 2012-05-26 07:04 - 00000000 ____D C:\Users\User\AppData\Local\{6F4A8A52-CF9D-4A42-9C3E-AE2C774F5039}
2012-05-26 04:07 - 2012-05-26 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{902DB2A4-B194-4B92-901B-38C60CB37133}
2012-05-26 04:07 - 2012-05-26 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{8D12EE67-9CB7-442D-8958-D7BC666E626A}
2012-05-25 17:46 - 2012-05-25 17:46 - 00000000 ____D C:\Users\User\AppData\Local\{B433D679-2BCA-450B-91E8-017CC9F421FD}
2012-05-25 17:46 - 2012-05-25 17:46 - 00000000 ____D C:\Users\User\AppData\Local\{51D44CD4-091A-4E51-8444-677A83CCF6B5}
2012-05-25 02:17 - 2012-05-25 02:17 - 00000000 ____D C:\Users\User\AppData\Local\{56DB8D77-FCBD-4964-AA68-1C16F2D0C037}
2012-05-25 02:17 - 2012-05-25 02:17 - 00000000 ____D C:\Users\User\AppData\Local\{0F1E141A-9179-453B-8479-30A289D5D95D}
2012-05-25 01:45 - 2012-05-25 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{48AE921E-7ABE-43AF-8CA8-E3EF667F33E9}
2012-05-25 01:44 - 2012-05-25 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{2D80752B-6D9F-460D-BFB0-4892F0F24EB0}
2012-05-25 01:29 - 2012-05-25 01:29 - 00000000 ____D C:\Users\User\AppData\Local\{86632894-5C03-4210-98BC-C245F89D06AC}
2012-05-25 01:28 - 2012-05-25 01:29 - 00000000 ____D C:\Users\User\AppData\Local\{8D4673EE-1B68-4F6A-B2E0-7E8F7FCC4CEC}
2012-05-24 17:00 - 2012-05-24 17:00 - 00000000 ____D C:\Users\User\AppData\Local\{FC960C23-B6A1-4ED6-83CF-B395F865832F}
2012-05-24 17:00 - 2012-05-24 17:00 - 00000000 ____D C:\Users\User\AppData\Local\{E568E6A7-CCA1-4AFA-BDBB-E1BDEF17B901}
2012-05-24 16:04 - 2012-05-24 16:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-05-24 16:03 - 2012-05-24 16:03 - 00060304 ____A C:\Users\User\g2mdlhlpx.exe
2012-05-24 15:59 - 2012-05-24 16:00 - 00000000 ____D C:\Users\User\AppData\Local\{09296A3B-5772-4E46-B046-CECEFFD3A11D}
2012-05-24 15:59 - 2012-05-24 15:59 - 00000000 ____D C:\Users\User\AppData\Local\{B9D2FB60-C951-48AB-9C08-8F90D48150A6}
2012-05-24 15:24 - 2012-05-24 15:24 - 00000000 ____D C:\Users\User\AppData\Local\{4877B114-B393-4AB9-B440-9D97DA2493C3}
2012-05-24 15:24 - 2012-05-24 15:24 - 00000000 ____D C:\Users\User\AppData\Local\{41F7CE39-1B9D-48CC-B45E-1723092F4589}
2012-05-24 14:53 - 2012-05-24 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{94F61BA7-8FF8-4605-9528-B4BE4F6463A7}
2012-05-24 14:53 - 2012-05-24 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{319E84FA-49AC-446F-B751-291D5ADB0E28}
2012-05-24 14:33 - 2012-05-24 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{748AD251-6F0C-4138-B925-E6DF1C4EC95A}
2012-05-24 14:33 - 2012-05-24 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{2B60BBCF-872A-43C5-A54B-5419656A3C11}
2012-05-23 15:32 - 2012-05-23 15:32 - 00000000 ____D C:\Users\User\AppData\Local\{68C8D7D6-80F9-4028-9CBD-561027E6AF0A}
2012-05-23 15:32 - 2012-05-23 15:32 - 00000000 ____D C:\Users\User\AppData\Local\{14902574-9DBD-4182-AD13-1A5248E6A0C7}
2012-05-22 15:53 - 2012-05-22 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{2AB2CC5E-8D2B-4EE6-AE2C-90B9502378BC}
2012-05-22 15:10 - 2012-05-22 15:10 - 00000000 ____D C:\Users\User\AppData\Local\{D52C3204-70FD-4B78-A85E-6377A936FE42}
2012-05-22 15:10 - 2012-05-22 15:10 - 00000000 ____D C:\Users\User\AppData\Local\{72C3F495-FB16-4C39-9C1E-B5FE67B84328}
2012-05-21 19:15 - 2012-05-21 19:15 - 00000000 ____D C:\Users\User\AppData\Local\{B74F0B37-BE7B-48A6-8812-3CA1ED46A528}
2012-05-21 19:15 - 2012-05-21 19:15 - 00000000 ____D C:\Users\User\AppData\Local\{521FF700-BD2A-4639-8CBC-16A8177768A4}
2012-05-21 16:38 - 2012-05-21 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{CDF56A5C-B0DA-450D-AF98-5012DA6CF113}
2012-05-21 16:38 - 2012-05-21 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{36A3FF96-EDE3-4A88-BF5F-8EB8CB4A3742}
2012-05-21 16:35 - 2012-05-21 16:35 - 00000000 ____D C:\Users\User\AppData\Local\{3D31D2F4-6DC4-42D2-B910-0BE7F480E8B8}
2012-05-21 16:35 - 2012-05-21 16:35 - 00000000 ____D C:\Users\User\AppData\Local\{0DDEA96D-7090-4D5F-9AC3-535D52A821A2}
2012-05-21 14:42 - 2012-05-21 14:42 - 00000000 ____D C:\Users\User\AppData\Local\{982FAE18-D8D4-413B-B908-71F229F855F5}
2012-05-21 14:42 - 2012-05-21 14:42 - 00000000 ____D C:\Users\User\AppData\Local\{4E5CDDA0-9893-4F34-BBEC-9260E688AF02}
2012-05-20 18:23 - 2012-05-20 18:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-20 18:23 - 2012-05-20 18:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-20 18:19 - 2012-05-20 18:19 - 00000000 ____D C:\Users\User\AppData\Local\{B1776432-1061-4E86-AA3E-890E8802D0D4}
2012-05-20 18:19 - 2012-05-20 18:19 - 00000000 ____D C:\Users\User\AppData\Local\{68429DA8-C75E-43FB-9081-4FBC9ADDF507}
2012-05-20 17:39 - 2012-05-20 17:39 - 00000000 ____D C:\Users\User\AppData\Local\{D9576DA4-98E7-4AB6-947B-682CFD6DD478}
2012-05-20 17:39 - 2012-05-20 17:39 - 00000000 ____D C:\Users\User\AppData\Local\{00877839-9E8A-4C05-8FDA-00605E0AFAA8}
2012-05-20 05:39 - 2012-05-20 05:40 - 00000000 ____D C:\Users\User\AppData\Local\{6168886D-88D1-4A70-8A1F-55DCB0E12D7B}
2012-05-20 05:39 - 2012-05-20 05:39 - 00000000 ____D C:\Users\User\AppData\Local\{D470E746-1899-4F85-8D2C-039ED7A313B5}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{D9C1EDCA-08C7-4088-8AA4-FF2064819CC4}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{93C7D3EA-E81E-4548-9DCC-4B3C8E0EF7A8}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{41882AF5-F615-4BC9-A2A2-C8A5885FDC3F}
2012-05-19 10:22 - 2012-05-19 10:23 - 00000000 ____D C:\Users\User\AppData\Local\{BEEBDFDA-BE48-4A20-88E6-0105A8CE8F07}
2012-05-19 10:22 - 2012-05-19 10:22 - 00000000 ____D C:\Users\User\AppData\Local\{814C7A71-7A69-4D76-84F7-C269DAE7D65A}
2012-05-19 01:50 - 2012-05-19 01:50 - 00000000 ____D C:\Users\User\AppData\Local\{F85ACC5F-3FC3-478F-BDA2-13B798BA5067}
2012-05-19 01:50 - 2012-05-19 01:50 - 00000000 ____D C:\Users\User\AppData\Local\{6657B0C4-EFEB-4027-86F2-F75A8D82CD47}
2012-05-18 18:51 - 2012-05-18 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{0A1FF414-AC05-426F-A248-9DED8B5876E5}
2012-05-18 18:50 - 2012-05-18 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{0BBBF547-E1A7-410C-97CF-634FB8BAD885}
2012-05-18 17:56 - 2012-05-18 17:56 - 00000000 ____D C:\Users\User\AppData\Local\{BF8DEB56-667D-4298-961E-971D20A3F706}
2012-05-18 15:38 - 2012-05-18 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{BB688C1A-B42F-4EC0-AA31-89039D5A20F9}
2012-05-18 15:38 - 2012-05-18 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{93479405-0632-4773-9FF4-CCFB10D2A909}
2012-05-17 18:50 - 2012-05-17 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{4FF675A4-DF17-4996-A63F-0F4112DAD9D5}
2012-05-17 18:50 - 2012-05-17 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{498A505B-925C-44FB-9CA9-DD6C8BB8CA45}
2012-05-17 14:54 - 2012-05-17 14:54 - 00000000 ____D C:\Users\User\AppData\Local\{78362277-FBD2-49E5-B1D8-5D3022D99A80}
2012-05-17 14:53 - 2012-05-17 14:54 - 00000000 ____D C:\Users\User\AppData\Local\{063FE9C3-7F9B-49D0-AA72-0E2358CBC0C7}
2012-05-17 14:51 - 2012-05-17 14:51 - 00000000 ____D C:\Users\User\AppData\Local\{5F04605E-FD7A-4573-9297-608A80CE236D}
2012-05-17 14:51 - 2012-05-17 14:51 - 00000000 ____D C:\Users\User\AppData\Local\{2A0307F0-0F24-4FD8-9B70-63BF1031B21B}
2012-05-16 18:37 - 2012-05-16 18:37 - 00000000 ____D C:\Users\User\AppData\Local\{F76A9B1E-AC34-43B7-B522-EF98406022CD}
2012-05-16 18:37 - 2012-05-16 18:37 - 00000000 ____D C:\Users\User\AppData\Local\{C0B7163C-A752-48C2-9F26-0C86AC36283F}
2012-05-16 16:01 - 2012-05-16 16:01 - 00000000 ____D C:\Users\User\AppData\Local\{71653197-B68F-40A2-93C3-D689F006037F}
2012-05-16 16:00 - 2012-05-16 16:01 - 00000000 ____D C:\Users\User\AppData\Local\{C561ABEB-F69B-4FF2-A381-EE3A17A6E475}
2012-05-16 15:58 - 2012-05-16 15:58 - 02981723 ____A C:\Users\User\Downloads\004.JPG
2012-05-16 15:53 - 2012-05-16 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{D4F59CAD-5109-41DF-BBB8-D05D182825AB}
2012-05-16 15:53 - 2012-05-16 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{97304BE1-CC11-4E29-B838-A14EBB6AD713}
2012-05-16 15:18 - 2012-05-16 15:18 - 00000000 ____D C:\Users\User\AppData\Local\{EA030AA6-8F13-4DF2-AC4E-FE040D3A413E}
2012-05-16 15:18 - 2012-05-16 15:18 - 00000000 ____D C:\Users\User\AppData\Local\{7D2856E6-A612-4811-9241-9748069E5051}
2012-05-16 14:04 - 2012-05-16 14:04 - 00000000 ____D C:\Users\User\AppData\Local\{99224CB6-03D5-4021-AFBB-01DDA1531928}
2012-05-16 02:29 - 2012-05-16 02:30 - 00000000 ____D C:\Users\User\AppData\Local\{8A12B1F5-8220-4C4E-8623-E1C3FE541284}
2012-05-16 02:29 - 2012-05-16 02:29 - 00000000 ____D C:\Users\User\AppData\Local\{C7339F38-9A54-459A-954D-A0EA8401898B}
2012-05-15 17:52 - 2012-05-15 17:52 - 00000000 ____D C:\Users\User\AppData\Local\{D534A849-5A0F-49C8-A18F-E84E3CC880C3}
2012-05-15 17:52 - 2012-05-15 17:52 - 00000000 ____D C:\Users\User\AppData\Local\{35DBDDDF-8426-4733-AF4B-0B2EBFC30AED}
2012-05-15 16:14 - 2012-05-15 16:14 - 00000000 ____D C:\Users\User\AppData\Local\{23B4120D-138E-47E8-86FB-468632A474AF}
2012-05-15 16:14 - 2012-05-15 16:14 - 00000000 ____D C:\Users\User\AppData\Local\{1D044CFB-D3DE-48BF-8107-1E36D950D11E}
2012-05-15 15:26 - 2012-05-15 15:26 - 00000000 ____D C:\Users\User\AppData\Local\{A1C6D679-B3D9-4C68-AEB4-5DF9629FD2AB}
2012-05-15 15:25 - 2012-05-15 15:26 - 00000000 ____D C:\Users\User\AppData\Local\{6E8EB4EA-480E-4EDF-9FC3-4F230AC6E761}
2012-05-13 08:34 - 2012-05-13 08:34 - 00000000 ____D C:\Users\User\AppData\Local\{60AFE895-E9DD-49B5-A38F-7FEC1A4960DB}
2012-05-13 08:34 - 2012-05-13 08:34 - 00000000 ____D C:\Users\User\AppData\Local\{396EF1D7-8E20-4497-A877-357CC0431554}
2012-05-12 05:51 - 2012-05-12 05:51 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics


============ 3 Months Modified Files and Folders =============

2012-06-11 06:20 - 2012-06-10 17:16 - 00000000 ____D C:\FRST
2012-06-10 18:54 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-10 18:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-10 18:12 - 2011-09-16 06:35 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-10 18:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-10 18:11 - 2009-07-13 20:51 - 00049851 ____A C:\Windows\setupact.log
2012-06-10 17:19 - 2012-06-10 17:19 - 00000695 ____A C:\Users\User\Desktop\Result.txt
2012-06-10 17:16 - 2012-06-10 17:16 - 00070695 ____A C:\Users\User\Desktop\FRST.txt
2012-06-10 17:08 - 2012-06-10 17:08 - 00001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-10 16:55 - 2012-06-10 17:06 - 00397451 ____A C:\Users\User\Desktop\MiniToolBox.exe
2012-06-10 16:53 - 2012-06-10 17:06 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
2012-06-10 16:43 - 2012-06-10 17:07 - 01401619 ____A C:\Users\User\Desktop\FRST64.exe
2012-06-10 15:45 - 2011-09-16 06:35 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-10 15:34 - 2012-04-05 03:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-10 15:22 - 2012-06-10 15:01 - 00005416 ____A C:\Users\User\Desktop\yorkyt.exe.log
2012-06-10 15:13 - 2012-06-10 15:12 - 00000466 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-06-10 15:13 - 2012-06-10 15:12 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job
2012-06-10 15:13 - 2012-06-10 15:12 - 00000440 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-06-10 15:13 - 2012-06-10 15:12 - 00000420 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
2012-06-10 15:12 - 2012-06-10 15:12 - 00001101 ____A C:\Users\Public\Desktop\ParetoLogic Anti-Virus PLUS.lnk
2012-06-10 15:12 - 2012-06-10 15:12 - 00000000 ____D C:\Users\All Users\PLAV
2012-06-10 15:12 - 2012-06-10 15:12 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-06-10 15:04 - 2012-06-10 15:04 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS
2012-06-10 15:04 - 2012-06-10 15:04 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2012-06-10 15:00 - 2009-07-13 21:13 - 00730746 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-10 14:55 - 2011-11-18 12:16 - 00000000 ____D C:\users\User
2012-06-10 14:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-10 13:37 - 2012-06-10 14:58 - 08871304 ____A (ParetoLogic Inc.) C:\Users\User\Desktop\Pareto_AV_Setup_RW.exe
2012-06-10 13:21 - 2012-06-10 14:59 - 72482336 ____A (Microsoft Corporation) C:\Users\User\Desktop\msert.exe
2012-06-10 12:39 - 2012-06-10 12:07 - 00222230 ____A C:\Users\User\Desktop\yorkyt (1).exe.log
2012-06-10 11:57 - 2012-06-10 14:59 - 01415784 ____A C:\Users\User\Desktop\yorkyt.exe
2012-06-10 11:56 - 2009-07-13 21:08 - 00032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-10 11:53 - 2012-06-10 11:53 - 01415784 ____A C:\Users\User\Downloads\yorkyt.exe
2012-06-10 11:28 - 2011-09-16 06:15 - 01260693 ____A C:\Windows\WindowsUpdate.log
2012-06-10 11:27 - 2011-12-03 05:51 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-10 11:26 - 2012-06-10 11:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-10 11:26 - 2012-06-10 11:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-10 11:26 - 2012-06-10 11:25 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall (1).exe
2012-06-10 11:26 - 2011-12-03 05:51 - 00744896 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-10 11:25 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-10 11:25 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-10 11:21 - 2012-06-10 11:20 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall.exe
2012-06-10 11:16 - 2012-06-10 11:07 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-10 11:16 - 2009-07-13 18:34 - 00442883 ____R C:\Windows\System32\Drivers\etc\hosts
2012-06-10 11:08 - 2012-06-10 11:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-10 11:07 - 2012-06-10 11:07 - 00001233 ____A C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
2012-06-10 11:06 - 2012-06-10 11:06 - 16409960 ____A (Safer Networking Limited ) C:\Users\User\Downloads\spybotsd162.exe
2012-06-10 11:02 - 2012-06-10 10:51 - 00000000 ____D C:\Users\All Users\B7E858A7000083BB0004264BB4EB2367
2012-06-10 10:56 - 2012-06-10 10:56 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-10 10:53 - 2012-06-10 10:53 - 00001105 ____A C:\Users\User\Desktop\Live Security Platinum.lnk
2012-06-10 10:53 - 2012-04-05 03:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-10 10:53 - 2011-07-31 23:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-10 10:52 - 2012-01-11 15:42 - 00000000 __SHD C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff}
2012-06-10 07:09 - 2012-06-10 07:08 - 00000000 ____D C:\Users\User\AppData\Local\{656304E9-C9F1-4B76-8255-B7D130770D10}
2012-06-10 07:08 - 2012-06-10 07:08 - 00000000 ____D C:\Users\User\AppData\Local\{702DF959-F11A-44A0-9E41-C334774BD21B}
2012-06-10 07:08 - 2012-01-04 18:11 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2012-06-10 04:14 - 2012-06-10 04:14 - 00000000 ____D C:\Users\User\AppData\Local\{75D15F78-5D8B-40C3-9C5D-2AEA91FC815C}
2012-06-10 04:14 - 2012-06-10 04:13 - 00000000 ____D C:\Users\User\AppData\Local\{DAA3DB5B-047B-432A-AEBF-EB6D868F2FEA}
2012-06-09 19:19 - 2011-11-26 06:29 - 01041012 ____A C:\Users\User\Desktop\11_2010_2012.ynab3
2012-06-09 19:19 - 2011-11-26 06:29 - 00000000 ____D C:\Users\User\Desktop\YNAB-Backup
2012-06-09 17:50 - 2012-06-09 17:50 - 00000000 ____D C:\Users\User\AppData\Local\{90C7D4A3-5EC4-4F0E-979F-C8FFA292F7E6}
2012-06-09 12:47 - 2012-06-09 12:47 - 00000000 ____D C:\Users\User\AppData\Local\{354BCC9B-92AA-4FE0-B64E-0359040A919B}
2012-06-09 12:47 - 2012-06-09 12:46 - 00000000 ____D C:\Users\User\AppData\Local\{DCD61D25-6012-474B-8848-522602CB798F}
2012-06-09 12:29 - 2012-06-09 12:29 - 00000000 ____D C:\Users\User\AppData\Local\{B6E400F5-10B9-446D-95C7-39A127F47EFE}
2012-06-09 12:29 - 2012-06-09 12:29 - 00000000 ____D C:\Users\User\AppData\Local\{6826CE32-2001-464D-BD5A-167FCECAD8CB}
2012-06-09 12:25 - 2012-06-09 12:25 - 00000000 ____D C:\Users\User\AppData\Local\{E1FC788D-F3B4-49C6-930A-5CBD65723FFF}
2012-06-09 12:25 - 2012-06-09 12:25 - 00000000 ____D C:\Users\User\AppData\Local\{7792CECC-A088-42FC-92BF-0AD58C2525AC}
2012-06-09 10:43 - 2012-06-09 10:43 - 00000000 ____D C:\Users\User\AppData\Local\{5DA60556-6A0D-4C91-87AE-1041AA420017}
2012-06-09 10:43 - 2012-06-09 10:43 - 00000000 ____D C:\Users\User\AppData\Local\{269576A9-26F5-46FB-80F8-744137ABE13E}
2012-06-09 04:45 - 2012-06-09 04:45 - 00000000 ____D C:\Users\User\AppData\Local\{94AF2EA8-98E4-43CF-B31D-E7C05B666339}
2012-06-09 04:45 - 2012-06-09 04:45 - 00000000 ____D C:\Users\User\AppData\Local\{49B0FC0E-F50F-4068-8E14-801DFECE62E8}
2012-06-09 03:38 - 2012-06-09 03:38 - 00000000 ____D C:\Users\User\AppData\Local\{8D3B58C8-004A-4AF8-AB21-43151FBCE24B}
2012-06-09 03:38 - 2012-06-09 03:38 - 00000000 ____D C:\Users\User\AppData\Local\{59F68412-DBBC-474C-8524-5F408698BA6C}
2012-06-08 02:09 - 2012-06-08 02:09 - 00000000 ____D C:\Users\User\AppData\Local\{D73885EA-C215-4DC4-8411-9F61C76CC0EC}
2012-06-08 02:09 - 2012-06-08 02:09 - 00000000 ____D C:\Users\User\AppData\Local\{BD523A12-96B0-4788-B178-24E713F305DC}
2012-06-08 01:58 - 2012-06-08 01:57 - 00000000 ____D C:\Users\User\AppData\Local\{B9046C08-5BBB-4D12-941A-0FE02863F63D}
2012-06-08 01:57 - 2012-06-08 01:57 - 00000000 ____D C:\Users\User\AppData\Local\{8E7DC8FE-9417-4C3E-84AB-1A5A5AEF4EA7}
2012-06-07 16:37 - 2012-06-07 16:37 - 00000000 ____D C:\Users\User\AppData\Local\{A967786D-A61F-4E31-BC56-D4CF12D89FDB}
2012-06-07 16:37 - 2012-06-07 16:36 - 00000000 ____D C:\Users\User\AppData\Local\{4EE44B9B-CDB7-4448-914D-37F8DF3FEF5D}
2012-06-06 16:08 - 2012-06-06 16:07 - 00000000 ____D C:\Users\User\AppData\Local\{C60AC161-9F88-4E42-B34A-6FC3E969801D}
2012-06-06 16:07 - 2012-06-06 16:07 - 00000000 ____D C:\Users\User\AppData\Local\{E35DB8F0-FEB9-42D0-A496-A141F6CAD7C0}
2012-06-06 15:40 - 2012-06-06 15:40 - 00000000 ____D C:\Users\User\AppData\Local\{E4D1E5E3-0D15-40F3-9897-F57828CB24B7}
2012-06-06 15:40 - 2012-06-06 15:40 - 00000000 ____D C:\Users\User\AppData\Local\{129F5979-C355-42D9-8EFD-B657AE8C49AF}
2012-06-05 15:25 - 2012-06-05 15:25 - 00000000 ____D C:\Users\User\AppData\Local\{EFF4D235-314A-415F-821D-E360872C6AEA}
2012-06-05 15:25 - 2012-06-05 15:24 - 00000000 ____D C:\Users\User\AppData\Local\{C617299D-F78D-4B60-B43A-CC5EFB65F8DD}
2012-06-04 14:48 - 2012-06-04 14:48 - 00000000 ____D C:\Users\User\AppData\Local\{A15B4770-CC64-4952-A5D8-7DE1A7D290E0}
2012-06-04 14:48 - 2012-06-04 14:48 - 00000000 ____D C:\Users\User\AppData\Local\{879C0F97-339B-4623-AF63-81C3AA6C2898}
2012-06-03 05:07 - 2012-06-03 05:07 - 00000000 ____D C:\Users\User\AppData\Local\{DB2CBF87-5718-4F23-8FE6-008B90E40A49}
2012-06-03 05:07 - 2012-06-03 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{828461BE-6580-495F-A02A-DEECDA258E19}
2012-06-03 03:58 - 2012-06-03 03:58 - 00034985 ____A C:\Users\User\Desktop\thegirls.jpg
2012-06-03 03:55 - 2012-06-03 03:54 - 00000000 ____D C:\Users\User\AppData\Local\{60F9B293-0A6C-4626-B9D9-0C2937E0F728}
2012-06-03 03:54 - 2012-06-03 03:54 - 00000000 ____D C:\Users\User\AppData\Local\{11B4D79D-018D-4CB6-9F1B-F4FE17AD03DF}
2012-06-01 19:19 - 2012-06-01 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{4DA8A63D-609A-4145-817B-43FF73007518}
2012-06-01 19:19 - 2012-06-01 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{4CBA1359-9AE0-4788-B424-1FE3294F8B15}
2012-06-01 16:10 - 2012-06-01 16:10 - 00000000 ____D C:\Users\User\AppData\Local\{B2EE8BDA-BA33-4159-A937-C391315C84E7}
2012-06-01 16:10 - 2012-06-01 16:10 - 00000000 ____D C:\Users\User\AppData\Local\{A3179F6D-23D2-4CBB-92FC-3D6B5FEEF029}
2012-06-01 16:03 - 2012-06-01 16:03 - 00153607 ____A C:\Users\User\Desktop\FromGeorgia.jpg
2012-06-01 15:52 - 2012-06-01 15:52 - 00000000 ____D C:\Users\User\AppData\Local\{3F2DFE81-441D-42CE-A7A7-A04D6184AEEE}
2012-06-01 15:52 - 2012-06-01 15:52 - 00000000 ____D C:\Users\User\AppData\Local\{07A244F2-8DB1-4CAC-9C18-1F36554B6478}
2012-06-01 15:52 - 2011-11-25 12:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2012-06-01 02:28 - 2012-01-04 17:42 - 00000000 ____D C:\Users\User\AppData\Roaming\SoftGrid Client
2012-06-01 01:45 - 2012-06-01 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{BA284B7B-0C1F-4FB0-ACEE-7822282DE5A0}
2012-06-01 01:45 - 2012-06-01 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{09305791-5F03-400F-BF7C-11E19DB6B4FD}
2012-05-30 14:41 - 2012-05-30 14:40 - 00000000 ____D C:\Users\User\AppData\Local\{F10503E3-D7C8-407D-A044-1DBED6A102AF}
2012-05-30 14:40 - 2012-05-30 14:40 - 00000000 ____D C:\Users\User\AppData\Local\{29467DBC-225F-43FE-BA91-76F64A595D40}
2012-05-29 16:42 - 2012-05-29 16:42 - 00000000 ____D C:\Users\User\AppData\Local\{E7160952-2B59-48EF-A826-C7FC45480574}
2012-05-29 16:42 - 2012-05-29 16:42 - 00000000 ____D C:\Users\User\AppData\Local\{15F4BF96-9DDC-4888-9287-B484A961CB2E}
2012-05-29 16:41 - 2012-05-29 16:41 - 00000000 ____D C:\Users\User\AppData\Local\{C31C2A78-9A90-43EE-9466-37B946B4027F}
2012-05-29 16:40 - 2012-05-29 16:37 - 02015708 ____A C:\Users\User\Desktop\2012regform.pdf
2012-05-29 16:38 - 2012-05-29 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{D51F39CF-2273-4077-A6C5-F54F190CDFB6}
2012-05-29 16:38 - 2012-05-29 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{2907DE38-5BAC-4B95-8020-20303AC32EA2}
2012-05-29 15:48 - 2012-05-29 15:48 - 00000000 ____D C:\Users\User\AppData\Local\{15666D4F-CAFB-4E2B-BF33-07AA9CD3F192}
2012-05-29 15:48 - 2012-05-29 15:47 - 00000000 ____D C:\Users\User\AppData\Local\{3DE904DE-9218-448B-83E9-667DC12EB62E}
2012-05-28 17:47 - 2012-05-28 17:47 - 00000000 ____D C:\Users\User\AppData\Local\{8E44C577-00CC-4531-A99C-D72897E67E0D}
2012-05-28 08:03 - 2012-05-28 08:02 - 00000000 ____D C:\Users\User\AppData\Local\{D9093B92-3324-4799-BAA1-A22E9D83674D}
2012-05-28 08:02 - 2012-05-28 08:02 - 00000000 ____D C:\Users\User\AppData\Local\{C5218768-C64A-4323-9381-B4BDB07FCB13}
2012-05-28 07:53 - 2012-05-28 07:53 - 03491786 ____A C:\Users\User\Desktop\Velux-TGF-TMF-Flexible-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 07:49 - 2012-05-28 07:49 - 03346754 ____A C:\Users\User\Desktop\Velux-TGR-TMR-Rigid-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 03:21 - 2012-05-28 03:21 - 00000000 ____D C:\Users\User\AppData\Local\{ED1ED981-517A-49DD-94EF-975DC8283D76}
2012-05-28 03:21 - 2012-05-28 03:20 - 00000000 ____D C:\Users\User\AppData\Local\{63124923-D2AE-4C6F-B1B1-A85A1015368F}
2012-05-26 18:51 - 2012-05-26 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{F55E8371-1D37-430B-A26F-21BD942C40A5}
2012-05-26 18:51 - 2012-05-26 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{3876FFAB-EA9B-4D65-9337-A1A440D8D02F}
2012-05-26 08:01 - 2012-05-26 08:01 - 00000000 ____D C:\Users\User\AppData\Local\{602EE7BF-6B4B-4D27-863C-A2973C2C04EB}
2012-05-26 08:01 - 2012-05-26 08:01 - 00000000 ____D C:\Users\User\AppData\Local\{5A9056A5-09BA-4D24-9B1C-8F70D3DDB0D9}
2012-05-26 07:04 - 2012-05-26 07:04 - 00000000 ____D C:\Users\User\AppData\Local\{8280A3A0-BF7F-4474-A026-93E562E97287}
2012-05-26 07:04 - 2012-05-26 07:04 - 00000000 ____D C:\Users\User\AppData\Local\{6F4A8A52-CF9D-4A42-9C3E-AE2C774F5039}
2012-05-26 04:07 - 2012-05-26 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{902DB2A4-B194-4B92-901B-38C60CB37133}
2012-05-26 04:07 - 2012-05-26 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{8D12EE67-9CB7-442D-8958-D7BC666E626A}
2012-05-25 17:46 - 2012-05-25 17:46 - 00000000 ____D C:\Users\User\AppData\Local\{B433D679-2BCA-450B-91E8-017CC9F421FD}
2012-05-25 17:46 - 2012-05-25 17:46 - 00000000 ____D C:\Users\User\AppData\Local\{51D44CD4-091A-4E51-8444-677A83CCF6B5}
2012-05-25 02:17 - 2012-05-25 02:17 - 00000000 ____D C:\Users\User\AppData\Local\{56DB8D77-FCBD-4964-AA68-1C16F2D0C037}
2012-05-25 02:17 - 2012-05-25 02:17 - 00000000 ____D C:\Users\User\AppData\Local\{0F1E141A-9179-453B-8479-30A289D5D95D}
2012-05-25 01:45 - 2012-05-25 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{48AE921E-7ABE-43AF-8CA8-E3EF667F33E9}
2012-05-25 01:45 - 2012-05-25 01:44 - 00000000 ____D C:\Users\User\AppData\Local\{2D80752B-6D9F-460D-BFB0-4892F0F24EB0}
2012-05-25 01:29 - 2012-05-25 01:29 - 00000000 ____D C:\Users\User\AppData\Local\{86632894-5C03-4210-98BC-C245F89D06AC}
2012-05-25 01:29 - 2012-05-25 01:28 - 00000000 ____D C:\Users\User\AppData\Local\{8D4673EE-1B68-4F6A-B2E0-7E8F7FCC4CEC}
2012-05-24 17:00 - 2012-05-24 17:00 - 00000000 ____D C:\Users\User\AppData\Local\{FC960C23-B6A1-4ED6-83CF-B395F865832F}
2012-05-24 17:00 - 2012-05-24 17:00 - 00000000 ____D C:\Users\User\AppData\Local\{E568E6A7-CCA1-4AFA-BDBB-E1BDEF17B901}
2012-05-24 16:04 - 2012-05-24 16:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-05-24 16:03 - 2012-05-24 16:03 - 00060304 ____A C:\Users\User\g2mdlhlpx.exe
2012-05-24 16:00 - 2012-05-24 15:59 - 00000000 ____D C:\Users\User\AppData\Local\{09296A3B-5772-4E46-B046-CECEFFD3A11D}
2012-05-24 15:59 - 2012-05-24 15:59 - 00000000 ____D C:\Users\User\AppData\Local\{B9D2FB60-C951-48AB-9C08-8F90D48150A6}
2012-05-24 15:24 - 2012-05-24 15:24 - 00000000 ____D C:\Users\User\AppData\Local\{4877B114-B393-4AB9-B440-9D97DA2493C3}
2012-05-24 15:24 - 2012-05-24 15:24 - 00000000 ____D C:\Users\User\AppData\Local\{41F7CE39-1B9D-48CC-B45E-1723092F4589}
2012-05-24 14:53 - 2012-05-24 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{94F61BA7-8FF8-4605-9528-B4BE4F6463A7}
2012-05-24 14:53 - 2012-05-24 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{319E84FA-49AC-446F-B751-291D5ADB0E28}
2012-05-24 14:33 - 2012-05-24 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{748AD251-6F0C-4138-B925-E6DF1C4EC95A}
2012-05-24 14:33 - 2012-05-24 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{2B60BBCF-872A-43C5-A54B-5419656A3C11}
2012-05-23 15:32 - 2012-05-23 15:32 - 00000000 ____D C:\Users\User\AppData\Local\{68C8D7D6-80F9-4028-9CBD-561027E6AF0A}
2012-05-23 15:32 - 2012-05-23 15:32 - 00000000 ____D C:\Users\User\AppData\Local\{14902574-9DBD-4182-AD13-1A5248E6A0C7}
2012-05-22 15:53 - 2012-05-22 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{2AB2CC5E-8D2B-4EE6-AE2C-90B9502378BC}
2012-05-22 15:10 - 2012-05-22 15:10 - 00000000 ____D C:\Users\User\AppData\Local\{D52C3204-70FD-4B78-A85E-6377A936FE42}
2012-05-22 15:10 - 2012-05-22 15:10 - 00000000 ____D C:\Users\User\AppData\Local\{72C3F495-FB16-4C39-9C1E-B5FE67B84328}
2012-05-21 19:15 - 2012-05-21 19:15 - 00000000 ____D C:\Users\User\AppData\Local\{B74F0B37-BE7B-48A6-8812-3CA1ED46A528}
2012-05-21 19:15 - 2012-05-21 19:15 - 00000000 ____D C:\Users\User\AppData\Local\{521FF700-BD2A-4639-8CBC-16A8177768A4}
2012-05-21 16:38 - 2012-05-21 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{CDF56A5C-B0DA-450D-AF98-5012DA6CF113}
2012-05-21 16:38 - 2012-05-21 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{36A3FF96-EDE3-4A88-BF5F-8EB8CB4A3742}
2012-05-21 16:35 - 2012-05-21 16:35 - 00000000 ____D C:\Users\User\AppData\Local\{3D31D2F4-6DC4-42D2-B910-0BE7F480E8B8}
2012-05-21 16:35 - 2012-05-21 16:35 - 00000000 ____D C:\Users\User\AppData\Local\{0DDEA96D-7090-4D5F-9AC3-535D52A821A2}
2012-05-21 14:42 - 2012-05-21 14:42 - 00000000 ____D C:\Users\User\AppData\Local\{982FAE18-D8D4-413B-B908-71F229F855F5}
2012-05-21 14:42 - 2012-05-21 14:42 - 00000000 ____D C:\Users\User\AppData\Local\{4E5CDDA0-9893-4F34-BBEC-9260E688AF02}
2012-05-20 18:23 - 2012-05-20 18:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-20 18:23 - 2012-05-20 18:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-20 18:19 - 2012-05-20 18:19 - 00000000 ____D C:\Users\User\AppData\Local\{B1776432-1061-4E86-AA3E-890E8802D0D4}
2012-05-20 18:19 - 2012-05-20 18:19 - 00000000 ____D C:\Users\User\AppData\Local\{68429DA8-C75E-43FB-9081-4FBC9ADDF507}
2012-05-20 17:39 - 2012-05-20 17:39 - 00000000 ____D C:\Users\User\AppData\Local\{D9576DA4-98E7-4AB6-947B-682CFD6DD478}
2012-05-20 17:39 - 2012-05-20 17:39 - 00000000 ____D C:\Users\User\AppData\Local\{00877839-9E8A-4C05-8FDA-00605E0AFAA8}
2012-05-20 05:40 - 2012-05-20 05:39 - 00000000 ____D C:\Users\User\AppData\Local\{6168886D-88D1-4A70-8A1F-55DCB0E12D7B}
2012-05-20 05:39 - 2012-05-20 05:39 - 00000000 ____D C:\Users\User\AppData\Local\{D470E746-1899-4F85-8D2C-039ED7A313B5}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{D9C1EDCA-08C7-4088-8AA4-FF2064819CC4}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{93C7D3EA-E81E-4548-9DCC-4B3C8E0EF7A8}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{41882AF5-F615-4BC9-A2A2-C8A5885FDC3F}
2012-05-19 10:23 - 2012-05-19 10:22 - 00000000 ____D C:\Users\User\AppData\Local\{BEEBDFDA-BE48-4A20-88E6-0105A8CE8F07}
2012-05-19 10:22 - 2012-05-19 10:22 - 00000000 ____D C:\Users\User\AppData\Local\{814C7A71-7A69-4D76-84F7-C269DAE7D65A}
2012-05-19 04:04 - 2012-01-12 19:30 - 00039936 ____A C:\Users\User\Documents\MelindaMcLeodResume2.doc
2012-05-19 01:50 - 2012-05-19 01:50 - 00000000 ____D C:\Users\User\AppData\Local\{F85ACC5F-3FC3-478F-BDA2-13B798BA5067}
2012-05-19 01:50 - 2012-05-19 01:50 - 00000000 ____D C:\Users\User\AppData\Local\{6657B0C4-EFEB-4027-86F2-F75A8D82CD47}
2012-05-18 18:51 - 2012-05-18 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{0A1FF414-AC05-426F-A248-9DED8B5876E5}
2012-05-18 18:50 - 2012-05-18 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{0BBBF547-E1A7-410C-97CF-634FB8BAD885}
2012-05-18 17:56 - 2012-05-18 17:56 - 00000000 ____D C:\Users\User\AppData\Local\{BF8DEB56-667D-4298-961E-971D20A3F706}
2012-05-18 15:38 - 2012-05-18 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{BB688C1A-B42F-4EC0-AA31-89039D5A20F9}
2012-05-18 15:38 - 2012-05-18 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{93479405-0632-4773-9FF4-CCFB10D2A909}
2012-05-17 18:50 - 2012-05-17 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{4FF675A4-DF17-4996-A63F-0F4112DAD9D5}
2012-05-17 18:50 - 2012-05-17 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{498A505B-925C-44FB-9CA9-DD6C8BB8CA45}
2012-05-17 14:54 - 2012-05-17 14:54 - 00000000 ____D C:\Users\User\AppData\Local\{78362277-FBD2-49E5-B1D8-5D3022D99A80}
2012-05-17 14:54 - 2012-05-17 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{063FE9C3-7F9B-49D0-AA72-0E2358CBC0C7}
2012-05-17 14:51 - 2012-05-17 14:51 - 00000000 ____D C:\Users\User\AppData\Local\{5F04605E-FD7A-4573-9297-608A80CE236D}
2012-05-17 14:51 - 2012-05-17 14:51 - 00000000 ____D C:\Users\User\AppData\Local\{2A0307F0-0F24-4FD8-9B70-63BF1031B21B}
2012-05-16 18:37 - 2012-05-16 18:37 - 00000000 ____D C:\Users\User\AppData\Local\{F76A9B1E-AC34-43B7-B522-EF98406022CD}
2012-05-16 18:37 - 2012-05-16 18:37 - 00000000 ____D C:\Users\User\AppData\Local\{C0B7163C-A752-48C2-9F26-0C86AC36283F}
2012-05-16 16:01 - 2012-05-16 16:01 - 00000000 ____D C:\Users\User\AppData\Local\{71653197-B68F-40A2-93C3-D689F006037F}
2012-05-16 16:01 - 2012-05-16 16:00 - 00000000 ____D C:\Users\User\AppData\Local\{C561ABEB-F69B-4FF2-A381-EE3A17A6E475}
2012-05-16 15:58 - 2012-05-16 15:58 - 02981723 ____A C:\Users\User\Downloads\004.JPG
2012-05-16 15:53 - 2012-05-16 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{D4F59CAD-5109-41DF-BBB8-D05D182825AB}
2012-05-16 15:53 - 2012-05-16 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{97304BE1-CC11-4E29-B838-A14EBB6AD713}
2012-05-16 15:18 - 2012-05-16 15:18 - 00000000 ____D C:\Users\User\AppData\Local\{EA030AA6-8F13-4DF2-AC4E-FE040D3A413E}
2012-05-16 15:18 - 2012-05-16 15:18 - 00000000 ____D C:\Users\User\AppData\Local\{7D2856E6-A612-4811-9241-9748069E5051}
2012-05-16 14:04 - 2012-05-16 14:04 - 00000000 ____D C:\Users\User\AppData\Local\{99224CB6-03D5-4021-AFBB-01DDA1531928}
2012-05-16 02:30 - 2012-05-16 02:29 - 00000000 ____D C:\Users\User\AppData\Local\{8A12B1F5-8220-4C4E-8623-E1C3FE541284}
2012-05-16 02:29 - 2012-05-16 02:29 - 00000000 ____D C:\Users\User\AppData\Local\{C7339F38-9A54-459A-954D-A0EA8401898B}
2012-05-15 17:52 - 2012-05-15 17:52 - 00000000 ____D C:\Users\User\AppData\Local\{D534A849-5A0F-49C8-A18F-E84E3CC880C3}
2012-05-15 17:52 - 2012-05-15 17:52 - 00000000 ____D C:\Users\User\AppData\Local\{35DBDDDF-8426-4733-AF4B-0B2EBFC30AED}
2012-05-15 16:14 - 2012-05-15 16:14 - 00000000 ____D C:\Users\User\AppData\Local\{23B4120D-138E-47E8-86FB-468632A474AF}
2012-05-15 16:14 - 2012-05-15 16:14 - 00000000 ____D C:\Users\User\AppData\Local\{1D044CFB-D3DE-48BF-8107-1E36D950D11E}
2012-05-15 15:26 - 2012-05-15 15:26 - 00000000 ____D C:\Users\User\AppData\Local\{A1C6D679-B3D9-4C68-AEB4-5DF9629FD2AB}
2012-05-15 15:26 - 2012-05-15 15:25 - 00000000 ____D C:\Users\User\AppData\Local\{6E8EB4EA-480E-4EDF-9FC3-4F230AC6E761}
2012-05-13 08:34 - 2012-05-13 08:34 - 00000000 ____D C:\Users\User\AppData\Local\{60AFE895-E9DD-49B5-A38F-7FEC1A4960DB}
2012-05-13 08:34 - 2012-05-13 08:34 - 00000000 ____D C:\Users\User\AppData\Local\{396EF1D7-8E20-4497-A877-357CC0431554}
2012-05-12 05:51 - 2012-05-12 05:51 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2012-05-12 03:06 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 02:48 - 2011-11-18 12:40 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 17:07 - 2012-05-11 17:07 - 00000000 ____D C:\Users\User\AppData\Local\{87DDE2D6-F483-47C5-A4EE-73CE0843EB00}
2012-05-11 17:07 - 2012-05-11 17:07 - 00000000 ____D C:\Users\User\AppData\Local\{1C5B43C5-F744-4C22-BE52-7863E8D3916D}
2012-05-10 17:36 - 2012-05-10 17:36 - 00000000 ____D C:\33f4ec94127ffb07e9f67db0
2012-05-10 17:35 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 15:34 - 2012-05-10 15:34 - 00000000 ____D C:\Users\User\AppData\Local\{9C5B2551-A9B5-4CDB-9B66-F0BF622C6A39}
2012-05-10 15:34 - 2012-05-10 15:34 - 00000000 ____D C:\Users\User\AppData\Local\{904106E1-D4D2-4A99-8EF6-2C976BDF4968}
2012-05-10 15:08 - 2012-05-10 15:08 - 00000000 ____D C:\Users\User\AppData\Local\{FEEAD077-B214-46FC-8282-63E438FF8B58}
2012-05-10 15:08 - 2012-05-10 15:08 - 00000000 ____D C:\Users\User\AppData\Local\{58784215-A289-4957-8DA3-45AE23D50434}
2012-05-10 14:32 - 2012-05-10 14:32 - 00000000 ____D C:\Users\User\AppData\Local\{1B0BB40E-BAC1-4B48-A794-F480A607205C}
2012-05-10 14:32 - 2012-05-10 14:32 - 00000000 ____D C:\Users\User\AppData\Local\{17D8CFAC-3E93-4BC4-A0E4-A47474A8ABCE}
2012-05-09 15:15 - 2012-05-09 15:15 - 00000000 ____D C:\Users\User\AppData\Local\{F09BEF2F-968B-4572-B012-28116C49BFE2}
2012-05-09 15:15 - 2012-05-09 15:15 - 00000000 ____D C:\Users\User\AppData\Local\{883698B8-E577-4274-9267-DA3C01E8239E}
2012-05-08 14:33 - 2012-05-08 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{D17758CC-24D9-4D33-8385-2262C6B2BBF7}
2012-05-08 14:33 - 2012-05-08 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{42EF4F75-DE62-4524-9DA6-5258D141023D}
2012-05-08 14:01 - 2012-05-08 14:01 - 00000000 ____D C:\Users\User\AppData\Local\{291476FE-4E59-4C17-B2E9-4A2BBA24FDC5}
2012-05-08 14:01 - 2012-05-08 14:01 - 00000000 ____D C:\Users\User\AppData\Local\{24F05E20-E0DB-489E-BF58-5DA4D478A5B8}
2012-05-07 17:10 - 2012-05-07 17:10 - 00000000 ____D C:\Users\User\AppData\Local\{7B7EB9E5-4221-4983-854D-6B0FE9E00A4F}
2012-05-07 17:10 - 2012-05-07 17:10 - 00000000 ____D C:\Users\User\AppData\Local\{7339BB38-0BC7-4BCF-9615-51DB2495BB55}
2012-05-07 15:19 - 2012-05-07 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{C9CE25DE-830F-4FE2-8199-4BBA2B3599C0}
2012-05-07 15:19 - 2012-05-07 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{AB4130DC-5CEE-4AE0-89E6-CD624D1244FE}
2012-05-06 17:11 - 2012-05-06 17:11 - 00000000 ____D C:\Users\User\AppData\Local\{AED33378-123E-4389-A556-ECF32F951A2E}
2012-05-06 17:11 - 2012-05-06 17:11 - 00000000 ____D C:\Users\User\AppData\Local\{318CF2B5-C747-494A-A02C-4962B8B6F06A}
2012-05-05 17:07 - 2012-05-05 17:07 - 00000000 ____D C:\Users\User\AppData\Local\{4380E760-BC66-46E6-84B0-E2A3D64F8CEF}
2012-05-05 17:07 - 2012-05-05 17:06 - 00000000 ____D C:\Users\User\AppData\Local\{6B184592-9E60-4A9E-B638-A533D3F13A52}
2012-05-05 13:49 - 2012-05-05 13:48 - 00000000 ____D C:\Users\User\AppData\Local\{C12A7AB3-49CE-4359-8825-7EA85D0404BD}
2012-05-05 13:48 - 2012-05-05 13:48 - 00000000 ____D C:\Users\User\AppData\Local\{4A9414ED-8E37-4FF9-9A4C-0F1198C865BC}
2012-05-05 12:20 - 2012-05-05 12:20 - 00000000 ____D C:\Users\User\AppData\Local\{D9EAC512-4CB5-41D8-AB38-9DF874D3B71D}
2012-05-05 12:20 - 2012-05-05 12:20 - 00000000 ____D C:\Users\User\AppData\Local\{A118476F-DCC9-4B45-B6DA-59CCDEF5C280}
2012-05-05 11:33 - 2012-04-05 16:33 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 09:42 - 2012-05-05 09:42 - 00000000 ____D C:\Users\User\AppData\Local\{696957D7-9AE0-4F25-9E2E-5FF1B1D82621}
2012-05-05 09:42 - 2012-05-05 09:42 - 00000000 ____D C:\Users\User\AppData\Local\{382838C5-23E4-4280-8722-87880C381441}
2012-05-04 14:50 - 2012-05-04 14:49 - 00000000 ____D C:\Users\User\AppData\Local\{98F7FC25-CECD-4386-A0B7-B3297ABBF6A1}
2012-05-04 14:49 - 2012-05-04 14:49 - 00000000 ____D C:\Users\User\AppData\Local\{2DD1F9C4-B40D-4375-B79B-9852CDB689A7}
2012-05-04 14:12 - 2012-05-04 14:12 - 00000000 ____D C:\Users\User\AppData\Local\{E644DD79-35C8-4B4F-BD4B-FB4A19C52AAE}
2012-05-04 14:12 - 2012-05-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\{A15C2BB8-3E12-4327-82FD-967E96C9AC83}
2012-05-03 15:30 - 2012-05-03 15:30 - 00000000 ____D C:\Users\User\AppData\Local\{0075FD79-43E6-433B-A80A-23B90B5FF60D}
2012-05-03 15:30 - 2012-05-03 15:29 - 00000000 ____D C:\Users\User\AppData\Local\{8D61AD79-8093-4D88-82C7-E53A8283E55E}
2012-05-02 19:29 - 2012-05-02 19:29 - 00000000 ____D C:\Users\User\AppData\Local\{5C0F62E6-6BB2-43A7-B4A1-97C1A3AD0380}
2012-05-02 19:29 - 2012-05-02 19:29 - 00000000 ____D C:\Users\User\AppData\Local\{21BCE174-32DA-4F68-8919-04AD69A3E241}
2012-05-02 15:48 - 2012-05-02 15:48 - 00000000 ____D C:\Users\User\AppData\Local\{F84A2A23-ED55-4EA5-A4B4-0B3BD8D2A78B}
2012-05-02 15:48 - 2012-05-02 15:48 - 00000000 ____D C:\Users\User\AppData\Local\{8FBA9DB3-D60B-4224-B4BE-E19248A0AB28}
2012-05-02 15:30 - 2012-05-02 15:30 - 00000000 ____D C:\Users\User\AppData\Local\{0A7BA59D-2D81-41AD-8B19-2D29DE71DCC7}
2012-05-02 15:30 - 2012-05-02 15:29 - 00000000 ____D C:\Users\User\AppData\Local\{87567E16-42BB-4958-B7EE-F8D087B41617}
2012-05-01 15:32 - 2012-05-01 15:32 - 00000000 ____D C:\Users\User\AppData\Local\{5A011EA6-0FF2-4CFE-AB5C-28E94B027B4F}
2012-05-01 15:32 - 2012-05-01 15:31 - 00000000 ____D C:\Users\User\AppData\Local\{C23E27E9-BD06-4E9D-8BD0-528DA42976ED}
2012-05-01 14:28 - 2012-05-01 14:27 - 00000000 ____D C:\Users\User\AppData\Local\{A52AA1AF-D924-4705-A63D-505C1EB2DC6D}
2012-05-01 14:27 - 2012-05-01 14:27 - 00000000 ____D C:\Users\User\AppData\Local\{DFC95FFC-798E-49BD-8794-49774C1627E6}
2012-05-01 14:14 - 2012-05-01 14:14 - 00000000 ____D C:\Users\User\AppData\Local\{BBB99DB0-1C4E-4FE0-946E-55F7C9B53664}
2012-05-01 14:14 - 2012-05-01 14:14 - 00000000 ____D C:\Users\User\AppData\Local\{7E26BDBF-05FF-4E22-A3FF-FA662D0899E3}
2012-05-01 02:07 - 2012-05-01 02:07 - 00000000 ____D C:\Users\User\AppData\Local\{FD49589D-0B11-47D2-9E8D-93CF7EC8FBB6}
2012-05-01 02:07 - 2012-05-01 02:07 - 00000000 ____D C:\Users\User\AppData\Local\{9B2F3405-D56A-4770-B175-552ADF26CCB8}
2012-05-01 01:46 - 2012-05-01 01:46 - 00000000 ____D C:\Users\User\AppData\Local\{65FBF8F4-AE8E-4027-9DFF-6994D73EE745}
2012-04-30 18:04 - 2012-04-30 18:04 - 00000000 ____D C:\Users\User\AppData\Local\{ADDB08E3-FBC9-44C7-BE96-33F145C36658}
2012-04-30 15:41 - 2012-04-30 15:41 - 00000000 ____D C:\Users\User\AppData\Local\{61C8D3E3-602D-43EB-A006-CEED51C017B0}
2012-04-30 15:41 - 2012-04-30 15:40 - 00000000 ____D C:\Users\User\AppData\Local\{6D9F56D4-B2E4-486F-B0C5-A1A890D48001}
2012-04-28 18:20 - 2012-04-28 18:20 - 00000000 ____D C:\Users\User\AppData\Local\{5CEFAC8B-5FC2-41E6-91A8-EC08F60FDDF9}
2012-04-28 18:20 - 2012-04-28 18:20 - 00000000 ____D C:\Users\User\AppData\Local\{22773740-12AE-448D-9B32-AD1EDA25D943}
2012-04-28 05:03 - 2012-04-28 05:03 - 02586616 ____A C:\Users\User\Desktop\Motorcycle2.jpg
2012-04-28 05:02 - 2012-04-28 05:02 - 02600454 ____A C:\Users\User\Desktop\Motorcycle1.jpg
2012-04-28 04:58 - 2012-04-28 04:58 - 00000000 ____D C:\Users\User\AppData\Local\{4ECE2200-9E88-49A1-A987-3017ADA23CF8}
2012-04-28 04:58 - 2012-04-28 04:57 - 00000000 ____D C:\Users\User\AppData\Local\{EBF4E741-DB65-4441-808C-EE3E310459DD}
2012-04-28 04:38 - 2012-04-28 04:38 - 00000000 ____D C:\Users\User\AppData\Local\{4B96B202-FDBC-4511-AF4E-D93B414FAF47}
2012-04-28 04:38 - 2012-04-28 04:38 - 00000000 ____D C:\Users\User\AppData\Local\{43C8BF12-3357-4230-BCFB-EAA830148E5F}
2012-04-27 17:44 - 2012-04-27 17:44 - 00000000 ____D C:\Users\User\AppData\Local\{F62B7AFB-A660-4966-B4F2-E4716A98802A}
2012-04-27 17:44 - 2012-04-27 17:44 - 00000000 ____D C:\Users\User\AppData\Local\{E796D2FF-CACA-40E1-83CA-EBCB4A3780F5}
2012-04-25 17:19 - 2012-04-25 17:19 - 00000000 ____D C:\Users\User\AppData\Local\{92D4C640-CF20-4584-B29A-50036AB704EA}
2012-04-25 17:19 - 2012-04-25 17:19 - 00000000 ____D C:\Users\User\AppData\Local\{77F05764-78AF-4FF0-BE78-B20C326D5F43}
2012-04-25 16:51 - 2012-04-25 16:51 - 00000000 ____D C:\Users\User\AppData\Local\{BF4A43FB-3177-498C-BD6B-76D98641306B}
2012-04-25 16:51 - 2012-04-25 16:51 - 00000000 ____D C:\Users\User\AppData\Local\{2E5AE036-F73C-4D11-866E-5FBC20F62619}
2012-04-25 16:50 - 2012-04-25 16:50 - 00008576 ____A C:\Users\User\Desktop\Zappos_com UPS Return Label.htm
2012-04-25 16:50 - 2012-04-25 16:50 - 00000000 ____D C:\Users\User\Desktop\Zappos_com UPS Return Label_files
2012-04-25 16:47 - 2012-04-25 16:47 - 00000000 ____D C:\Users\User\AppData\Local\{88B4964B-3B0B-4AB1-9BDF-EF4B965737F6}
2012-04-25 16:47 - 2012-04-25 16:47 - 00000000 ____D C:\Users\User\AppData\Local\{0A5DFA74-A076-4581-82ED-427AE7308D2D}
2012-04-25 15:03 - 2012-04-25 15:03 - 00000000 ____D C:\Users\User\AppData\Local\{C8731582-BC54-4531-A5FB-C940D847C161}
2012-04-25 15:03 - 2012-04-25 15:03 - 00000000 ____D C:\Users\User\AppData\Local\{8EF97793-6DD0-440A-ABD1-C89A4116B8E7}
2012-04-24 18:20 - 2012-04-24 18:20 - 00000000 ____D C:\Users\User\AppData\Local\{55AACCD6-064C-438A-A179-EBC681ED0D4C}
2012-04-24 17:42 - 2012-04-24 17:42 - 00000000 ____D C:\Users\User\AppData\Local\{ECC7F273-748B-48CF-A978-A987CBB4C886}
2012-04-24 17:42 - 2012-04-24 17:42 - 00000000 ____D C:\Users\User\AppData\Local\{4C0028D5-398C-4EF2-AA75-70677DD6FD92}
2012-04-24 15:19 - 2012-04-24 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{D4476D54-D63A-4E00-8B4D-56209B68E3FD}
2012-04-24 15:19 - 2012-04-24 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{AD8335EA-77AF-4B7E-859E-B4FAB655459E}
2012-04-23 17:35 - 2012-04-23 17:35 - 00000000 ____D C:\Users\User\AppData\Local\{13BAAC3B-147A-4ABE-B08C-E108E0B25612}
2012-04-23 17:35 - 2012-04-23 17:35 - 00000000 ____D C:\Users\User\AppData\Local\{00A10A20-CB49-40D4-9254-D01F75466D95}
2012-04-23 17:03 - 2012-04-23 17:03 - 00000000 ____D C:\Users\User\AppData\Local\{9D84E6BB-CE7F-45B4-A4B1-92F918F0E3D8}
2012-04-23 17:03 - 2012-04-23 17:03 - 00000000 ____D C:\Users\User\AppData\Local\{77915769-267E-4ABF-9983-58FC3044492C}
2012-04-23 16:45 - 2012-04-23 16:45 - 00000000 ____D C:\Users\User\AppData\Local\{09F9DC69-63B0-499C-A526-EBA3D1327091}
2012-04-23 16:45 - 2012-04-23 16:45 - 00000000 ____D C:\Users\User\AppData\Local\{06934D78-57F2-45A4-BBAD-C92A0E2B5642}
2012-04-23 16:29 - 2012-04-23 16:28 - 00000000 ____D C:\Users\User\AppData\Local\{4B7D57FA-8176-4537-AFFC-98F9E50D2BE1}
2012-04-23 16:28 - 2012-04-23 16:28 - 00000000 ____D C:\Users\User\AppData\Local\{57DC2614-AA1F-4D43-A63E-E9F0E8E1088C}
2012-04-23 16:18 - 2012-04-23 16:18 - 00000000 ____D C:\Users\User\AppData\Local\{417821D8-8288-4403-AFF7-2E27902613FD}
2012-04-23 16:18 - 2012-04-23 16:18 - 00000000 ____D C:\Users\User\AppData\Local\{3AF9803A-D7EE-45C8-8FE9-E853D86478B4}
2012-04-23 14:53 - 2012-04-23 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{CC5B9C57-7339-4FEC-8876-349DD60F03B5}
2012-04-23 14:53 - 2012-04-23 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{49857F62-C9BE-4886-AA98-3548989DCEC8}
2012-04-23 14:35 - 2012-04-23 14:35 - 00000000 ____D C:\Users\All Users\Symantec
2012-04-22 17:25 - 2012-04-22 17:25 - 00000000 ____D C:\Users\User\AppData\Local\{A6E66B4B-BA5F-4068-BBFA-B4CC06DDA028}
2012-04-22 17:25 - 2012-04-22 17:25 - 00000000 ____D C:\Users\User\AppData\Local\{6A189963-C014-4300-9A0C-F28DDFDAB835}
2012-04-22 16:48 - 2012-04-22 16:48 - 00000000 ____D C:\Users\User\AppData\Local\{995313DD-57B2-40EE-BA56-ABED1E642241}
2012-04-22 16:48 - 2012-04-22 16:47 - 00000000 ____D C:\Users\User\AppData\Local\{9E1A2DBE-C487-4585-9D23-CAC4BB811436}
2012-04-22 11:34 - 2012-04-22 11:34 - 00000000 ____D C:\Users\User\AppData\Local\{EBFDD77F-D3FF-44C8-A5AD-D08B1AF0DF52}
2012-04-22 11:34 - 2012-04-22 11:34 - 00000000 ____D C:\Users\User\AppData\Local\{A7F5FDE9-A285-4388-A79E-8E9325ECD96B}
2012-04-22 06:33 - 2012-04-22 06:33 - 00000000 ____D C:\Users\User\AppData\Local\{F7FB3DD9-525E-47D6-834C-29FF79520DD5}
2012-04-22 06:33 - 2012-04-22 06:33 - 00000000 ____D C:\Users\User\AppData\Local\{79240A10-6232-4F20-888A-08F86A3DE24C}
2012-04-21 11:29 - 2012-04-21 11:29 - 00000000 ____D C:\Users\User\AppData\Local\{ECA70B80-EB9B-4334-9791-7A83D20FC007}
2012-04-21 11:29 - 2012-04-21 11:28 - 00000000 ____D C:\Users\User\AppData\Local\{D4E4CFEE-19CF-43D7-98CE-21D12D7CBACD}
2012-04-19 18:01 - 2012-04-19 18:01 - 00000000 ____D C:\Users\User\AppData\Local\{70C98239-AE11-44CA-8E79-5478D93DF7E1}
2012-04-19 18:01 - 2012-04-19 18:01 - 00000000 ____D C:\Users\User\AppData\Local\{5697B072-4E75-4590-ABAF-A4B505353493}
2012-04-19 15:04 - 2012-04-19 15:04 - 00000000 ____D C:\Users\User\AppData\Local\{F108789A-3E18-44BD-9296-E6D6FF535130}
2012-04-19 15:04 - 2012-04-19 15:04 - 00000000 ____D C:\Users\User\AppData\Local\{CB55106B-78F8-41DC-B87E-2B73E4EBC7FE}
2012-04-17 02:16 - 2012-04-17 02:15 - 00000000 ____D C:\Users\User\AppData\Local\{7AC702AF-427A-4EDF-BD9C-C4C9077C570B}
2012-04-15 15:54 - 2012-04-15 15:54 - 00000000 ____D C:\Users\User\AppData\Local\{F3D56CBE-F87B-41B0-B3A5-9459B6F11C01}
2012-04-15 15:54 - 2012-04-15 15:54 - 00000000 ____D C:\Users\User\AppData\Local\{EF5B90C8-D3C6-46FD-AD07-A9947F7AABC1}
2012-04-15 07:03 - 2012-04-15 07:03 - 00000000 ____D C:\Users\User\AppData\Local\{728E297F-B8DE-4E4E-9F01-D118AEE71A55}
2012-04-15 07:03 - 2011-11-25 12:44 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2012-04-12 15:09 - 2012-04-12 15:08 - 00000000 ____D C:\Users\User\AppData\Local\{395FB587-C5ED-486F-8B71-458C4D34B7D2}
2012-04-11 17:04 - 2012-04-11 17:03 - 00000000 ____D C:\Users\User\AppData\Local\{71395694-D50D-449A-8A88-7CBF4CEB5404}
2012-04-10 16:47 - 2012-04-10 16:47 - 00000000 ____D C:\Users\User\AppData\Local\{F48CC920-8E82-4793-A58A-5B517B6873A4}
2012-04-07 17:02 - 2012-04-07 17:01 - 00000000 ____D C:\Users\User\AppData\Local\{40027805-626E-4943-9FAF-33D0754C9398}
2012-04-07 04:29 - 2012-04-07 04:28 - 00000000 ____D C:\Users\User\AppData\Local\{B57F932C-D9AE-4800-B8E6-18027A2F8028}
2012-04-06 15:59 - 2012-04-06 15:58 - 00000000 ____D C:\Users\User\AppData\Local\{CA788F06-9471-4C91-83E6-AC6B3EC29AE1}
2012-04-05 16:02 - 2012-04-05 16:02 - 00000000 ____D C:\Users\User\AppData\Local\{592FBDE0-F815-4C8D-805D-BA36F097AC3A}
2012-04-04 18:18 - 2012-04-04 18:18 - 00000000 ____D C:\Users\User\AppData\Local\{6A3BCA32-CC77-4179-869F-75513D75ECE7}
2012-04-04 11:56 - 2012-06-10 17:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 15:18 - 2012-04-02 15:18 - 00000000 ____D C:\Users\User\AppData\Local\{76557AC7-8FE8-408D-A287-46035255B716}
2012-04-01 15:50 - 2012-04-01 15:50 - 00000000 ____D C:\Users\User\AppData\Local\{B344CF6E-9611-4CE2-8F8F-CC7664F44C3B}
2012-04-01 03:25 - 2012-04-01 03:25 - 00000000 ____D C:\Users\User\AppData\Local\{BE1EB9D4-8E61-483A-A47D-4D8AAB8A110A}
2012-03-30 22:05 - 2012-05-10 14:37 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-10 14:37 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 14:37 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-10 14:37 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 16:38 - 2012-03-30 16:37 - 00000000 ____D C:\Users\User\AppData\Local\{D7A2E46A-3174-4667-A440-43DA6803AE15}
2012-03-30 03:35 - 2012-05-10 14:36 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 17:49 - 2012-03-29 17:49 - 02759882 ____A C:\Users\User\Desktop\7tipsToSuccess.pdf
2012-03-29 17:31 - 2012-03-29 17:31 - 00000000 ____D C:\Users\User\AppData\Local\{3C704C1E-C693-4B10-9ED8-1D609B343607}
2012-03-28 15:51 - 2012-03-28 15:51 - 00000000 ____D C:\Users\User\AppData\Local\{D4D64884-4A55-4822-A115-F61B3D1F8A24}
2012-03-28 15:51 - 2012-03-28 15:51 - 00000000 ____D C:\Users\User\AppData\Local\{5C187546-CEAE-4D95-A630-5C7F519183A7}
2012-03-27 16:14 - 2012-03-27 16:13 - 00000000 ____D C:\Users\User\AppData\Local\{866A68AC-4AF9-4DCE-965E-7052BB7ECDC4}
2012-03-27 16:13 - 2012-03-27 16:13 - 00000000 ____D C:\Users\User\AppData\Local\{8E0973AE-F824-4AAC-A3DC-560F72C64107}
2012-03-26 16:17 - 2012-03-26 16:17 - 00000000 ____D C:\Users\User\AppData\Local\{3D6B1D58-504D-4D04-95BE-3E30B0D1B507}
2012-03-26 16:17 - 2012-03-26 16:16 - 00000000 ____D C:\Users\User\AppData\Local\{4548A43D-B81F-415E-AAD0-A542E1113694}
2012-03-25 16:53 - 2012-03-25 16:53 - 00000000 ____D C:\Users\User\AppData\Local\{DD12EEDC-B21F-48E2-864D-939E2E25D195}
2012-03-25 16:53 - 2012-03-25 16:53 - 00000000 ____D C:\Users\User\AppData\Local\{D2A22418-CCBB-4E90-AD0D-59CC0C99D095}
2012-03-25 04:35 - 2012-03-25 04:35 - 00000000 ____D C:\Users\User\AppData\Local\{7F4D3F41-9FBB-4321-8DA4-472C09F7892A}
2012-03-25 04:35 - 2012-03-25 04:35 - 00000000 ____D C:\Users\User\AppData\Local\{438220A4-532F-40E4-8D8C-6EC2FBD5731C}
2012-03-24 11:04 - 2012-03-24 11:03 - 00000000 ____D C:\Users\User\AppData\Local\{D5C13D83-E364-4D7B-AE46-A62032443CC0}
2012-03-24 11:03 - 2012-03-24 11:03 - 00000000 ____D C:\Users\User\AppData\Local\{5E20C968-AD95-4AE9-A077-1E7698E252B1}
2012-03-23 15:27 - 2012-03-23 15:27 - 00000000 ____D C:\Users\User\AppData\Local\{9C1E85A9-ECDB-4DCE-A9CD-9BB62B6B5DA0}
2012-03-23 15:27 - 2012-03-23 15:27 - 00000000 ____D C:\Users\User\AppData\Local\{3ABA4D3C-3239-4E77-8F7C-7D9E6C1DFB58}
2012-03-22 15:20 - 2012-03-22 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{E37AA7AF-164C-4798-99D3-956859B82504}
2012-03-22 15:19 - 2012-03-22 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{67996E08-D817-48CB-A83F-27C38C5F9439}
2012-03-21 14:53 - 2012-03-21 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{4EBDC34E-1612-4912-BA01-525B3B38DEEA}
2012-03-21 14:52 - 2012-03-21 14:52 - 00000000 ____D C:\Users\User\AppData\Local\{148B237D-D8AB-43CD-9DCE-3EFBA96F1B26}
2012-03-20 16:44 - 2012-03-20 16:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 16:44 - 2012-03-20 16:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 14:56 - 2012-03-20 14:55 - 00000000 ____D C:\Users\User\AppData\Local\{58CB87BC-D9B2-49D7-B481-184A8EBE9D7B}
2012-03-20 14:55 - 2012-03-20 14:55 - 00000000 ____D C:\Users\User\AppData\Local\{3EE1183A-E183-48D7-AF7F-BCBBCDE7F800}
2012-03-19 16:02 - 2012-03-19 16:02 - 00000000 ____D C:\Users\User\AppData\Local\{97DBF55B-247C-4372-8303-A17BB2CF5867}
2012-03-19 16:02 - 2012-03-19 16:02 - 00000000 ____D C:\Users\User\AppData\Local\{1CFFAFE2-AAF4-42A3-AB2E-7D4954909E06}
2012-03-18 18:08 - 2012-03-18 18:08 - 00000000 ____D C:\Users\User\AppData\Local\{D9541C59-27CA-4A1C-B3F7-2C551E398C36}
2012-03-18 18:08 - 2012-03-18 18:08 - 00000000 ____D C:\Users\User\AppData\Local\{C13162EF-165A-414E-99FC-3A0EF9E86CB6}
2012-03-18 17:35 - 2012-03-18 17:35 - 00000000 ____D C:\Users\User\AppData\Local\{A6F5E5F8-CC8E-4DC5-96DF-54176A1AB9B0}
2012-03-18 17:35 - 2012-03-18 17:35 - 00000000 ____D C:\Users\User\AppData\Local\{8399BCFC-9D64-49AE-AD66-E6C22C8FFBAF}
2012-03-17 19:30 - 2012-03-17 19:30 - 00000000 ____D C:\Users\User\AppData\Local\{89952C09-7228-430E-884B-7F43BDA668F2}
2012-03-17 19:30 - 2012-03-17 19:29 - 00000000 ____D C:\Users\User\AppData\Local\{8661F80D-A496-44E2-A3A2-798A537AC64B}
2012-03-17 11:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-03-17 04:32 - 2012-03-17 04:32 - 00000000 ____D C:\Users\User\AppData\Local\{F34D3D02-7C2E-4B9C-B598-FE3573CBEC12}
2012-03-17 04:32 - 2012-03-17 04:32 - 00000000 ____D C:\Users\User\AppData\Local\{7907D397-B6AC-474D-B916-3D6D86AC4E94}
2012-03-16 23:58 - 2012-05-10 14:36 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 03:46 - 2012-03-16 03:46 - 00000000 ____D C:\Users\User\AppData\Local\{9E523936-B949-4072-835A-7E70AC9FD13C}
2012-03-16 03:46 - 2012-03-16 03:46 - 00000000 ____D C:\Users\User\AppData\Local\{3819FBF6-0F6E-409C-B3EA-250B06B99507}
2012-03-16 02:37 - 2012-03-14 16:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Ekmeu
2012-03-16 02:06 - 2012-03-14 16:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Seneqo
2012-03-15 15:39 - 2012-03-15 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{1B670022-A53D-4AF9-9255-069A87392A1C}
2012-03-15 15:38 - 2012-03-15 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{253544B8-8B01-4FEF-B02F-1AB9CB9E4929}
2012-03-14 16:31 - 2012-03-14 16:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Atme
2012-03-14 16:05 - 2012-03-14 16:05 - 00000000 ____D C:\Users\User\AppData\Local\{309BE847-8D53-425A-9913-9B1F99081D60}
2012-03-14 16:05 - 2012-03-14 16:05 - 00000000 ____D C:\Users\User\AppData\Local\{199235C3-7AF1-479D-BC41-AC05A3F1AF9D}

ZeroAccess:
C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}
C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}\@
C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}\L
C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}\n
C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}\U

ZeroAccess:
C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff}
C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff}\@
C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff}\L
C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-07-31 23:21] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\SysWOW64\svchost.exe
[2011-07-31 23:22] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-07-31 23:17] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4043.86 MB
Available physical RAM: 3489.75 MB
Total Pagefile: 4042.06 MB
Available Pagefile: 3476.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (TI106234W0C) (Fixed) (Total:449.77 GB) (Free:407.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:388.56 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 449 GB 1501 MB
Partition 3 Primary 14 GB 451 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106234W0C NTFS Partition 449 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G TOSHIBA EXT NTFS Partition 465 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-20 17:23

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 AM

Posted 11 June 2012 - 06:36 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}
C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Paladin41us

Paladin41us
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 11 June 2012 - 08:25 AM

Here is the fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-06-2012 03
Ran by SYSTEM at 2012-06-11 09:21:04 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff} moved successfully.
C:\Users\User\AppData\Local\{fb9a415d-8a39-a495-eecb-70163c6883ff} moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 AM

Posted 11 June 2012 - 09:06 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Paladin41us

Paladin41us
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 11 June 2012 - 10:13 AM

Ok, I followed your directions and allowed windows to boot normal: turned off all anti-spyware and anti-virus. The system keeps rebooting every min. when I get to the desktop and start combofix it has no time to complete before the machine reboots, it gets to creating a restore point and computer reboots.

I went through the recovery system again to verify I got the right user to run frst, I had two choices GroupHomeUser$ and user I ran frst under user, I tried the grouphome and its asking for a password?? the funny thing is when Iset this up for the wife I do not remember passwording for admin access. I guess I missed something :(

Thanks!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 AM

Posted 11 June 2012 - 10:30 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Paladin41us

Paladin41us
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 11 June 2012 - 10:38 AM

Doing the same in safe mode, Pop-up "windows encountered a critical error restart automatically in 1 min.

Combofix got to stage 3 before the reboot.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 AM

Posted 11 June 2012 - 10:45 AM

rerun FRST for me and send me the new report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Paladin41us

Paladin41us
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 11 June 2012 - 11:05 AM

Here you go Gringo. Thank you again..

Scan result of Farbar Recovery Scan Tool Version: 10-06-2012 03
Ran by SYSTEM at 11-06-2012 12:00:33
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

==================== Services (Whitelisted) ======

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe /s [135608 2012-02-20] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 [132984 2011-07-19] (Symantec Corporation)
3 PLAVService; "C:\Program Files (x86)\Common Files\PLAV\PLAVservice.exe" [601008 2012-02-07] (ParetoLogic Inc.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 kl1; C:\Windows\System32\Drivers\kl1.sys [460888 2010-08-09] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [354320 2010-05-28] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [27736 2010-08-09] (Kaspersky Lab ZAO)
3 QIOMem; C:\Windows\System32\Drivers\QIOMem.sys [12800 2009-06-15] (TOSHIBA)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [250984 2010-12-01] (Realtek Semiconductor Corp.)
3 RSUSBVSTOR; C:\Windows\System32\Drivers\RTSUVSTOR.sys [307304 2011-07-08] (Realtek Semiconductor Corp.)
3 RTL8192Ce; C:\Windows\System32\Drivers\RTL8192Ce.sys [1109096 2011-01-05] (Realtek Semiconductor Corporation )
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-11 07:33 - 2012-06-11 07:34 - 00000000 ___SD C:\ComboFix
2012-06-11 07:32 - 2012-06-11 07:35 - 00438456 ____A C:\Windows\ntbtlog.txt
2012-06-11 06:38 - 2012-06-11 06:38 - 00000000 ____D C:\Windows\ERDNT
2012-06-11 06:38 - 2012-06-11 06:38 - 00000000 ____D C:\Qoobox
2012-06-11 06:38 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-11 06:38 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-11 06:38 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-11 06:38 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-11 06:38 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-11 06:38 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-11 06:38 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-11 06:38 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-11 06:28 - 2012-06-11 07:33 - 00000000 ___SD C:\32788R22FWJFW
2012-06-11 06:25 - 2012-06-11 06:13 - 04540367 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2012-06-10 17:19 - 2012-06-10 17:19 - 00000695 ____A C:\Users\User\Desktop\Result.txt
2012-06-10 17:16 - 2012-06-11 12:00 - 00000000 ____D C:\FRST
2012-06-10 17:16 - 2012-06-10 17:16 - 00070695 ____A C:\Users\User\Desktop\FRST.txt
2012-06-10 17:08 - 2012-06-10 17:08 - 00001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-10 17:08 - 2012-04-04 11:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-10 17:07 - 2012-06-10 16:43 - 01401619 ____A C:\Users\User\Desktop\FRST64.exe
2012-06-10 17:06 - 2012-06-10 16:55 - 00397451 ____A C:\Users\User\Desktop\MiniToolBox.exe
2012-06-10 17:06 - 2012-06-10 16:53 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
2012-06-10 15:12 - 2012-06-10 15:13 - 00000466 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-06-10 15:12 - 2012-06-10 15:13 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job
2012-06-10 15:12 - 2012-06-10 15:13 - 00000440 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-06-10 15:12 - 2012-06-10 15:13 - 00000420 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
2012-06-10 15:12 - 2012-06-10 15:12 - 00001101 ____A C:\Users\Public\Desktop\ParetoLogic Anti-Virus PLUS.lnk
2012-06-10 15:12 - 2012-06-10 15:12 - 00000000 ____D C:\Users\All Users\PLAV
2012-06-10 15:12 - 2012-06-10 15:12 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-06-10 15:04 - 2012-06-10 15:04 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS
2012-06-10 15:04 - 2012-06-10 15:04 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2012-06-10 15:01 - 2012-06-10 15:22 - 00005416 ____A C:\Users\User\Desktop\yorkyt.exe.log
2012-06-10 14:59 - 2012-06-10 13:21 - 72482336 ____A (Microsoft Corporation) C:\Users\User\Desktop\msert.exe
2012-06-10 14:59 - 2012-06-10 11:57 - 01415784 ____A C:\Users\User\Desktop\yorkyt.exe
2012-06-10 14:58 - 2012-06-10 13:37 - 08871304 ____A (ParetoLogic Inc.) C:\Users\User\Desktop\Pareto_AV_Setup_RW.exe
2012-06-10 12:07 - 2012-06-10 12:39 - 00222230 ____A C:\Users\User\Desktop\yorkyt (1).exe.log
2012-06-10 11:53 - 2012-06-10 11:53 - 01415784 ____A C:\Users\User\Downloads\yorkyt.exe
2012-06-10 11:26 - 2012-06-10 11:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-10 11:26 - 2012-06-10 11:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-10 11:25 - 2012-06-10 11:26 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall (1).exe
2012-06-10 11:20 - 2012-06-10 11:21 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall.exe
2012-06-10 11:16 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120610-151658.backup
2012-06-10 11:07 - 2012-06-10 11:16 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-10 11:07 - 2012-06-10 11:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-10 11:07 - 2012-06-10 11:07 - 00001233 ____A C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
2012-06-10 11:06 - 2012-06-10 11:06 - 16409960 ____A (Safer Networking Limited ) C:\Users\User\Downloads\spybotsd162.exe
2012-06-10 10:56 - 2012-06-10 10:56 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-10 10:53 - 2012-06-10 10:53 - 00001105 ____A C:\Users\User\Desktop\Live Security Platinum.lnk
2012-06-10 10:51 - 2012-06-10 11:02 - 00000000 ____D C:\Users\All Users\B7E858A7000083BB0004264BB4EB2367
2012-06-10 07:08 - 2012-06-10 07:09 - 00000000 ____D C:\Users\User\AppData\Local\{656304E9-C9F1-4B76-8255-B7D130770D10}
2012-06-10 07:08 - 2012-06-10 07:08 - 00000000 ____D C:\Users\User\AppData\Local\{702DF959-F11A-44A0-9E41-C334774BD21B}
2012-06-10 04:14 - 2012-06-10 04:14 - 00000000 ____D C:\Users\User\AppData\Local\{75D15F78-5D8B-40C3-9C5D-2AEA91FC815C}
2012-06-10 04:13 - 2012-06-10 04:14 - 00000000 ____D C:\Users\User\AppData\Local\{DAA3DB5B-047B-432A-AEBF-EB6D868F2FEA}
2012-06-09 17:50 - 2012-06-09 17:50 - 00000000 ____D C:\Users\User\AppData\Local\{90C7D4A3-5EC4-4F0E-979F-C8FFA292F7E6}
2012-06-09 12:47 - 2012-06-09 12:47 - 00000000 ____D C:\Users\User\AppData\Local\{354BCC9B-92AA-4FE0-B64E-0359040A919B}
2012-06-09 12:46 - 2012-06-09 12:47 - 00000000 ____D C:\Users\User\AppData\Local\{DCD61D25-6012-474B-8848-522602CB798F}
2012-06-09 12:29 - 2012-06-09 12:29 - 00000000 ____D C:\Users\User\AppData\Local\{B6E400F5-10B9-446D-95C7-39A127F47EFE}
2012-06-09 12:29 - 2012-06-09 12:29 - 00000000 ____D C:\Users\User\AppData\Local\{6826CE32-2001-464D-BD5A-167FCECAD8CB}
2012-06-09 12:25 - 2012-06-09 12:25 - 00000000 ____D C:\Users\User\AppData\Local\{E1FC788D-F3B4-49C6-930A-5CBD65723FFF}
2012-06-09 12:25 - 2012-06-09 12:25 - 00000000 ____D C:\Users\User\AppData\Local\{7792CECC-A088-42FC-92BF-0AD58C2525AC}
2012-06-09 10:43 - 2012-06-09 10:43 - 00000000 ____D C:\Users\User\AppData\Local\{5DA60556-6A0D-4C91-87AE-1041AA420017}
2012-06-09 10:43 - 2012-06-09 10:43 - 00000000 ____D C:\Users\User\AppData\Local\{269576A9-26F5-46FB-80F8-744137ABE13E}
2012-06-09 04:45 - 2012-06-09 04:45 - 00000000 ____D C:\Users\User\AppData\Local\{94AF2EA8-98E4-43CF-B31D-E7C05B666339}
2012-06-09 04:45 - 2012-06-09 04:45 - 00000000 ____D C:\Users\User\AppData\Local\{49B0FC0E-F50F-4068-8E14-801DFECE62E8}
2012-06-09 03:38 - 2012-06-09 03:38 - 00000000 ____D C:\Users\User\AppData\Local\{8D3B58C8-004A-4AF8-AB21-43151FBCE24B}
2012-06-09 03:38 - 2012-06-09 03:38 - 00000000 ____D C:\Users\User\AppData\Local\{59F68412-DBBC-474C-8524-5F408698BA6C}
2012-06-08 02:09 - 2012-06-08 02:09 - 00000000 ____D C:\Users\User\AppData\Local\{D73885EA-C215-4DC4-8411-9F61C76CC0EC}
2012-06-08 02:09 - 2012-06-08 02:09 - 00000000 ____D C:\Users\User\AppData\Local\{BD523A12-96B0-4788-B178-24E713F305DC}
2012-06-08 01:57 - 2012-06-08 01:58 - 00000000 ____D C:\Users\User\AppData\Local\{B9046C08-5BBB-4D12-941A-0FE02863F63D}
2012-06-08 01:57 - 2012-06-08 01:57 - 00000000 ____D C:\Users\User\AppData\Local\{8E7DC8FE-9417-4C3E-84AB-1A5A5AEF4EA7}
2012-06-07 16:37 - 2012-06-07 16:37 - 00000000 ____D C:\Users\User\AppData\Local\{A967786D-A61F-4E31-BC56-D4CF12D89FDB}
2012-06-07 16:36 - 2012-06-07 16:37 - 00000000 ____D C:\Users\User\AppData\Local\{4EE44B9B-CDB7-4448-914D-37F8DF3FEF5D}
2012-06-06 16:07 - 2012-06-06 16:08 - 00000000 ____D C:\Users\User\AppData\Local\{C60AC161-9F88-4E42-B34A-6FC3E969801D}
2012-06-06 16:07 - 2012-06-06 16:07 - 00000000 ____D C:\Users\User\AppData\Local\{E35DB8F0-FEB9-42D0-A496-A141F6CAD7C0}
2012-06-06 15:40 - 2012-06-06 15:40 - 00000000 ____D C:\Users\User\AppData\Local\{E4D1E5E3-0D15-40F3-9897-F57828CB24B7}
2012-06-06 15:40 - 2012-06-06 15:40 - 00000000 ____D C:\Users\User\AppData\Local\{129F5979-C355-42D9-8EFD-B657AE8C49AF}
2012-06-05 15:25 - 2012-06-05 15:25 - 00000000 ____D C:\Users\User\AppData\Local\{EFF4D235-314A-415F-821D-E360872C6AEA}
2012-06-05 15:24 - 2012-06-05 15:25 - 00000000 ____D C:\Users\User\AppData\Local\{C617299D-F78D-4B60-B43A-CC5EFB65F8DD}
2012-06-04 14:48 - 2012-06-04 14:48 - 00000000 ____D C:\Users\User\AppData\Local\{A15B4770-CC64-4952-A5D8-7DE1A7D290E0}
2012-06-04 14:48 - 2012-06-04 14:48 - 00000000 ____D C:\Users\User\AppData\Local\{879C0F97-339B-4623-AF63-81C3AA6C2898}
2012-06-03 05:07 - 2012-06-03 05:07 - 00000000 ____D C:\Users\User\AppData\Local\{DB2CBF87-5718-4F23-8FE6-008B90E40A49}
2012-06-03 05:06 - 2012-06-03 05:07 - 00000000 ____D C:\Users\User\AppData\Local\{828461BE-6580-495F-A02A-DEECDA258E19}
2012-06-03 03:58 - 2012-06-03 03:58 - 00034985 ____A C:\Users\User\Desktop\thegirls.jpg
2012-06-03 03:54 - 2012-06-03 03:55 - 00000000 ____D C:\Users\User\AppData\Local\{60F9B293-0A6C-4626-B9D9-0C2937E0F728}
2012-06-03 03:54 - 2012-06-03 03:54 - 00000000 ____D C:\Users\User\AppData\Local\{11B4D79D-018D-4CB6-9F1B-F4FE17AD03DF}
2012-06-01 19:19 - 2012-06-01 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{4DA8A63D-609A-4145-817B-43FF73007518}
2012-06-01 19:19 - 2012-06-01 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{4CBA1359-9AE0-4788-B424-1FE3294F8B15}
2012-06-01 16:10 - 2012-06-01 16:10 - 00000000 ____D C:\Users\User\AppData\Local\{B2EE8BDA-BA33-4159-A937-C391315C84E7}
2012-06-01 16:10 - 2012-06-01 16:10 - 00000000 ____D C:\Users\User\AppData\Local\{A3179F6D-23D2-4CBB-92FC-3D6B5FEEF029}
2012-06-01 16:03 - 2012-06-01 16:03 - 00153607 ____A C:\Users\User\Desktop\FromGeorgia.jpg
2012-06-01 15:52 - 2012-06-01 15:52 - 00000000 ____D C:\Users\User\AppData\Local\{3F2DFE81-441D-42CE-A7A7-A04D6184AEEE}
2012-06-01 15:52 - 2012-06-01 15:52 - 00000000 ____D C:\Users\User\AppData\Local\{07A244F2-8DB1-4CAC-9C18-1F36554B6478}
2012-06-01 01:45 - 2012-06-01 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{BA284B7B-0C1F-4FB0-ACEE-7822282DE5A0}
2012-06-01 01:45 - 2012-06-01 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{09305791-5F03-400F-BF7C-11E19DB6B4FD}
2012-05-30 14:40 - 2012-05-30 14:41 - 00000000 ____D C:\Users\User\AppData\Local\{F10503E3-D7C8-407D-A044-1DBED6A102AF}
2012-05-30 14:40 - 2012-05-30 14:40 - 00000000 ____D C:\Users\User\AppData\Local\{29467DBC-225F-43FE-BA91-76F64A595D40}
2012-05-29 16:42 - 2012-05-29 16:42 - 00000000 ____D C:\Users\User\AppData\Local\{E7160952-2B59-48EF-A826-C7FC45480574}
2012-05-29 16:42 - 2012-05-29 16:42 - 00000000 ____D C:\Users\User\AppData\Local\{15F4BF96-9DDC-4888-9287-B484A961CB2E}
2012-05-29 16:41 - 2012-05-29 16:41 - 00000000 ____D C:\Users\User\AppData\Local\{C31C2A78-9A90-43EE-9466-37B946B4027F}
2012-05-29 16:38 - 2012-05-29 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{D51F39CF-2273-4077-A6C5-F54F190CDFB6}
2012-05-29 16:38 - 2012-05-29 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{2907DE38-5BAC-4B95-8020-20303AC32EA2}
2012-05-29 16:37 - 2012-05-29 16:40 - 02015708 ____A C:\Users\User\Desktop\2012regform.pdf
2012-05-29 15:48 - 2012-05-29 15:48 - 00000000 ____D C:\Users\User\AppData\Local\{15666D4F-CAFB-4E2B-BF33-07AA9CD3F192}
2012-05-29 15:47 - 2012-05-29 15:48 - 00000000 ____D C:\Users\User\AppData\Local\{3DE904DE-9218-448B-83E9-667DC12EB62E}
2012-05-28 17:47 - 2012-05-28 17:47 - 00000000 ____D C:\Users\User\AppData\Local\{8E44C577-00CC-4531-A99C-D72897E67E0D}
2012-05-28 08:02 - 2012-05-28 08:03 - 00000000 ____D C:\Users\User\AppData\Local\{D9093B92-3324-4799-BAA1-A22E9D83674D}
2012-05-28 08:02 - 2012-05-28 08:02 - 00000000 ____D C:\Users\User\AppData\Local\{C5218768-C64A-4323-9381-B4BDB07FCB13}
2012-05-28 07:53 - 2012-05-28 07:53 - 03491786 ____A C:\Users\User\Desktop\Velux-TGF-TMF-Flexible-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 07:49 - 2012-05-28 07:49 - 03346754 ____A C:\Users\User\Desktop\Velux-TGR-TMR-Rigid-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 03:21 - 2012-05-28 03:21 - 00000000 ____D C:\Users\User\AppData\Local\{ED1ED981-517A-49DD-94EF-975DC8283D76}
2012-05-28 03:20 - 2012-05-28 03:21 - 00000000 ____D C:\Users\User\AppData\Local\{63124923-D2AE-4C6F-B1B1-A85A1015368F}
2012-05-26 18:51 - 2012-05-26 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{F55E8371-1D37-430B-A26F-21BD942C40A5}
2012-05-26 18:51 - 2012-05-26 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{3876FFAB-EA9B-4D65-9337-A1A440D8D02F}
2012-05-26 08:01 - 2012-05-26 08:01 - 00000000 ____D C:\Users\User\AppData\Local\{602EE7BF-6B4B-4D27-863C-A2973C2C04EB}
2012-05-26 08:01 - 2012-05-26 08:01 - 00000000 ____D C:\Users\User\AppData\Local\{5A9056A5-09BA-4D24-9B1C-8F70D3DDB0D9}
2012-05-26 07:04 - 2012-05-26 07:04 - 00000000 ____D C:\Users\User\AppData\Local\{8280A3A0-BF7F-4474-A026-93E562E97287}
2012-05-26 07:04 - 2012-05-26 07:04 - 00000000 ____D C:\Users\User\AppData\Local\{6F4A8A52-CF9D-4A42-9C3E-AE2C774F5039}
2012-05-26 04:07 - 2012-05-26 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{902DB2A4-B194-4B92-901B-38C60CB37133}
2012-05-26 04:07 - 2012-05-26 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{8D12EE67-9CB7-442D-8958-D7BC666E626A}
2012-05-25 17:46 - 2012-05-25 17:46 - 00000000 ____D C:\Users\User\AppData\Local\{B433D679-2BCA-450B-91E8-017CC9F421FD}
2012-05-25 17:46 - 2012-05-25 17:46 - 00000000 ____D C:\Users\User\AppData\Local\{51D44CD4-091A-4E51-8444-677A83CCF6B5}
2012-05-25 02:17 - 2012-05-25 02:17 - 00000000 ____D C:\Users\User\AppData\Local\{56DB8D77-FCBD-4964-AA68-1C16F2D0C037}
2012-05-25 02:17 - 2012-05-25 02:17 - 00000000 ____D C:\Users\User\AppData\Local\{0F1E141A-9179-453B-8479-30A289D5D95D}
2012-05-25 01:45 - 2012-05-25 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{48AE921E-7ABE-43AF-8CA8-E3EF667F33E9}
2012-05-25 01:44 - 2012-05-25 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{2D80752B-6D9F-460D-BFB0-4892F0F24EB0}
2012-05-25 01:29 - 2012-05-25 01:29 - 00000000 ____D C:\Users\User\AppData\Local\{86632894-5C03-4210-98BC-C245F89D06AC}
2012-05-25 01:28 - 2012-05-25 01:29 - 00000000 ____D C:\Users\User\AppData\Local\{8D4673EE-1B68-4F6A-B2E0-7E8F7FCC4CEC}
2012-05-24 17:00 - 2012-05-24 17:00 - 00000000 ____D C:\Users\User\AppData\Local\{FC960C23-B6A1-4ED6-83CF-B395F865832F}
2012-05-24 17:00 - 2012-05-24 17:00 - 00000000 ____D C:\Users\User\AppData\Local\{E568E6A7-CCA1-4AFA-BDBB-E1BDEF17B901}
2012-05-24 16:04 - 2012-05-24 16:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-05-24 16:03 - 2012-05-24 16:03 - 00060304 ____A C:\Users\User\g2mdlhlpx.exe
2012-05-24 15:59 - 2012-05-24 16:00 - 00000000 ____D C:\Users\User\AppData\Local\{09296A3B-5772-4E46-B046-CECEFFD3A11D}
2012-05-24 15:59 - 2012-05-24 15:59 - 00000000 ____D C:\Users\User\AppData\Local\{B9D2FB60-C951-48AB-9C08-8F90D48150A6}
2012-05-24 15:24 - 2012-05-24 15:24 - 00000000 ____D C:\Users\User\AppData\Local\{4877B114-B393-4AB9-B440-9D97DA2493C3}
2012-05-24 15:24 - 2012-05-24 15:24 - 00000000 ____D C:\Users\User\AppData\Local\{41F7CE39-1B9D-48CC-B45E-1723092F4589}
2012-05-24 14:53 - 2012-05-24 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{94F61BA7-8FF8-4605-9528-B4BE4F6463A7}
2012-05-24 14:53 - 2012-05-24 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{319E84FA-49AC-446F-B751-291D5ADB0E28}
2012-05-24 14:33 - 2012-05-24 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{748AD251-6F0C-4138-B925-E6DF1C4EC95A}
2012-05-24 14:33 - 2012-05-24 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{2B60BBCF-872A-43C5-A54B-5419656A3C11}
2012-05-23 15:32 - 2012-05-23 15:32 - 00000000 ____D C:\Users\User\AppData\Local\{68C8D7D6-80F9-4028-9CBD-561027E6AF0A}
2012-05-23 15:32 - 2012-05-23 15:32 - 00000000 ____D C:\Users\User\AppData\Local\{14902574-9DBD-4182-AD13-1A5248E6A0C7}
2012-05-22 15:53 - 2012-05-22 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{2AB2CC5E-8D2B-4EE6-AE2C-90B9502378BC}
2012-05-22 15:10 - 2012-05-22 15:10 - 00000000 ____D C:\Users\User\AppData\Local\{D52C3204-70FD-4B78-A85E-6377A936FE42}
2012-05-22 15:10 - 2012-05-22 15:10 - 00000000 ____D C:\Users\User\AppData\Local\{72C3F495-FB16-4C39-9C1E-B5FE67B84328}
2012-05-21 19:15 - 2012-05-21 19:15 - 00000000 ____D C:\Users\User\AppData\Local\{B74F0B37-BE7B-48A6-8812-3CA1ED46A528}
2012-05-21 19:15 - 2012-05-21 19:15 - 00000000 ____D C:\Users\User\AppData\Local\{521FF700-BD2A-4639-8CBC-16A8177768A4}
2012-05-21 16:38 - 2012-05-21 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{CDF56A5C-B0DA-450D-AF98-5012DA6CF113}
2012-05-21 16:38 - 2012-05-21 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{36A3FF96-EDE3-4A88-BF5F-8EB8CB4A3742}
2012-05-21 16:35 - 2012-05-21 16:35 - 00000000 ____D C:\Users\User\AppData\Local\{3D31D2F4-6DC4-42D2-B910-0BE7F480E8B8}
2012-05-21 16:35 - 2012-05-21 16:35 - 00000000 ____D C:\Users\User\AppData\Local\{0DDEA96D-7090-4D5F-9AC3-535D52A821A2}
2012-05-21 14:42 - 2012-05-21 14:42 - 00000000 ____D C:\Users\User\AppData\Local\{982FAE18-D8D4-413B-B908-71F229F855F5}
2012-05-21 14:42 - 2012-05-21 14:42 - 00000000 ____D C:\Users\User\AppData\Local\{4E5CDDA0-9893-4F34-BBEC-9260E688AF02}
2012-05-20 18:23 - 2012-05-20 18:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-20 18:23 - 2012-05-20 18:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-20 18:19 - 2012-05-20 18:19 - 00000000 ____D C:\Users\User\AppData\Local\{B1776432-1061-4E86-AA3E-890E8802D0D4}
2012-05-20 18:19 - 2012-05-20 18:19 - 00000000 ____D C:\Users\User\AppData\Local\{68429DA8-C75E-43FB-9081-4FBC9ADDF507}
2012-05-20 17:39 - 2012-05-20 17:39 - 00000000 ____D C:\Users\User\AppData\Local\{D9576DA4-98E7-4AB6-947B-682CFD6DD478}
2012-05-20 17:39 - 2012-05-20 17:39 - 00000000 ____D C:\Users\User\AppData\Local\{00877839-9E8A-4C05-8FDA-00605E0AFAA8}
2012-05-20 05:39 - 2012-05-20 05:40 - 00000000 ____D C:\Users\User\AppData\Local\{6168886D-88D1-4A70-8A1F-55DCB0E12D7B}
2012-05-20 05:39 - 2012-05-20 05:39 - 00000000 ____D C:\Users\User\AppData\Local\{D470E746-1899-4F85-8D2C-039ED7A313B5}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{D9C1EDCA-08C7-4088-8AA4-FF2064819CC4}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{93C7D3EA-E81E-4548-9DCC-4B3C8E0EF7A8}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{41882AF5-F615-4BC9-A2A2-C8A5885FDC3F}
2012-05-19 10:22 - 2012-05-19 10:23 - 00000000 ____D C:\Users\User\AppData\Local\{BEEBDFDA-BE48-4A20-88E6-0105A8CE8F07}
2012-05-19 10:22 - 2012-05-19 10:22 - 00000000 ____D C:\Users\User\AppData\Local\{814C7A71-7A69-4D76-84F7-C269DAE7D65A}
2012-05-19 01:50 - 2012-05-19 01:50 - 00000000 ____D C:\Users\User\AppData\Local\{F85ACC5F-3FC3-478F-BDA2-13B798BA5067}
2012-05-19 01:50 - 2012-05-19 01:50 - 00000000 ____D C:\Users\User\AppData\Local\{6657B0C4-EFEB-4027-86F2-F75A8D82CD47}
2012-05-18 18:51 - 2012-05-18 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{0A1FF414-AC05-426F-A248-9DED8B5876E5}
2012-05-18 18:50 - 2012-05-18 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{0BBBF547-E1A7-410C-97CF-634FB8BAD885}
2012-05-18 17:56 - 2012-05-18 17:56 - 00000000 ____D C:\Users\User\AppData\Local\{BF8DEB56-667D-4298-961E-971D20A3F706}
2012-05-18 15:38 - 2012-05-18 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{BB688C1A-B42F-4EC0-AA31-89039D5A20F9}
2012-05-18 15:38 - 2012-05-18 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{93479405-0632-4773-9FF4-CCFB10D2A909}
2012-05-17 18:50 - 2012-05-17 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{4FF675A4-DF17-4996-A63F-0F4112DAD9D5}
2012-05-17 18:50 - 2012-05-17 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{498A505B-925C-44FB-9CA9-DD6C8BB8CA45}
2012-05-17 14:54 - 2012-05-17 14:54 - 00000000 ____D C:\Users\User\AppData\Local\{78362277-FBD2-49E5-B1D8-5D3022D99A80}
2012-05-17 14:53 - 2012-05-17 14:54 - 00000000 ____D C:\Users\User\AppData\Local\{063FE9C3-7F9B-49D0-AA72-0E2358CBC0C7}
2012-05-17 14:51 - 2012-05-17 14:51 - 00000000 ____D C:\Users\User\AppData\Local\{5F04605E-FD7A-4573-9297-608A80CE236D}
2012-05-17 14:51 - 2012-05-17 14:51 - 00000000 ____D C:\Users\User\AppData\Local\{2A0307F0-0F24-4FD8-9B70-63BF1031B21B}
2012-05-16 18:37 - 2012-05-16 18:37 - 00000000 ____D C:\Users\User\AppData\Local\{F76A9B1E-AC34-43B7-B522-EF98406022CD}
2012-05-16 18:37 - 2012-05-16 18:37 - 00000000 ____D C:\Users\User\AppData\Local\{C0B7163C-A752-48C2-9F26-0C86AC36283F}
2012-05-16 16:01 - 2012-05-16 16:01 - 00000000 ____D C:\Users\User\AppData\Local\{71653197-B68F-40A2-93C3-D689F006037F}
2012-05-16 16:00 - 2012-05-16 16:01 - 00000000 ____D C:\Users\User\AppData\Local\{C561ABEB-F69B-4FF2-A381-EE3A17A6E475}
2012-05-16 15:58 - 2012-05-16 15:58 - 02981723 ____A C:\Users\User\Downloads\004.JPG
2012-05-16 15:53 - 2012-05-16 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{D4F59CAD-5109-41DF-BBB8-D05D182825AB}
2012-05-16 15:53 - 2012-05-16 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{97304BE1-CC11-4E29-B838-A14EBB6AD713}
2012-05-16 15:18 - 2012-05-16 15:18 - 00000000 ____D C:\Users\User\AppData\Local\{EA030AA6-8F13-4DF2-AC4E-FE040D3A413E}
2012-05-16 15:18 - 2012-05-16 15:18 - 00000000 ____D C:\Users\User\AppData\Local\{7D2856E6-A612-4811-9241-9748069E5051}
2012-05-16 14:04 - 2012-05-16 14:04 - 00000000 ____D C:\Users\User\AppData\Local\{99224CB6-03D5-4021-AFBB-01DDA1531928}
2012-05-16 02:29 - 2012-05-16 02:30 - 00000000 ____D C:\Users\User\AppData\Local\{8A12B1F5-8220-4C4E-8623-E1C3FE541284}
2012-05-16 02:29 - 2012-05-16 02:29 - 00000000 ____D C:\Users\User\AppData\Local\{C7339F38-9A54-459A-954D-A0EA8401898B}
2012-05-15 17:52 - 2012-05-15 17:52 - 00000000 ____D C:\Users\User\AppData\Local\{D534A849-5A0F-49C8-A18F-E84E3CC880C3}
2012-05-15 17:52 - 2012-05-15 17:52 - 00000000 ____D C:\Users\User\AppData\Local\{35DBDDDF-8426-4733-AF4B-0B2EBFC30AED}
2012-05-15 16:14 - 2012-05-15 16:14 - 00000000 ____D C:\Users\User\AppData\Local\{23B4120D-138E-47E8-86FB-468632A474AF}
2012-05-15 16:14 - 2012-05-15 16:14 - 00000000 ____D C:\Users\User\AppData\Local\{1D044CFB-D3DE-48BF-8107-1E36D950D11E}
2012-05-15 15:26 - 2012-05-15 15:26 - 00000000 ____D C:\Users\User\AppData\Local\{A1C6D679-B3D9-4C68-AEB4-5DF9629FD2AB}
2012-05-15 15:25 - 2012-05-15 15:26 - 00000000 ____D C:\Users\User\AppData\Local\{6E8EB4EA-480E-4EDF-9FC3-4F230AC6E761}
2012-05-13 08:34 - 2012-05-13 08:34 - 00000000 ____D C:\Users\User\AppData\Local\{60AFE895-E9DD-49B5-A38F-7FEC1A4960DB}
2012-05-13 08:34 - 2012-05-13 08:34 - 00000000 ____D C:\Users\User\AppData\Local\{396EF1D7-8E20-4497-A877-357CC0431554}
2012-05-12 05:51 - 2012-05-12 05:51 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics

============ 3 Months Modified Files and Folders =============

2012-06-11 12:00 - 2012-06-10 17:16 - 00000000 ____D C:\FRST
2012-06-11 07:57 - 2011-09-16 06:35 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-11 07:57 - 2011-09-16 06:35 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-11 07:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-11 07:57 - 2009-07-13 20:51 - 00050355 ____A C:\Windows\setupact.log
2012-06-11 07:35 - 2012-06-11 07:32 - 00438456 ____A C:\Windows\ntbtlog.txt
2012-06-11 07:34 - 2012-06-11 07:33 - 00000000 ___SD C:\ComboFix
2012-06-11 07:34 - 2010-11-20 19:47 - 00368524 ____A C:\Windows\PFRO.log
2012-06-11 07:33 - 2012-06-11 06:28 - 00000000 ___SD C:\32788R22FWJFW
2012-06-11 06:38 - 2012-06-11 06:38 - 00000000 ____D C:\Windows\ERDNT
2012-06-11 06:38 - 2012-06-11 06:38 - 00000000 ____D C:\Qoobox
2012-06-11 06:13 - 2012-06-11 06:25 - 04540367 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2012-06-10 18:54 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-10 18:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-10 17:19 - 2012-06-10 17:19 - 00000695 ____A C:\Users\User\Desktop\Result.txt
2012-06-10 17:16 - 2012-06-10 17:16 - 00070695 ____A C:\Users\User\Desktop\FRST.txt
2012-06-10 17:08 - 2012-06-10 17:08 - 00001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-10 17:08 - 2012-06-10 17:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-10 16:55 - 2012-06-10 17:06 - 00397451 ____A C:\Users\User\Desktop\MiniToolBox.exe
2012-06-10 16:53 - 2012-06-10 17:06 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
2012-06-10 16:43 - 2012-06-10 17:07 - 01401619 ____A C:\Users\User\Desktop\FRST64.exe
2012-06-10 15:34 - 2012-04-05 03:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-10 15:22 - 2012-06-10 15:01 - 00005416 ____A C:\Users\User\Desktop\yorkyt.exe.log
2012-06-10 15:13 - 2012-06-10 15:12 - 00000466 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-06-10 15:13 - 2012-06-10 15:12 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job
2012-06-10 15:13 - 2012-06-10 15:12 - 00000440 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-06-10 15:13 - 2012-06-10 15:12 - 00000420 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
2012-06-10 15:12 - 2012-06-10 15:12 - 00001101 ____A C:\Users\Public\Desktop\ParetoLogic Anti-Virus PLUS.lnk
2012-06-10 15:12 - 2012-06-10 15:12 - 00000000 ____D C:\Users\All Users\PLAV
2012-06-10 15:12 - 2012-06-10 15:12 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-06-10 15:04 - 2012-06-10 15:04 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS
2012-06-10 15:04 - 2012-06-10 15:04 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2012-06-10 15:00 - 2009-07-13 21:13 - 00730746 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-10 14:55 - 2011-11-18 12:16 - 00000000 ____D C:\users\User
2012-06-10 14:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-10 13:37 - 2012-06-10 14:58 - 08871304 ____A (ParetoLogic Inc.) C:\Users\User\Desktop\Pareto_AV_Setup_RW.exe
2012-06-10 13:21 - 2012-06-10 14:59 - 72482336 ____A (Microsoft Corporation) C:\Users\User\Desktop\msert.exe
2012-06-10 12:39 - 2012-06-10 12:07 - 00222230 ____A C:\Users\User\Desktop\yorkyt (1).exe.log
2012-06-10 11:57 - 2012-06-10 14:59 - 01415784 ____A C:\Users\User\Desktop\yorkyt.exe
2012-06-10 11:56 - 2009-07-13 21:08 - 00032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-10 11:53 - 2012-06-10 11:53 - 01415784 ____A C:\Users\User\Downloads\yorkyt.exe
2012-06-10 11:28 - 2011-09-16 06:15 - 01260693 ____A C:\Windows\WindowsUpdate.log
2012-06-10 11:27 - 2011-12-03 05:51 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-10 11:26 - 2012-06-10 11:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-10 11:26 - 2012-06-10 11:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-10 11:26 - 2012-06-10 11:25 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall (1).exe
2012-06-10 11:26 - 2011-12-03 05:51 - 00744896 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-10 11:25 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-10 11:25 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-10 11:21 - 2012-06-10 11:20 - 12621696 ____A (Microsoft Corporation) C:\Users\User\Downloads\mseinstall.exe
2012-06-10 11:16 - 2012-06-10 11:07 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-10 11:16 - 2009-07-13 18:34 - 00442883 ____R C:\Windows\System32\Drivers\etc\hosts
2012-06-10 11:08 - 2012-06-10 11:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-10 11:07 - 2012-06-10 11:07 - 00001233 ____A C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
2012-06-10 11:06 - 2012-06-10 11:06 - 16409960 ____A (Safer Networking Limited ) C:\Users\User\Downloads\spybotsd162.exe
2012-06-10 11:02 - 2012-06-10 10:51 - 00000000 ____D C:\Users\All Users\B7E858A7000083BB0004264BB4EB2367
2012-06-10 10:56 - 2012-06-10 10:56 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-10 10:53 - 2012-06-10 10:53 - 00001105 ____A C:\Users\User\Desktop\Live Security Platinum.lnk
2012-06-10 10:53 - 2012-04-05 03:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-10 10:53 - 2011-07-31 23:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-10 07:09 - 2012-06-10 07:08 - 00000000 ____D C:\Users\User\AppData\Local\{656304E9-C9F1-4B76-8255-B7D130770D10}
2012-06-10 07:08 - 2012-06-10 07:08 - 00000000 ____D C:\Users\User\AppData\Local\{702DF959-F11A-44A0-9E41-C334774BD21B}
2012-06-10 07:08 - 2012-01-04 18:11 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2012-06-10 04:14 - 2012-06-10 04:14 - 00000000 ____D C:\Users\User\AppData\Local\{75D15F78-5D8B-40C3-9C5D-2AEA91FC815C}
2012-06-10 04:14 - 2012-06-10 04:13 - 00000000 ____D C:\Users\User\AppData\Local\{DAA3DB5B-047B-432A-AEBF-EB6D868F2FEA}
2012-06-09 19:19 - 2011-11-26 06:29 - 01041012 ____A C:\Users\User\Desktop\11_2010_2012.ynab3
2012-06-09 19:19 - 2011-11-26 06:29 - 00000000 ____D C:\Users\User\Desktop\YNAB-Backup
2012-06-09 17:50 - 2012-06-09 17:50 - 00000000 ____D C:\Users\User\AppData\Local\{90C7D4A3-5EC4-4F0E-979F-C8FFA292F7E6}
2012-06-09 12:47 - 2012-06-09 12:47 - 00000000 ____D C:\Users\User\AppData\Local\{354BCC9B-92AA-4FE0-B64E-0359040A919B}
2012-06-09 12:47 - 2012-06-09 12:46 - 00000000 ____D C:\Users\User\AppData\Local\{DCD61D25-6012-474B-8848-522602CB798F}
2012-06-09 12:29 - 2012-06-09 12:29 - 00000000 ____D C:\Users\User\AppData\Local\{B6E400F5-10B9-446D-95C7-39A127F47EFE}
2012-06-09 12:29 - 2012-06-09 12:29 - 00000000 ____D C:\Users\User\AppData\Local\{6826CE32-2001-464D-BD5A-167FCECAD8CB}
2012-06-09 12:25 - 2012-06-09 12:25 - 00000000 ____D C:\Users\User\AppData\Local\{E1FC788D-F3B4-49C6-930A-5CBD65723FFF}
2012-06-09 12:25 - 2012-06-09 12:25 - 00000000 ____D C:\Users\User\AppData\Local\{7792CECC-A088-42FC-92BF-0AD58C2525AC}
2012-06-09 10:43 - 2012-06-09 10:43 - 00000000 ____D C:\Users\User\AppData\Local\{5DA60556-6A0D-4C91-87AE-1041AA420017}
2012-06-09 10:43 - 2012-06-09 10:43 - 00000000 ____D C:\Users\User\AppData\Local\{269576A9-26F5-46FB-80F8-744137ABE13E}
2012-06-09 04:45 - 2012-06-09 04:45 - 00000000 ____D C:\Users\User\AppData\Local\{94AF2EA8-98E4-43CF-B31D-E7C05B666339}
2012-06-09 04:45 - 2012-06-09 04:45 - 00000000 ____D C:\Users\User\AppData\Local\{49B0FC0E-F50F-4068-8E14-801DFECE62E8}
2012-06-09 03:38 - 2012-06-09 03:38 - 00000000 ____D C:\Users\User\AppData\Local\{8D3B58C8-004A-4AF8-AB21-43151FBCE24B}
2012-06-09 03:38 - 2012-06-09 03:38 - 00000000 ____D C:\Users\User\AppData\Local\{59F68412-DBBC-474C-8524-5F408698BA6C}
2012-06-08 02:09 - 2012-06-08 02:09 - 00000000 ____D C:\Users\User\AppData\Local\{D73885EA-C215-4DC4-8411-9F61C76CC0EC}
2012-06-08 02:09 - 2012-06-08 02:09 - 00000000 ____D C:\Users\User\AppData\Local\{BD523A12-96B0-4788-B178-24E713F305DC}
2012-06-08 01:58 - 2012-06-08 01:57 - 00000000 ____D C:\Users\User\AppData\Local\{B9046C08-5BBB-4D12-941A-0FE02863F63D}
2012-06-08 01:57 - 2012-06-08 01:57 - 00000000 ____D C:\Users\User\AppData\Local\{8E7DC8FE-9417-4C3E-84AB-1A5A5AEF4EA7}
2012-06-07 16:37 - 2012-06-07 16:37 - 00000000 ____D C:\Users\User\AppData\Local\{A967786D-A61F-4E31-BC56-D4CF12D89FDB}
2012-06-07 16:37 - 2012-06-07 16:36 - 00000000 ____D C:\Users\User\AppData\Local\{4EE44B9B-CDB7-4448-914D-37F8DF3FEF5D}
2012-06-06 16:08 - 2012-06-06 16:07 - 00000000 ____D C:\Users\User\AppData\Local\{C60AC161-9F88-4E42-B34A-6FC3E969801D}
2012-06-06 16:07 - 2012-06-06 16:07 - 00000000 ____D C:\Users\User\AppData\Local\{E35DB8F0-FEB9-42D0-A496-A141F6CAD7C0}
2012-06-06 15:40 - 2012-06-06 15:40 - 00000000 ____D C:\Users\User\AppData\Local\{E4D1E5E3-0D15-40F3-9897-F57828CB24B7}
2012-06-06 15:40 - 2012-06-06 15:40 - 00000000 ____D C:\Users\User\AppData\Local\{129F5979-C355-42D9-8EFD-B657AE8C49AF}
2012-06-05 15:25 - 2012-06-05 15:25 - 00000000 ____D C:\Users\User\AppData\Local\{EFF4D235-314A-415F-821D-E360872C6AEA}
2012-06-05 15:25 - 2012-06-05 15:24 - 00000000 ____D C:\Users\User\AppData\Local\{C617299D-F78D-4B60-B43A-CC5EFB65F8DD}
2012-06-04 14:48 - 2012-06-04 14:48 - 00000000 ____D C:\Users\User\AppData\Local\{A15B4770-CC64-4952-A5D8-7DE1A7D290E0}
2012-06-04 14:48 - 2012-06-04 14:48 - 00000000 ____D C:\Users\User\AppData\Local\{879C0F97-339B-4623-AF63-81C3AA6C2898}
2012-06-03 05:07 - 2012-06-03 05:07 - 00000000 ____D C:\Users\User\AppData\Local\{DB2CBF87-5718-4F23-8FE6-008B90E40A49}
2012-06-03 05:07 - 2012-06-03 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{828461BE-6580-495F-A02A-DEECDA258E19}
2012-06-03 03:58 - 2012-06-03 03:58 - 00034985 ____A C:\Users\User\Desktop\thegirls.jpg
2012-06-03 03:55 - 2012-06-03 03:54 - 00000000 ____D C:\Users\User\AppData\Local\{60F9B293-0A6C-4626-B9D9-0C2937E0F728}
2012-06-03 03:54 - 2012-06-03 03:54 - 00000000 ____D C:\Users\User\AppData\Local\{11B4D79D-018D-4CB6-9F1B-F4FE17AD03DF}
2012-06-01 19:19 - 2012-06-01 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{4DA8A63D-609A-4145-817B-43FF73007518}
2012-06-01 19:19 - 2012-06-01 19:19 - 00000000 ____D C:\Users\User\AppData\Local\{4CBA1359-9AE0-4788-B424-1FE3294F8B15}
2012-06-01 16:10 - 2012-06-01 16:10 - 00000000 ____D C:\Users\User\AppData\Local\{B2EE8BDA-BA33-4159-A937-C391315C84E7}
2012-06-01 16:10 - 2012-06-01 16:10 - 00000000 ____D C:\Users\User\AppData\Local\{A3179F6D-23D2-4CBB-92FC-3D6B5FEEF029}
2012-06-01 16:03 - 2012-06-01 16:03 - 00153607 ____A C:\Users\User\Desktop\FromGeorgia.jpg
2012-06-01 15:52 - 2012-06-01 15:52 - 00000000 ____D C:\Users\User\AppData\Local\{3F2DFE81-441D-42CE-A7A7-A04D6184AEEE}
2012-06-01 15:52 - 2012-06-01 15:52 - 00000000 ____D C:\Users\User\AppData\Local\{07A244F2-8DB1-4CAC-9C18-1F36554B6478}
2012-06-01 15:52 - 2011-11-25 12:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2012-06-01 02:28 - 2012-01-04 17:42 - 00000000 ____D C:\Users\User\AppData\Roaming\SoftGrid Client
2012-06-01 01:45 - 2012-06-01 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{BA284B7B-0C1F-4FB0-ACEE-7822282DE5A0}
2012-06-01 01:45 - 2012-06-01 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{09305791-5F03-400F-BF7C-11E19DB6B4FD}
2012-05-30 14:41 - 2012-05-30 14:40 - 00000000 ____D C:\Users\User\AppData\Local\{F10503E3-D7C8-407D-A044-1DBED6A102AF}
2012-05-30 14:40 - 2012-05-30 14:40 - 00000000 ____D C:\Users\User\AppData\Local\{29467DBC-225F-43FE-BA91-76F64A595D40}
2012-05-29 16:42 - 2012-05-29 16:42 - 00000000 ____D C:\Users\User\AppData\Local\{E7160952-2B59-48EF-A826-C7FC45480574}
2012-05-29 16:42 - 2012-05-29 16:42 - 00000000 ____D C:\Users\User\AppData\Local\{15F4BF96-9DDC-4888-9287-B484A961CB2E}
2012-05-29 16:41 - 2012-05-29 16:41 - 00000000 ____D C:\Users\User\AppData\Local\{C31C2A78-9A90-43EE-9466-37B946B4027F}
2012-05-29 16:40 - 2012-05-29 16:37 - 02015708 ____A C:\Users\User\Desktop\2012regform.pdf
2012-05-29 16:38 - 2012-05-29 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{D51F39CF-2273-4077-A6C5-F54F190CDFB6}
2012-05-29 16:38 - 2012-05-29 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{2907DE38-5BAC-4B95-8020-20303AC32EA2}
2012-05-29 15:48 - 2012-05-29 15:48 - 00000000 ____D C:\Users\User\AppData\Local\{15666D4F-CAFB-4E2B-BF33-07AA9CD3F192}
2012-05-29 15:48 - 2012-05-29 15:47 - 00000000 ____D C:\Users\User\AppData\Local\{3DE904DE-9218-448B-83E9-667DC12EB62E}
2012-05-28 17:47 - 2012-05-28 17:47 - 00000000 ____D C:\Users\User\AppData\Local\{8E44C577-00CC-4531-A99C-D72897E67E0D}
2012-05-28 08:03 - 2012-05-28 08:02 - 00000000 ____D C:\Users\User\AppData\Local\{D9093B92-3324-4799-BAA1-A22E9D83674D}
2012-05-28 08:02 - 2012-05-28 08:02 - 00000000 ____D C:\Users\User\AppData\Local\{C5218768-C64A-4323-9381-B4BDB07FCB13}
2012-05-28 07:53 - 2012-05-28 07:53 - 03491786 ____A C:\Users\User\Desktop\Velux-TGF-TMF-Flexible-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 07:49 - 2012-05-28 07:49 - 03346754 ____A C:\Users\User\Desktop\Velux-TGR-TMR-Rigid-Sun-Tunnel-Installation-Instructions.pdf
2012-05-28 03:21 - 2012-05-28 03:21 - 00000000 ____D C:\Users\User\AppData\Local\{ED1ED981-517A-49DD-94EF-975DC8283D76}
2012-05-28 03:21 - 2012-05-28 03:20 - 00000000 ____D C:\Users\User\AppData\Local\{63124923-D2AE-4C6F-B1B1-A85A1015368F}
2012-05-26 18:51 - 2012-05-26 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{F55E8371-1D37-430B-A26F-21BD942C40A5}
2012-05-26 18:51 - 2012-05-26 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{3876FFAB-EA9B-4D65-9337-A1A440D8D02F}
2012-05-26 08:01 - 2012-05-26 08:01 - 00000000 ____D C:\Users\User\AppData\Local\{602EE7BF-6B4B-4D27-863C-A2973C2C04EB}
2012-05-26 08:01 - 2012-05-26 08:01 - 00000000 ____D C:\Users\User\AppData\Local\{5A9056A5-09BA-4D24-9B1C-8F70D3DDB0D9}
2012-05-26 07:04 - 2012-05-26 07:04 - 00000000 ____D C:\Users\User\AppData\Local\{8280A3A0-BF7F-4474-A026-93E562E97287}
2012-05-26 07:04 - 2012-05-26 07:04 - 00000000 ____D C:\Users\User\AppData\Local\{6F4A8A52-CF9D-4A42-9C3E-AE2C774F5039}
2012-05-26 04:07 - 2012-05-26 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{902DB2A4-B194-4B92-901B-38C60CB37133}
2012-05-26 04:07 - 2012-05-26 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{8D12EE67-9CB7-442D-8958-D7BC666E626A}
2012-05-25 17:46 - 2012-05-25 17:46 - 00000000 ____D C:\Users\User\AppData\Local\{B433D679-2BCA-450B-91E8-017CC9F421FD}
2012-05-25 17:46 - 2012-05-25 17:46 - 00000000 ____D C:\Users\User\AppData\Local\{51D44CD4-091A-4E51-8444-677A83CCF6B5}
2012-05-25 02:17 - 2012-05-25 02:17 - 00000000 ____D C:\Users\User\AppData\Local\{56DB8D77-FCBD-4964-AA68-1C16F2D0C037}
2012-05-25 02:17 - 2012-05-25 02:17 - 00000000 ____D C:\Users\User\AppData\Local\{0F1E141A-9179-453B-8479-30A289D5D95D}
2012-05-25 01:45 - 2012-05-25 01:45 - 00000000 ____D C:\Users\User\AppData\Local\{48AE921E-7ABE-43AF-8CA8-E3EF667F33E9}
2012-05-25 01:45 - 2012-05-25 01:44 - 00000000 ____D C:\Users\User\AppData\Local\{2D80752B-6D9F-460D-BFB0-4892F0F24EB0}
2012-05-25 01:29 - 2012-05-25 01:29 - 00000000 ____D C:\Users\User\AppData\Local\{86632894-5C03-4210-98BC-C245F89D06AC}
2012-05-25 01:29 - 2012-05-25 01:28 - 00000000 ____D C:\Users\User\AppData\Local\{8D4673EE-1B68-4F6A-B2E0-7E8F7FCC4CEC}
2012-05-24 17:00 - 2012-05-24 17:00 - 00000000 ____D C:\Users\User\AppData\Local\{FC960C23-B6A1-4ED6-83CF-B395F865832F}
2012-05-24 17:00 - 2012-05-24 17:00 - 00000000 ____D C:\Users\User\AppData\Local\{E568E6A7-CCA1-4AFA-BDBB-E1BDEF17B901}
2012-05-24 16:04 - 2012-05-24 16:04 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-05-24 16:03 - 2012-05-24 16:03 - 00060304 ____A C:\Users\User\g2mdlhlpx.exe
2012-05-24 16:00 - 2012-05-24 15:59 - 00000000 ____D C:\Users\User\AppData\Local\{09296A3B-5772-4E46-B046-CECEFFD3A11D}
2012-05-24 15:59 - 2012-05-24 15:59 - 00000000 ____D C:\Users\User\AppData\Local\{B9D2FB60-C951-48AB-9C08-8F90D48150A6}
2012-05-24 15:24 - 2012-05-24 15:24 - 00000000 ____D C:\Users\User\AppData\Local\{4877B114-B393-4AB9-B440-9D97DA2493C3}
2012-05-24 15:24 - 2012-05-24 15:24 - 00000000 ____D C:\Users\User\AppData\Local\{41F7CE39-1B9D-48CC-B45E-1723092F4589}
2012-05-24 14:53 - 2012-05-24 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{94F61BA7-8FF8-4605-9528-B4BE4F6463A7}
2012-05-24 14:53 - 2012-05-24 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{319E84FA-49AC-446F-B751-291D5ADB0E28}
2012-05-24 14:33 - 2012-05-24 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{748AD251-6F0C-4138-B925-E6DF1C4EC95A}
2012-05-24 14:33 - 2012-05-24 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{2B60BBCF-872A-43C5-A54B-5419656A3C11}
2012-05-23 15:32 - 2012-05-23 15:32 - 00000000 ____D C:\Users\User\AppData\Local\{68C8D7D6-80F9-4028-9CBD-561027E6AF0A}
2012-05-23 15:32 - 2012-05-23 15:32 - 00000000 ____D C:\Users\User\AppData\Local\{14902574-9DBD-4182-AD13-1A5248E6A0C7}
2012-05-22 15:53 - 2012-05-22 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{2AB2CC5E-8D2B-4EE6-AE2C-90B9502378BC}
2012-05-22 15:10 - 2012-05-22 15:10 - 00000000 ____D C:\Users\User\AppData\Local\{D52C3204-70FD-4B78-A85E-6377A936FE42}
2012-05-22 15:10 - 2012-05-22 15:10 - 00000000 ____D C:\Users\User\AppData\Local\{72C3F495-FB16-4C39-9C1E-B5FE67B84328}
2012-05-21 19:15 - 2012-05-21 19:15 - 00000000 ____D C:\Users\User\AppData\Local\{B74F0B37-BE7B-48A6-8812-3CA1ED46A528}
2012-05-21 19:15 - 2012-05-21 19:15 - 00000000 ____D C:\Users\User\AppData\Local\{521FF700-BD2A-4639-8CBC-16A8177768A4}
2012-05-21 16:38 - 2012-05-21 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{CDF56A5C-B0DA-450D-AF98-5012DA6CF113}
2012-05-21 16:38 - 2012-05-21 16:38 - 00000000 ____D C:\Users\User\AppData\Local\{36A3FF96-EDE3-4A88-BF5F-8EB8CB4A3742}
2012-05-21 16:35 - 2012-05-21 16:35 - 00000000 ____D C:\Users\User\AppData\Local\{3D31D2F4-6DC4-42D2-B910-0BE7F480E8B8}
2012-05-21 16:35 - 2012-05-21 16:35 - 00000000 ____D C:\Users\User\AppData\Local\{0DDEA96D-7090-4D5F-9AC3-535D52A821A2}
2012-05-21 14:42 - 2012-05-21 14:42 - 00000000 ____D C:\Users\User\AppData\Local\{982FAE18-D8D4-413B-B908-71F229F855F5}
2012-05-21 14:42 - 2012-05-21 14:42 - 00000000 ____D C:\Users\User\AppData\Local\{4E5CDDA0-9893-4F34-BBEC-9260E688AF02}
2012-05-20 18:23 - 2012-05-20 18:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-20 18:23 - 2012-05-20 18:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-20 18:19 - 2012-05-20 18:19 - 00000000 ____D C:\Users\User\AppData\Local\{B1776432-1061-4E86-AA3E-890E8802D0D4}
2012-05-20 18:19 - 2012-05-20 18:19 - 00000000 ____D C:\Users\User\AppData\Local\{68429DA8-C75E-43FB-9081-4FBC9ADDF507}
2012-05-20 17:39 - 2012-05-20 17:39 - 00000000 ____D C:\Users\User\AppData\Local\{D9576DA4-98E7-4AB6-947B-682CFD6DD478}
2012-05-20 17:39 - 2012-05-20 17:39 - 00000000 ____D C:\Users\User\AppData\Local\{00877839-9E8A-4C05-8FDA-00605E0AFAA8}
2012-05-20 05:40 - 2012-05-20 05:39 - 00000000 ____D C:\Users\User\AppData\Local\{6168886D-88D1-4A70-8A1F-55DCB0E12D7B}
2012-05-20 05:39 - 2012-05-20 05:39 - 00000000 ____D C:\Users\User\AppData\Local\{D470E746-1899-4F85-8D2C-039ED7A313B5}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{D9C1EDCA-08C7-4088-8AA4-FF2064819CC4}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{93C7D3EA-E81E-4548-9DCC-4B3C8E0EF7A8}
2012-05-20 05:06 - 2012-05-20 05:06 - 00000000 ____D C:\Users\User\AppData\Local\{41882AF5-F615-4BC9-A2A2-C8A5885FDC3F}
2012-05-19 10:23 - 2012-05-19 10:22 - 00000000 ____D C:\Users\User\AppData\Local\{BEEBDFDA-BE48-4A20-88E6-0105A8CE8F07}
2012-05-19 10:22 - 2012-05-19 10:22 - 00000000 ____D C:\Users\User\AppData\Local\{814C7A71-7A69-4D76-84F7-C269DAE7D65A}
2012-05-19 04:04 - 2012-01-12 19:30 - 00039936 ____A C:\Users\User\Documents\MelindaMcLeodResume2.doc
2012-05-19 01:50 - 2012-05-19 01:50 - 00000000 ____D C:\Users\User\AppData\Local\{F85ACC5F-3FC3-478F-BDA2-13B798BA5067}
2012-05-19 01:50 - 2012-05-19 01:50 - 00000000 ____D C:\Users\User\AppData\Local\{6657B0C4-EFEB-4027-86F2-F75A8D82CD47}
2012-05-18 18:51 - 2012-05-18 18:51 - 00000000 ____D C:\Users\User\AppData\Local\{0A1FF414-AC05-426F-A248-9DED8B5876E5}
2012-05-18 18:50 - 2012-05-18 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{0BBBF547-E1A7-410C-97CF-634FB8BAD885}
2012-05-18 17:56 - 2012-05-18 17:56 - 00000000 ____D C:\Users\User\AppData\Local\{BF8DEB56-667D-4298-961E-971D20A3F706}
2012-05-18 15:38 - 2012-05-18 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{BB688C1A-B42F-4EC0-AA31-89039D5A20F9}
2012-05-18 15:38 - 2012-05-18 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{93479405-0632-4773-9FF4-CCFB10D2A909}
2012-05-17 18:50 - 2012-05-17 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{4FF675A4-DF17-4996-A63F-0F4112DAD9D5}
2012-05-17 18:50 - 2012-05-17 18:50 - 00000000 ____D C:\Users\User\AppData\Local\{498A505B-925C-44FB-9CA9-DD6C8BB8CA45}
2012-05-17 14:54 - 2012-05-17 14:54 - 00000000 ____D C:\Users\User\AppData\Local\{78362277-FBD2-49E5-B1D8-5D3022D99A80}
2012-05-17 14:54 - 2012-05-17 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{063FE9C3-7F9B-49D0-AA72-0E2358CBC0C7}
2012-05-17 14:51 - 2012-05-17 14:51 - 00000000 ____D C:\Users\User\AppData\Local\{5F04605E-FD7A-4573-9297-608A80CE236D}
2012-05-17 14:51 - 2012-05-17 14:51 - 00000000 ____D C:\Users\User\AppData\Local\{2A0307F0-0F24-4FD8-9B70-63BF1031B21B}
2012-05-16 18:37 - 2012-05-16 18:37 - 00000000 ____D C:\Users\User\AppData\Local\{F76A9B1E-AC34-43B7-B522-EF98406022CD}
2012-05-16 18:37 - 2012-05-16 18:37 - 00000000 ____D C:\Users\User\AppData\Local\{C0B7163C-A752-48C2-9F26-0C86AC36283F}
2012-05-16 16:01 - 2012-05-16 16:01 - 00000000 ____D C:\Users\User\AppData\Local\{71653197-B68F-40A2-93C3-D689F006037F}
2012-05-16 16:01 - 2012-05-16 16:00 - 00000000 ____D C:\Users\User\AppData\Local\{C561ABEB-F69B-4FF2-A381-EE3A17A6E475}
2012-05-16 15:58 - 2012-05-16 15:58 - 02981723 ____A C:\Users\User\Downloads\004.JPG
2012-05-16 15:53 - 2012-05-16 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{D4F59CAD-5109-41DF-BBB8-D05D182825AB}
2012-05-16 15:53 - 2012-05-16 15:53 - 00000000 ____D C:\Users\User\AppData\Local\{97304BE1-CC11-4E29-B838-A14EBB6AD713}
2012-05-16 15:18 - 2012-05-16 15:18 - 00000000 ____D C:\Users\User\AppData\Local\{EA030AA6-8F13-4DF2-AC4E-FE040D3A413E}
2012-05-16 15:18 - 2012-05-16 15:18 - 00000000 ____D C:\Users\User\AppData\Local\{7D2856E6-A612-4811-9241-9748069E5051}
2012-05-16 14:04 - 2012-05-16 14:04 - 00000000 ____D C:\Users\User\AppData\Local\{99224CB6-03D5-4021-AFBB-01DDA1531928}
2012-05-16 02:30 - 2012-05-16 02:29 - 00000000 ____D C:\Users\User\AppData\Local\{8A12B1F5-8220-4C4E-8623-E1C3FE541284}
2012-05-16 02:29 - 2012-05-16 02:29 - 00000000 ____D C:\Users\User\AppData\Local\{C7339F38-9A54-459A-954D-A0EA8401898B}
2012-05-15 17:52 - 2012-05-15 17:52 - 00000000 ____D C:\Users\User\AppData\Local\{D534A849-5A0F-49C8-A18F-E84E3CC880C3}
2012-05-15 17:52 - 2012-05-15 17:52 - 00000000 ____D C:\Users\User\AppData\Local\{35DBDDDF-8426-4733-AF4B-0B2EBFC30AED}
2012-05-15 16:14 - 2012-05-15 16:14 - 00000000 ____D C:\Users\User\AppData\Local\{23B4120D-138E-47E8-86FB-468632A474AF}
2012-05-15 16:14 - 2012-05-15 16:14 - 00000000 ____D C:\Users\User\AppData\Local\{1D044CFB-D3DE-48BF-8107-1E36D950D11E}
2012-05-15 15:26 - 2012-05-15 15:26 - 00000000 ____D C:\Users\User\AppData\Local\{A1C6D679-B3D9-4C68-AEB4-5DF9629FD2AB}
2012-05-15 15:26 - 2012-05-15 15:25 - 00000000 ____D C:\Users\User\AppData\Local\{6E8EB4EA-480E-4EDF-9FC3-4F230AC6E761}
2012-05-13 08:34 - 2012-05-13 08:34 - 00000000 ____D C:\Users\User\AppData\Local\{60AFE895-E9DD-49B5-A38F-7FEC1A4960DB}
2012-05-13 08:34 - 2012-05-13 08:34 - 00000000 ____D C:\Users\User\AppData\Local\{396EF1D7-8E20-4497-A877-357CC0431554}
2012-05-12 05:51 - 2012-05-12 05:51 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2012-05-12 03:06 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 02:48 - 2011-11-18 12:40 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 17:07 - 2012-05-11 17:07 - 00000000 ____D C:\Users\User\AppData\Local\{87DDE2D6-F483-47C5-A4EE-73CE0843EB00}
2012-05-11 17:07 - 2012-05-11 17:07 - 00000000 ____D C:\Users\User\AppData\Local\{1C5B43C5-F744-4C22-BE52-7863E8D3916D}
2012-05-10 17:36 - 2012-05-10 17:36 - 00000000 ____D C:\33f4ec94127ffb07e9f67db0
2012-05-10 17:35 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 15:34 - 2012-05-10 15:34 - 00000000 ____D C:\Users\User\AppData\Local\{9C5B2551-A9B5-4CDB-9B66-F0BF622C6A39}
2012-05-10 15:34 - 2012-05-10 15:34 - 00000000 ____D C:\Users\User\AppData\Local\{904106E1-D4D2-4A99-8EF6-2C976BDF4968}
2012-05-10 15:08 - 2012-05-10 15:08 - 00000000 ____D C:\Users\User\AppData\Local\{FEEAD077-B214-46FC-8282-63E438FF8B58}
2012-05-10 15:08 - 2012-05-10 15:08 - 00000000 ____D C:\Users\User\AppData\Local\{58784215-A289-4957-8DA3-45AE23D50434}
2012-05-10 14:32 - 2012-05-10 14:32 - 00000000 ____D C:\Users\User\AppData\Local\{1B0BB40E-BAC1-4B48-A794-F480A607205C}
2012-05-10 14:32 - 2012-05-10 14:32 - 00000000 ____D C:\Users\User\AppData\Local\{17D8CFAC-3E93-4BC4-A0E4-A47474A8ABCE}
2012-05-09 15:15 - 2012-05-09 15:15 - 00000000 ____D C:\Users\User\AppData\Local\{F09BEF2F-968B-4572-B012-28116C49BFE2}
2012-05-09 15:15 - 2012-05-09 15:15 - 00000000 ____D C:\Users\User\AppData\Local\{883698B8-E577-4274-9267-DA3C01E8239E}
2012-05-08 14:33 - 2012-05-08 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{D17758CC-24D9-4D33-8385-2262C6B2BBF7}
2012-05-08 14:33 - 2012-05-08 14:33 - 00000000 ____D C:\Users\User\AppData\Local\{42EF4F75-DE62-4524-9DA6-5258D141023D}
2012-05-08 14:01 - 2012-05-08 14:01 - 00000000 ____D C:\Users\User\AppData\Local\{291476FE-4E59-4C17-B2E9-4A2BBA24FDC5}
2012-05-08 14:01 - 2012-05-08 14:01 - 00000000 ____D C:\Users\User\AppData\Local\{24F05E20-E0DB-489E-BF58-5DA4D478A5B8}
2012-05-07 17:10 - 2012-05-07 17:10 - 00000000 ____D C:\Users\User\AppData\Local\{7B7EB9E5-4221-4983-854D-6B0FE9E00A4F}
2012-05-07 17:10 - 2012-05-07 17:10 - 00000000 ____D C:\Users\User\AppData\Local\{7339BB38-0BC7-4BCF-9615-51DB2495BB55}
2012-05-07 15:19 - 2012-05-07 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{C9CE25DE-830F-4FE2-8199-4BBA2B3599C0}
2012-05-07 15:19 - 2012-05-07 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{AB4130DC-5CEE-4AE0-89E6-CD624D1244FE}
2012-05-06 17:11 - 2012-05-06 17:11 - 00000000 ____D C:\Users\User\AppData\Local\{AED33378-123E-4389-A556-ECF32F951A2E}
2012-05-06 17:11 - 2012-05-06 17:11 - 00000000 ____D C:\Users\User\AppData\Local\{318CF2B5-C747-494A-A02C-4962B8B6F06A}
2012-05-05 17:07 - 2012-05-05 17:07 - 00000000 ____D C:\Users\User\AppData\Local\{4380E760-BC66-46E6-84B0-E2A3D64F8CEF}
2012-05-05 17:07 - 2012-05-05 17:06 - 00000000 ____D C:\Users\User\AppData\Local\{6B184592-9E60-4A9E-B638-A533D3F13A52}
2012-05-05 13:49 - 2012-05-05 13:48 - 00000000 ____D C:\Users\User\AppData\Local\{C12A7AB3-49CE-4359-8825-7EA85D0404BD}
2012-05-05 13:48 - 2012-05-05 13:48 - 00000000 ____D C:\Users\User\AppData\Local\{4A9414ED-8E37-4FF9-9A4C-0F1198C865BC}
2012-05-05 12:20 - 2012-05-05 12:20 - 00000000 ____D C:\Users\User\AppData\Local\{D9EAC512-4CB5-41D8-AB38-9DF874D3B71D}
2012-05-05 12:20 - 2012-05-05 12:20 - 00000000 ____D C:\Users\User\AppData\Local\{A118476F-DCC9-4B45-B6DA-59CCDEF5C280}
2012-05-05 11:33 - 2012-04-05 16:33 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 09:42 - 2012-05-05 09:42 - 00000000 ____D C:\Users\User\AppData\Local\{696957D7-9AE0-4F25-9E2E-5FF1B1D82621}
2012-05-05 09:42 - 2012-05-05 09:42 - 00000000 ____D C:\Users\User\AppData\Local\{382838C5-23E4-4280-8722-87880C381441}
2012-05-04 14:50 - 2012-05-04 14:49 - 00000000 ____D C:\Users\User\AppData\Local\{98F7FC25-CECD-4386-A0B7-B3297ABBF6A1}
2012-05-04 14:49 - 2012-05-04 14:49 - 00000000 ____D C:\Users\User\AppData\Local\{2DD1F9C4-B40D-4375-B79B-9852CDB689A7}
2012-05-04 14:12 - 2012-05-04 14:12 - 00000000 ____D C:\Users\User\AppData\Local\{E644DD79-35C8-4B4F-BD4B-FB4A19C52AAE}
2012-05-04 14:12 - 2012-05-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\{A15C2BB8-3E12-4327-82FD-967E96C9AC83}
2012-05-03 15:30 - 2012-05-03 15:30 - 00000000 ____D C:\Users\User\AppData\Local\{0075FD79-43E6-433B-A80A-23B90B5FF60D}
2012-05-03 15:30 - 2012-05-03 15:29 - 00000000 ____D C:\Users\User\AppData\Local\{8D61AD79-8093-4D88-82C7-E53A8283E55E}
2012-05-02 19:29 - 2012-05-02 19:29 - 00000000 ____D C:\Users\User\AppData\Local\{5C0F62E6-6BB2-43A7-B4A1-97C1A3AD0380}
2012-05-02 19:29 - 2012-05-02 19:29 - 00000000 ____D C:\Users\User\AppData\Local\{21BCE174-32DA-4F68-8919-04AD69A3E241}
2012-05-02 15:48 - 2012-05-02 15:48 - 00000000 ____D C:\Users\User\AppData\Local\{F84A2A23-ED55-4EA5-A4B4-0B3BD8D2A78B}
2012-05-02 15:48 - 2012-05-02 15:48 - 00000000 ____D C:\Users\User\AppData\Local\{8FBA9DB3-D60B-4224-B4BE-E19248A0AB28}
2012-05-02 15:30 - 2012-05-02 15:30 - 00000000 ____D C:\Users\User\AppData\Local\{0A7BA59D-2D81-41AD-8B19-2D29DE71DCC7}
2012-05-02 15:30 - 2012-05-02 15:29 - 00000000 ____D C:\Users\User\AppData\Local\{87567E16-42BB-4958-B7EE-F8D087B41617}
2012-05-01 15:32 - 2012-05-01 15:32 - 00000000 ____D C:\Users\User\AppData\Local\{5A011EA6-0FF2-4CFE-AB5C-28E94B027B4F}
2012-05-01 15:32 - 2012-05-01 15:31 - 00000000 ____D C:\Users\User\AppData\Local\{C23E27E9-BD06-4E9D-8BD0-528DA42976ED}
2012-05-01 14:28 - 2012-05-01 14:27 - 00000000 ____D C:\Users\User\AppData\Local\{A52AA1AF-D924-4705-A63D-505C1EB2DC6D}
2012-05-01 14:27 - 2012-05-01 14:27 - 00000000 ____D C:\Users\User\AppData\Local\{DFC95FFC-798E-49BD-8794-49774C1627E6}
2012-05-01 14:14 - 2012-05-01 14:14 - 00000000 ____D C:\Users\User\AppData\Local\{BBB99DB0-1C4E-4FE0-946E-55F7C9B53664}
2012-05-01 14:14 - 2012-05-01 14:14 - 00000000 ____D C:\Users\User\AppData\Local\{7E26BDBF-05FF-4E22-A3FF-FA662D0899E3}
2012-05-01 02:07 - 2012-05-01 02:07 - 00000000 ____D C:\Users\User\AppData\Local\{FD49589D-0B11-47D2-9E8D-93CF7EC8FBB6}
2012-05-01 02:07 - 2012-05-01 02:07 - 00000000 ____D C:\Users\User\AppData\Local\{9B2F3405-D56A-4770-B175-552ADF26CCB8}
2012-05-01 01:46 - 2012-05-01 01:46 - 00000000 ____D C:\Users\User\AppData\Local\{65FBF8F4-AE8E-4027-9DFF-6994D73EE745}
2012-04-30 18:04 - 2012-04-30 18:04 - 00000000 ____D C:\Users\User\AppData\Local\{ADDB08E3-FBC9-44C7-BE96-33F145C36658}
2012-04-30 15:41 - 2012-04-30 15:41 - 00000000 ____D C:\Users\User\AppData\Local\{61C8D3E3-602D-43EB-A006-CEED51C017B0}
2012-04-30 15:41 - 2012-04-30 15:40 - 00000000 ____D C:\Users\User\AppData\Local\{6D9F56D4-B2E4-486F-B0C5-A1A890D48001}
2012-04-28 18:20 - 2012-04-28 18:20 - 00000000 ____D C:\Users\User\AppData\Local\{5CEFAC8B-5FC2-41E6-91A8-EC08F60FDDF9}
2012-04-28 18:20 - 2012-04-28 18:20 - 00000000 ____D C:\Users\User\AppData\Local\{22773740-12AE-448D-9B32-AD1EDA25D943}
2012-04-28 05:03 - 2012-04-28 05:03 - 02586616 ____A C:\Users\User\Desktop\Motorcycle2.jpg
2012-04-28 05:02 - 2012-04-28 05:02 - 02600454 ____A C:\Users\User\Desktop\Motorcycle1.jpg
2012-04-28 04:58 - 2012-04-28 04:58 - 00000000 ____D C:\Users\User\AppData\Local\{4ECE2200-9E88-49A1-A987-3017ADA23CF8}
2012-04-28 04:58 - 2012-04-28 04:57 - 00000000 ____D C:\Users\User\AppData\Local\{EBF4E741-DB65-4441-808C-EE3E310459DD}
2012-04-28 04:38 - 2012-04-28 04:38 - 00000000 ____D C:\Users\User\AppData\Local\{4B96B202-FDBC-4511-AF4E-D93B414FAF47}
2012-04-28 04:38 - 2012-04-28 04:38 - 00000000 ____D C:\Users\User\AppData\Local\{43C8BF12-3357-4230-BCFB-EAA830148E5F}
2012-04-27 17:44 - 2012-04-27 17:44 - 00000000 ____D C:\Users\User\AppData\Local\{F62B7AFB-A660-4966-B4F2-E4716A98802A}
2012-04-27 17:44 - 2012-04-27 17:44 - 00000000 ____D C:\Users\User\AppData\Local\{E796D2FF-CACA-40E1-83CA-EBCB4A3780F5}
2012-04-25 17:19 - 2012-04-25 17:19 - 00000000 ____D C:\Users\User\AppData\Local\{92D4C640-CF20-4584-B29A-50036AB704EA}
2012-04-25 17:19 - 2012-04-25 17:19 - 00000000 ____D C:\Users\User\AppData\Local\{77F05764-78AF-4FF0-BE78-B20C326D5F43}
2012-04-25 16:51 - 2012-04-25 16:51 - 00000000 ____D C:\Users\User\AppData\Local\{BF4A43FB-3177-498C-BD6B-76D98641306B}
2012-04-25 16:51 - 2012-04-25 16:51 - 00000000 ____D C:\Users\User\AppData\Local\{2E5AE036-F73C-4D11-866E-5FBC20F62619}
2012-04-25 16:50 - 2012-04-25 16:50 - 00008576 ____A C:\Users\User\Desktop\Zappos_com UPS Return Label.htm
2012-04-25 16:50 - 2012-04-25 16:50 - 00000000 ____D C:\Users\User\Desktop\Zappos_com UPS Return Label_files
2012-04-25 16:47 - 2012-04-25 16:47 - 00000000 ____D C:\Users\User\AppData\Local\{88B4964B-3B0B-4AB1-9BDF-EF4B965737F6}
2012-04-25 16:47 - 2012-04-25 16:47 - 00000000 ____D C:\Users\User\AppData\Local\{0A5DFA74-A076-4581-82ED-427AE7308D2D}
2012-04-25 15:03 - 2012-04-25 15:03 - 00000000 ____D C:\Users\User\AppData\Local\{C8731582-BC54-4531-A5FB-C940D847C161}
2012-04-25 15:03 - 2012-04-25 15:03 - 00000000 ____D C:\Users\User\AppData\Local\{8EF97793-6DD0-440A-ABD1-C89A4116B8E7}
2012-04-24 18:20 - 2012-04-24 18:20 - 00000000 ____D C:\Users\User\AppData\Local\{55AACCD6-064C-438A-A179-EBC681ED0D4C}
2012-04-24 17:42 - 2012-04-24 17:42 - 00000000 ____D C:\Users\User\AppData\Local\{ECC7F273-748B-48CF-A978-A987CBB4C886}
2012-04-24 17:42 - 2012-04-24 17:42 - 00000000 ____D C:\Users\User\AppData\Local\{4C0028D5-398C-4EF2-AA75-70677DD6FD92}
2012-04-24 15:19 - 2012-04-24 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{D4476D54-D63A-4E00-8B4D-56209B68E3FD}
2012-04-24 15:19 - 2012-04-24 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{AD8335EA-77AF-4B7E-859E-B4FAB655459E}
2012-04-23 17:35 - 2012-04-23 17:35 - 00000000 ____D C:\Users\User\AppData\Local\{13BAAC3B-147A-4ABE-B08C-E108E0B25612}
2012-04-23 17:35 - 2012-04-23 17:35 - 00000000 ____D C:\Users\User\AppData\Local\{00A10A20-CB49-40D4-9254-D01F75466D95}
2012-04-23 17:03 - 2012-04-23 17:03 - 00000000 ____D C:\Users\User\AppData\Local\{9D84E6BB-CE7F-45B4-A4B1-92F918F0E3D8}
2012-04-23 17:03 - 2012-04-23 17:03 - 00000000 ____D C:\Users\User\AppData\Local\{77915769-267E-4ABF-9983-58FC3044492C}
2012-04-23 16:45 - 2012-04-23 16:45 - 00000000 ____D C:\Users\User\AppData\Local\{09F9DC69-63B0-499C-A526-EBA3D1327091}
2012-04-23 16:45 - 2012-04-23 16:45 - 00000000 ____D C:\Users\User\AppData\Local\{06934D78-57F2-45A4-BBAD-C92A0E2B5642}
2012-04-23 16:29 - 2012-04-23 16:28 - 00000000 ____D C:\Users\User\AppData\Local\{4B7D57FA-8176-4537-AFFC-98F9E50D2BE1}
2012-04-23 16:28 - 2012-04-23 16:28 - 00000000 ____D C:\Users\User\AppData\Local\{57DC2614-AA1F-4D43-A63E-E9F0E8E1088C}
2012-04-23 16:18 - 2012-04-23 16:18 - 00000000 ____D C:\Users\User\AppData\Local\{417821D8-8288-4403-AFF7-2E27902613FD}
2012-04-23 16:18 - 2012-04-23 16:18 - 00000000 ____D C:\Users\User\AppData\Local\{3AF9803A-D7EE-45C8-8FE9-E853D86478B4}
2012-04-23 14:53 - 2012-04-23 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{CC5B9C57-7339-4FEC-8876-349DD60F03B5}
2012-04-23 14:53 - 2012-04-23 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{49857F62-C9BE-4886-AA98-3548989DCEC8}
2012-04-23 14:35 - 2012-04-23 14:35 - 00000000 ____D C:\Users\All Users\Symantec
2012-04-22 17:25 - 2012-04-22 17:25 - 00000000 ____D C:\Users\User\AppData\Local\{A6E66B4B-BA5F-4068-BBFA-B4CC06DDA028}
2012-04-22 17:25 - 2012-04-22 17:25 - 00000000 ____D C:\Users\User\AppData\Local\{6A189963-C014-4300-9A0C-F28DDFDAB835}
2012-04-22 16:48 - 2012-04-22 16:48 - 00000000 ____D C:\Users\User\AppData\Local\{995313DD-57B2-40EE-BA56-ABED1E642241}
2012-04-22 16:48 - 2012-04-22 16:47 - 00000000 ____D C:\Users\User\AppData\Local\{9E1A2DBE-C487-4585-9D23-CAC4BB811436}
2012-04-22 11:34 - 2012-04-22 11:34 - 00000000 ____D C:\Users\User\AppData\Local\{EBFDD77F-D3FF-44C8-A5AD-D08B1AF0DF52}
2012-04-22 11:34 - 2012-04-22 11:34 - 00000000 ____D C:\Users\User\AppData\Local\{A7F5FDE9-A285-4388-A79E-8E9325ECD96B}
2012-04-22 06:33 - 2012-04-22 06:33 - 00000000 ____D C:\Users\User\AppData\Local\{F7FB3DD9-525E-47D6-834C-29FF79520DD5}
2012-04-22 06:33 - 2012-04-22 06:33 - 00000000 ____D C:\Users\User\AppData\Local\{79240A10-6232-4F20-888A-08F86A3DE24C}
2012-04-21 11:29 - 2012-04-21 11:29 - 00000000 ____D C:\Users\User\AppData\Local\{ECA70B80-EB9B-4334-9791-7A83D20FC007}
2012-04-21 11:29 - 2012-04-21 11:28 - 00000000 ____D C:\Users\User\AppData\Local\{D4E4CFEE-19CF-43D7-98CE-21D12D7CBACD}
2012-04-19 18:01 - 2012-04-19 18:01 - 00000000 ____D C:\Users\User\AppData\Local\{70C98239-AE11-44CA-8E79-5478D93DF7E1}
2012-04-19 18:01 - 2012-04-19 18:01 - 00000000 ____D C:\Users\User\AppData\Local\{5697B072-4E75-4590-ABAF-A4B505353493}
2012-04-19 15:04 - 2012-04-19 15:04 - 00000000 ____D C:\Users\User\AppData\Local\{F108789A-3E18-44BD-9296-E6D6FF535130}
2012-04-19 15:04 - 2012-04-19 15:04 - 00000000 ____D C:\Users\User\AppData\Local\{CB55106B-78F8-41DC-B87E-2B73E4EBC7FE}
2012-04-17 02:16 - 2012-04-17 02:15 - 00000000 ____D C:\Users\User\AppData\Local\{7AC702AF-427A-4EDF-BD9C-C4C9077C570B}
2012-04-15 15:54 - 2012-04-15 15:54 - 00000000 ____D C:\Users\User\AppData\Local\{F3D56CBE-F87B-41B0-B3A5-9459B6F11C01}
2012-04-15 15:54 - 2012-04-15 15:54 - 00000000 ____D C:\Users\User\AppData\Local\{EF5B90C8-D3C6-46FD-AD07-A9947F7AABC1}
2012-04-15 07:03 - 2012-04-15 07:03 - 00000000 ____D C:\Users\User\AppData\Local\{728E297F-B8DE-4E4E-9F01-D118AEE71A55}
2012-04-15 07:03 - 2011-11-25 12:44 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2012-04-12 15:09 - 2012-04-12 15:08 - 00000000 ____D C:\Users\User\AppData\Local\{395FB587-C5ED-486F-8B71-458C4D34B7D2}
2012-04-11 17:04 - 2012-04-11 17:03 - 00000000 ____D C:\Users\User\AppData\Local\{71395694-D50D-449A-8A88-7CBF4CEB5404}
2012-04-10 16:47 - 2012-04-10 16:47 - 00000000 ____D C:\Users\User\AppData\Local\{F48CC920-8E82-4793-A58A-5B517B6873A4}
2012-04-07 17:02 - 2012-04-07 17:01 - 00000000 ____D C:\Users\User\AppData\Local\{40027805-626E-4943-9FAF-33D0754C9398}
2012-04-07 04:29 - 2012-04-07 04:28 - 00000000 ____D C:\Users\User\AppData\Local\{B57F932C-D9AE-4800-B8E6-18027A2F8028}
2012-04-06 15:59 - 2012-04-06 15:58 - 00000000 ____D C:\Users\User\AppData\Local\{CA788F06-9471-4C91-83E6-AC6B3EC29AE1}
2012-04-05 16:02 - 2012-04-05 16:02 - 00000000 ____D C:\Users\User\AppData\Local\{592FBDE0-F815-4C8D-805D-BA36F097AC3A}
2012-04-04 18:18 - 2012-04-04 18:18 - 00000000 ____D C:\Users\User\AppData\Local\{6A3BCA32-CC77-4179-869F-75513D75ECE7}
2012-04-04 11:56 - 2012-06-10 17:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 15:18 - 2012-04-02 15:18 - 00000000 ____D C:\Users\User\AppData\Local\{76557AC7-8FE8-408D-A287-46035255B716}
2012-04-01 15:50 - 2012-04-01 15:50 - 00000000 ____D C:\Users\User\AppData\Local\{B344CF6E-9611-4CE2-8F8F-CC7664F44C3B}
2012-04-01 03:25 - 2012-04-01 03:25 - 00000000 ____D C:\Users\User\AppData\Local\{BE1EB9D4-8E61-483A-A47D-4D8AAB8A110A}
2012-03-30 22:05 - 2012-05-10 14:37 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-10 14:37 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 14:37 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-10 14:37 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 16:38 - 2012-03-30 16:37 - 00000000 ____D C:\Users\User\AppData\Local\{D7A2E46A-3174-4667-A440-43DA6803AE15}
2012-03-30 03:35 - 2012-05-10 14:36 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 17:49 - 2012-03-29 17:49 - 02759882 ____A C:\Users\User\Desktop\7tipsToSuccess.pdf
2012-03-29 17:31 - 2012-03-29 17:31 - 00000000 ____D C:\Users\User\AppData\Local\{3C704C1E-C693-4B10-9ED8-1D609B343607}
2012-03-28 15:51 - 2012-03-28 15:51 - 00000000 ____D C:\Users\User\AppData\Local\{D4D64884-4A55-4822-A115-F61B3D1F8A24}
2012-03-28 15:51 - 2012-03-28 15:51 - 00000000 ____D C:\Users\User\AppData\Local\{5C187546-CEAE-4D95-A630-5C7F519183A7}
2012-03-27 16:14 - 2012-03-27 16:13 - 00000000 ____D C:\Users\User\AppData\Local\{866A68AC-4AF9-4DCE-965E-7052BB7ECDC4}
2012-03-27 16:13 - 2012-03-27 16:13 - 00000000 ____D C:\Users\User\AppData\Local\{8E0973AE-F824-4AAC-A3DC-560F72C64107}
2012-03-26 16:17 - 2012-03-26 16:17 - 00000000 ____D C:\Users\User\AppData\Local\{3D6B1D58-504D-4D04-95BE-3E30B0D1B507}
2012-03-26 16:17 - 2012-03-26 16:16 - 00000000 ____D C:\Users\User\AppData\Local\{4548A43D-B81F-415E-AAD0-A542E1113694}
2012-03-25 16:53 - 2012-03-25 16:53 - 00000000 ____D C:\Users\User\AppData\Local\{DD12EEDC-B21F-48E2-864D-939E2E25D195}
2012-03-25 16:53 - 2012-03-25 16:53 - 00000000 ____D C:\Users\User\AppData\Local\{D2A22418-CCBB-4E90-AD0D-59CC0C99D095}
2012-03-25 04:35 - 2012-03-25 04:35 - 00000000 ____D C:\Users\User\AppData\Local\{7F4D3F41-9FBB-4321-8DA4-472C09F7892A}
2012-03-25 04:35 - 2012-03-25 04:35 - 00000000 ____D C:\Users\User\AppData\Local\{438220A4-532F-40E4-8D8C-6EC2FBD5731C}
2012-03-24 11:04 - 2012-03-24 11:03 - 00000000 ____D C:\Users\User\AppData\Local\{D5C13D83-E364-4D7B-AE46-A62032443CC0}
2012-03-24 11:03 - 2012-03-24 11:03 - 00000000 ____D C:\Users\User\AppData\Local\{5E20C968-AD95-4AE9-A077-1E7698E252B1}
2012-03-23 15:27 - 2012-03-23 15:27 - 00000000 ____D C:\Users\User\AppData\Local\{9C1E85A9-ECDB-4DCE-A9CD-9BB62B6B5DA0}
2012-03-23 15:27 - 2012-03-23 15:27 - 00000000 ____D C:\Users\User\AppData\Local\{3ABA4D3C-3239-4E77-8F7C-7D9E6C1DFB58}
2012-03-22 15:20 - 2012-03-22 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{E37AA7AF-164C-4798-99D3-956859B82504}
2012-03-22 15:19 - 2012-03-22 15:19 - 00000000 ____D C:\Users\User\AppData\Local\{67996E08-D817-48CB-A83F-27C38C5F9439}
2012-03-21 14:53 - 2012-03-21 14:53 - 00000000 ____D C:\Users\User\AppData\Local\{4EBDC34E-1612-4912-BA01-525B3B38DEEA}
2012-03-21 14:52 - 2012-03-21 14:52 - 00000000 ____D C:\Users\User\AppData\Local\{148B237D-D8AB-43CD-9DCE-3EFBA96F1B26}
2012-03-20 16:44 - 2012-03-20 16:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 16:44 - 2012-03-20 16:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 14:56 - 2012-03-20 14:55 - 00000000 ____D C:\Users\User\AppData\Local\{58CB87BC-D9B2-49D7-B481-184A8EBE9D7B}
2012-03-20 14:55 - 2012-03-20 14:55 - 00000000 ____D C:\Users\User\AppData\Local\{3EE1183A-E183-48D7-AF7F-BCBBCDE7F800}
2012-03-19 16:02 - 2012-03-19 16:02 - 00000000 ____D C:\Users\User\AppData\Local\{97DBF55B-247C-4372-8303-A17BB2CF5867}
2012-03-19 16:02 - 2012-03-19 16:02 - 00000000 ____D C:\Users\User\AppData\Local\{1CFFAFE2-AAF4-42A3-AB2E-7D4954909E06}
2012-03-18 18:08 - 2012-03-18 18:08 - 00000000 ____D C:\Users\User\AppData\Local\{D9541C59-27CA-4A1C-B3F7-2C551E398C36}
2012-03-18 18:08 - 2012-03-18 18:08 - 00000000 ____D C:\Users\User\AppData\Local\{C13162EF-165A-414E-99FC-3A0EF9E86CB6}
2012-03-18 17:35 - 2012-03-18 17:35 - 00000000 ____D C:\Users\User\AppData\Local\{A6F5E5F8-CC8E-4DC5-96DF-54176A1AB9B0}
2012-03-18 17:35 - 2012-03-18 17:35 - 00000000 ____D C:\Users\User\AppData\Local\{8399BCFC-9D64-49AE-AD66-E6C22C8FFBAF}
2012-03-17 19:30 - 2012-03-17 19:30 - 00000000 ____D C:\Users\User\AppData\Local\{89952C09-7228-430E-884B-7F43BDA668F2}
2012-03-17 19:30 - 2012-03-17 19:29 - 00000000 ____D C:\Users\User\AppData\Local\{8661F80D-A496-44E2-A3A2-798A537AC64B}
2012-03-17 11:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-03-17 04:32 - 2012-03-17 04:32 - 00000000 ____D C:\Users\User\AppData\Local\{F34D3D02-7C2E-4B9C-B598-FE3573CBEC12}
2012-03-17 04:32 - 2012-03-17 04:32 - 00000000 ____D C:\Users\User\AppData\Local\{7907D397-B6AC-474D-B916-3D6D86AC4E94}
2012-03-16 23:58 - 2012-05-10 14:36 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 03:46 - 2012-03-16 03:46 - 00000000 ____D C:\Users\User\AppData\Local\{9E523936-B949-4072-835A-7E70AC9FD13C}
2012-03-16 03:46 - 2012-03-16 03:46 - 00000000 ____D C:\Users\User\AppData\Local\{3819FBF6-0F6E-409C-B3EA-250B06B99507}
2012-03-16 02:37 - 2012-03-14 16:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Ekmeu
2012-03-16 02:06 - 2012-03-14 16:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Seneqo
2012-03-15 15:39 - 2012-03-15 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{1B670022-A53D-4AF9-9255-069A87392A1C}
2012-03-15 15:38 - 2012-03-15 15:38 - 00000000 ____D C:\Users\User\AppData\Local\{253544B8-8B01-4FEF-B02F-1AB9CB9E4929}
2012-03-14 16:31 - 2012-03-14 16:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Atme
2012-03-14 16:05 - 2012-03-14 16:05 - 00000000 ____D C:\Users\User\AppData\Local\{309BE847-8D53-425A-9913-9B1F99081D60}
2012-03-14 16:05 - 2012-03-14 16:05 - 00000000 ____D C:\Users\User\AppData\Local\{199235C3-7AF1-479D-BC41-AC05A3F1AF9D}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-07-31 23:21] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\SysWOW64\svchost.exe
[2011-07-31 23:22] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-07-31 23:17] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4043.86 MB
Available physical RAM: 3490.33 MB
Total Pagefile: 4042.06 MB
Available Pagefile: 3470.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (TI106234W0C) (Fixed) (Total:449.77 GB) (Free:408.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:388.56 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 449 GB 1501 MB
Partition 3 Primary 14 GB 451 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106234W0C NTFS Partition 449 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F TOSHIBA EXT NTFS Partition 465 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-20 17:23

======================= End Of Log ==========================

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 AM

Posted 11 June 2012 - 11:10 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
services.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Paladin41us

Paladin41us
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 11 June 2012 - 11:26 AM

Its not scanning quick enough for it to complete before the reboot, I'm on a separate machine then the one I'm trying to fix but here is the text showing it performing its search.

SystemLook 30.07.11 by jpshortstuff
Log created at 12:19 on 11/06/2012 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:30 AM

Posted 11 June 2012 - 11:59 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Paladin41us

Paladin41us
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 11 June 2012 - 12:27 PM

Thank you for your time and patience Gringo, here is the TDSS Log, will post the results after I run aswMBR after I get home from work.



13:15:53.0500 3700 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:15:53.0671 3700 ============================================================
13:15:53.0671 3700 Current date / time: 2012/06/11 13:15:53.0671
13:15:53.0671 3700 SystemInfo:
13:15:53.0671 3700
13:15:53.0671 3700 OS Version: 6.1.7601 ServicePack: 1.0
13:15:53.0671 3700 Product type: Workstation
13:15:53.0671 3700 ComputerName: USER-PC
13:15:53.0671 3700 UserName: User
13:15:53.0671 3700 Windows directory: C:\windows
13:15:53.0671 3700 System windows directory: C:\windows
13:15:53.0671 3700 Running under WOW64
13:15:53.0671 3700 Processor architecture: Intel x64
13:15:53.0671 3700 Number of processors: 4
13:15:53.0671 3700 Page size: 0x1000
13:15:53.0671 3700 Boot type: Normal boot
13:15:53.0671 3700 ============================================================
13:15:54.0092 3700 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:15:54.0092 3700 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:15:54.0124 3700 ============================================================
13:15:54.0124 3700 \Device\Harddisk0\DR0:
13:15:54.0124 3700 MBR partitions:
13:15:54.0124 3700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3838A000
13:15:54.0124 3700 \Device\Harddisk1\DR1:
13:15:54.0124 3700 MBR partitions:
13:15:54.0124 3700 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385030
13:15:54.0124 3700 ============================================================
13:15:54.0155 3700 C: <-> \Device\Harddisk0\DR0\Partition0
13:15:54.0295 3700 E: <-> \Device\Harddisk1\DR1\Partition0
13:15:54.0295 3700 ============================================================
13:15:54.0295 3700 Initialize success
13:15:54.0295 3700 ============================================================
13:15:57.0150 3744 ============================================================
13:15:57.0150 3744 Scan started
13:15:57.0150 3744 Mode: Manual;
13:15:57.0150 3744 ============================================================
13:15:58.0492 3744 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
13:15:58.0492 3744 1394ohci - ok
13:15:58.0538 3744 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
13:15:58.0538 3744 ACPI - ok
13:15:58.0554 3744 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
13:15:58.0554 3744 AcpiPmi - ok
13:15:58.0663 3744 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:15:58.0663 3744 AdobeARMservice - ok
13:15:58.0819 3744 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:15:58.0819 3744 AdobeFlashPlayerUpdateSvc - ok
13:15:58.0882 3744 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
13:15:58.0882 3744 adp94xx - ok
13:15:58.0928 3744 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
13:15:58.0944 3744 adpahci - ok
13:15:58.0960 3744 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
13:15:58.0975 3744 adpu320 - ok
13:15:59.0006 3744 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
13:15:59.0006 3744 AeLookupSvc - ok
13:15:59.0084 3744 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
13:15:59.0084 3744 AFD - ok
13:15:59.0131 3744 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
13:15:59.0131 3744 agp440 - ok
13:15:59.0162 3744 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
13:15:59.0162 3744 ALG - ok
13:15:59.0178 3744 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
13:15:59.0194 3744 aliide - ok
13:15:59.0194 3744 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
13:15:59.0194 3744 amdide - ok
13:15:59.0225 3744 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
13:15:59.0240 3744 AmdK8 - ok
13:15:59.0240 3744 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
13:15:59.0240 3744 AmdPPM - ok
13:15:59.0272 3744 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
13:15:59.0272 3744 amdsata - ok
13:15:59.0318 3744 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
13:15:59.0318 3744 amdsbs - ok
13:15:59.0334 3744 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
13:15:59.0334 3744 amdxata - ok
13:15:59.0350 3744 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
13:15:59.0350 3744 AppID - ok
13:15:59.0381 3744 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
13:15:59.0381 3744 AppIDSvc - ok
13:15:59.0412 3744 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
13:15:59.0412 3744 Appinfo - ok
13:15:59.0490 3744 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
13:15:59.0490 3744 arc - ok
13:15:59.0506 3744 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
13:15:59.0506 3744 arcsas - ok
13:15:59.0552 3744 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:15:59.0552 3744 AsyncMac - ok
13:15:59.0599 3744 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
13:15:59.0599 3744 atapi - ok
13:15:59.0693 3744 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:15:59.0693 3744 AudioEndpointBuilder - ok
13:15:59.0693 3744 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:15:59.0708 3744 AudioSrv - ok
13:15:59.0755 3744 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
13:15:59.0755 3744 AxInstSV - ok
13:15:59.0818 3744 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
13:15:59.0818 3744 b06bdrv - ok
13:15:59.0896 3744 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:15:59.0896 3744 b57nd60a - ok
13:15:59.0958 3744 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
13:15:59.0958 3744 BDESVC - ok
13:15:59.0989 3744 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:15:59.0989 3744 Beep - ok
13:16:00.0067 3744 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
13:16:00.0083 3744 BITS - ok
13:16:00.0083 3744 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
13:16:00.0083 3744 blbdrive - ok
13:16:00.0130 3744 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
13:16:00.0130 3744 bowser - ok
13:16:00.0161 3744 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
13:16:00.0161 3744 BrFiltLo - ok
13:16:00.0161 3744 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
13:16:00.0161 3744 BrFiltUp - ok
13:16:00.0254 3744 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
13:16:00.0254 3744 BridgeMP - ok
13:16:00.0286 3744 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
13:16:00.0286 3744 Browser - ok
13:16:00.0317 3744 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
13:16:00.0332 3744 Brserid - ok
13:16:00.0332 3744 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
13:16:00.0332 3744 BrSerWdm - ok
13:16:00.0348 3744 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
13:16:00.0348 3744 BrUsbMdm - ok
13:16:00.0348 3744 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
13:16:00.0348 3744 BrUsbSer - ok
13:16:00.0364 3744 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
13:16:00.0364 3744 BTHMODEM - ok
13:16:00.0410 3744 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
13:16:00.0410 3744 bthserv - ok
13:16:00.0426 3744 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
13:16:00.0426 3744 cdfs - ok
13:16:00.0473 3744 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
13:16:00.0473 3744 cdrom - ok
13:16:00.0504 3744 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
13:16:00.0520 3744 CertPropSvc - ok
13:16:00.0551 3744 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
13:16:00.0551 3744 circlass - ok
13:16:00.0582 3744 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
13:16:00.0582 3744 CLFS - ok
13:16:00.0644 3744 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:16:00.0644 3744 clr_optimization_v2.0.50727_32 - ok
13:16:00.0707 3744 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:16:00.0707 3744 clr_optimization_v2.0.50727_64 - ok
13:16:00.0769 3744 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:16:00.0785 3744 clr_optimization_v4.0.30319_32 - ok
13:16:00.0863 3744 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:16:00.0863 3744 clr_optimization_v4.0.30319_64 - ok
13:16:00.0894 3744 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
13:16:00.0894 3744 CmBatt - ok
13:16:00.0910 3744 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
13:16:00.0910 3744 cmdide - ok
13:16:00.0988 3744 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
13:16:00.0988 3744 CNG - ok
13:16:01.0097 3744 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys
13:16:01.0112 3744 CnxtHdAudService - ok
13:16:01.0284 3744 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
13:16:01.0284 3744 Compbatt - ok
13:16:01.0284 3744 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
13:16:01.0300 3744 CompositeBus - ok
13:16:01.0300 3744 COMSysApp - ok
13:16:01.0315 3744 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
13:16:01.0315 3744 crcdisk - ok
13:16:01.0346 3744 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
13:16:01.0346 3744 CryptSvc - ok
13:16:01.0456 3744 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:16:01.0456 3744 cvhsvc - ok
13:16:01.0518 3744 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
13:16:01.0518 3744 DcomLaunch - ok
13:16:01.0580 3744 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
13:16:01.0580 3744 defragsvc - ok
13:16:01.0627 3744 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
13:16:01.0643 3744 DfsC - ok
13:16:01.0752 3744 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
13:16:01.0768 3744 Dhcp - ok
13:16:01.0814 3744 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
13:16:01.0814 3744 discache - ok
13:16:01.0955 3744 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
13:16:01.0955 3744 Disk - ok
13:16:02.0080 3744 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
13:16:02.0080 3744 Dnscache - ok
13:16:02.0267 3744 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
13:16:02.0267 3744 dot3svc - ok
13:16:02.0267 3744 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
13:16:02.0282 3744 DPS - ok
13:16:02.0298 3744 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
13:16:02.0298 3744 drmkaud - ok
13:16:02.0392 3744 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
13:16:02.0407 3744 DXGKrnl - ok
13:16:02.0454 3744 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
13:16:02.0470 3744 EapHost - ok
13:16:02.0626 3744 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
13:16:02.0641 3744 ebdrv - ok
13:16:02.0750 3744 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
13:16:02.0750 3744 EFS - ok
13:16:02.0828 3744 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
13:16:02.0844 3744 ehRecvr - ok
13:16:02.0875 3744 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
13:16:02.0891 3744 ehSched - ok
13:16:02.0969 3744 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
13:16:02.0969 3744 elxstor - ok
13:16:02.0969 3744 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
13:16:02.0969 3744 ErrDev - ok
13:16:03.0016 3744 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
13:16:03.0016 3744 EventSystem - ok
13:16:03.0047 3744 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
13:16:03.0062 3744 exfat - ok
13:16:03.0078 3744 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
13:16:03.0078 3744 fastfat - ok
13:16:03.0250 3744 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
13:16:03.0281 3744 Fax - ok
13:16:03.0296 3744 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
13:16:03.0296 3744 fdc - ok
13:16:03.0343 3744 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
13:16:03.0343 3744 fdPHost - ok
13:16:03.0374 3744 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
13:16:03.0374 3744 FDResPub - ok
13:16:03.0390 3744 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
13:16:03.0390 3744 FileInfo - ok
13:16:03.0406 3744 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
13:16:03.0406 3744 Filetrace - ok
13:16:03.0437 3744 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
13:16:03.0437 3744 flpydisk - ok
13:16:03.0484 3744 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
13:16:03.0484 3744 FltMgr - ok
13:16:03.0562 3744 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
13:16:03.0593 3744 FontCache - ok
13:16:03.0671 3744 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:16:03.0686 3744 FontCache3.0.0.0 - ok
13:16:03.0718 3744 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
13:16:03.0718 3744 FsDepends - ok
13:16:03.0764 3744 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
13:16:03.0764 3744 Fs_Rec - ok
13:16:03.0796 3744 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
13:16:03.0811 3744 fvevol - ok
13:16:03.0874 3744 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
13:16:03.0889 3744 gagp30kx - ok
13:16:03.0967 3744 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
13:16:03.0983 3744 gpsvc - ok
13:16:04.0076 3744 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:16:04.0092 3744 gupdate - ok
13:16:04.0092 3744 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:16:04.0108 3744 gupdatem - ok
13:16:04.0154 3744 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:16:04.0154 3744 gusvc - ok
13:16:04.0201 3744 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
13:16:04.0201 3744 hcw85cir - ok
13:16:04.0264 3744 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
13:16:04.0264 3744 HdAudAddService - ok
13:16:04.0295 3744 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
13:16:04.0295 3744 HDAudBus - ok
13:16:04.0295 3744 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
13:16:04.0295 3744 HidBatt - ok
13:16:04.0310 3744 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
13:16:04.0310 3744 HidBth - ok
13:16:04.0342 3744 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
13:16:04.0342 3744 HidIr - ok
13:16:04.0373 3744 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
13:16:04.0373 3744 hidserv - ok
13:16:04.0388 3744 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
13:16:04.0388 3744 HidUsb - ok
13:16:04.0420 3744 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
13:16:04.0420 3744 hkmsvc - ok
13:16:04.0451 3744 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
13:16:04.0451 3744 HomeGroupListener - ok
13:16:04.0482 3744 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
13:16:04.0482 3744 HomeGroupProvider - ok
13:16:04.0544 3744 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
13:16:04.0544 3744 HpSAMD - ok
13:16:04.0591 3744 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
13:16:04.0607 3744 HTTP - ok
13:16:04.0622 3744 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
13:16:04.0622 3744 hwpolicy - ok
13:16:04.0654 3744 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
13:16:04.0654 3744 i8042prt - ok
13:16:04.0716 3744 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
13:16:04.0716 3744 iaStor - ok
13:16:04.0794 3744 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
13:16:04.0794 3744 iaStorV - ok
13:16:04.0888 3744 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:16:04.0888 3744 IDriverT - ok
13:16:05.0028 3744 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:16:05.0028 3744 idsvc - ok
13:16:05.0777 3744 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
13:16:06.0011 3744 igfx - ok
13:16:06.0136 3744 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
13:16:06.0136 3744 iirsp - ok
13:16:06.0260 3744 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
13:16:06.0260 3744 IKEEXT - ok
13:16:06.0307 3744 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
13:16:06.0307 3744 IntcDAud - ok
13:16:06.0338 3744 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
13:16:06.0338 3744 intelide - ok
13:16:06.0370 3744 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
13:16:06.0370 3744 intelppm - ok
13:16:06.0416 3744 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
13:16:06.0416 3744 IPBusEnum - ok
13:16:06.0432 3744 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:16:06.0432 3744 IpFilterDriver - ok
13:16:06.0604 3744 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
13:16:06.0604 3744 iphlpsvc - ok
13:16:06.0619 3744 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
13:16:06.0635 3744 IPMIDRV - ok
13:16:06.0635 3744 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
13:16:06.0650 3744 IPNAT - ok
13:16:06.0713 3744 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
13:16:06.0713 3744 IRENUM - ok
13:16:06.0760 3744 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
13:16:06.0760 3744 isapnp - ok
13:16:06.0822 3744 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
13:16:06.0822 3744 iScsiPrt - ok
13:16:06.0869 3744 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
13:16:06.0869 3744 kbdclass - ok
13:16:06.0884 3744 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
13:16:06.0884 3744 kbdhid - ok
13:16:06.0916 3744 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:16:06.0916 3744 KeyIso - ok
13:16:06.0978 3744 kl1 (524503240d2ba280d97e2297102151ce) C:\windows\system32\DRIVERS\kl1.sys
13:16:06.0978 3744 kl1 - ok
13:16:07.0009 3744 KLIF (6ab7b4b65c5e201cb968dec20af10dcb) C:\windows\system32\DRIVERS\klif.sys
13:16:07.0025 3744 KLIF - ok
13:16:07.0025 3744 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\windows\system32\DRIVERS\klim6.sys
13:16:07.0040 3744 KLIM6 - ok
13:16:07.0072 3744 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
13:16:07.0072 3744 KSecDD - ok
13:16:07.0103 3744 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
13:16:07.0118 3744 KSecPkg - ok
13:16:07.0274 3744 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
13:16:07.0274 3744 ksthunk - ok
13:16:07.0321 3744 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
13:16:07.0321 3744 KtmRm - ok
13:16:07.0368 3744 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
13:16:07.0368 3744 L1C - ok
13:16:07.0430 3744 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
13:16:07.0446 3744 LanmanServer - ok
13:16:07.0462 3744 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
13:16:07.0462 3744 LanmanWorkstation - ok
13:16:07.0540 3744 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
13:16:07.0540 3744 lltdio - ok
13:16:07.0618 3744 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
13:16:07.0633 3744 lltdsvc - ok
13:16:07.0649 3744 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
13:16:07.0649 3744 lmhosts - ok
13:16:07.0852 3744 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:16:07.0883 3744 LMS - ok
13:16:07.0930 3744 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
13:16:07.0930 3744 LSI_FC - ok
13:16:07.0945 3744 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
13:16:07.0945 3744 LSI_SAS - ok
13:16:07.0961 3744 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
13:16:07.0961 3744 LSI_SAS2 - ok
13:16:07.0992 3744 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
13:16:07.0992 3744 LSI_SCSI - ok
13:16:08.0039 3744 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
13:16:08.0039 3744 luafv - ok
13:16:08.0070 3744 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
13:16:08.0086 3744 Mcx2Svc - ok
13:16:08.0132 3744 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
13:16:08.0132 3744 megasas - ok
13:16:08.0164 3744 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
13:16:08.0164 3744 MegaSR - ok
13:16:08.0195 3744 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
13:16:08.0195 3744 MEIx64 - ok
13:16:08.0226 3744 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
13:16:08.0226 3744 MMCSS - ok
13:16:08.0242 3744 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
13:16:08.0242 3744 Modem - ok
13:16:08.0273 3744 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
13:16:08.0273 3744 monitor - ok
13:16:08.0288 3744 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
13:16:08.0288 3744 mouclass - ok
13:16:08.0335 3744 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
13:16:08.0351 3744 mouhid - ok
13:16:08.0429 3744 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
13:16:08.0429 3744 mountmgr - ok
13:16:08.0491 3744 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
13:16:08.0491 3744 MpFilter - ok
13:16:08.0507 3744 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
13:16:08.0522 3744 mpio - ok
13:16:08.0585 3744 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
13:16:08.0585 3744 mpsdrv - ok
13:16:08.0600 3744 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
13:16:08.0600 3744 MRxDAV - ok
13:16:08.0632 3744 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
13:16:08.0632 3744 mrxsmb - ok
13:16:08.0678 3744 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:16:08.0678 3744 mrxsmb10 - ok
13:16:08.0710 3744 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:16:08.0710 3744 mrxsmb20 - ok
13:16:08.0772 3744 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
13:16:08.0772 3744 msahci - ok
13:16:08.0959 3744 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
13:16:08.0990 3744 msdsm - ok
13:16:09.0100 3744 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
13:16:09.0115 3744 MSDTC - ok
13:16:09.0287 3744 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
13:16:09.0302 3744 Msfs - ok
13:16:09.0380 3744 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
13:16:09.0380 3744 mshidkmdf - ok
13:16:09.0599 3744 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
13:16:09.0599 3744 msisadrv - ok
13:16:09.0724 3744 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
13:16:09.0724 3744 MSiSCSI - ok
13:16:09.0724 3744 msiserver - ok
13:16:10.0114 3744 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
13:16:10.0114 3744 MSKSSRV - ok
13:16:10.0270 3744 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:16:10.0270 3744 MsMpSvc - ok
13:16:10.0301 3744 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
13:16:10.0301 3744 MSPCLOCK - ok
13:16:10.0316 3744 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
13:16:10.0316 3744 MSPQM - ok
13:16:10.0410 3744 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
13:16:10.0441 3744 MsRPC - ok
13:16:10.0519 3744 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
13:16:10.0519 3744 mssmbios - ok
13:16:10.0550 3744 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
13:16:10.0550 3744 MSTEE - ok
13:16:10.0550 3744 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
13:16:10.0550 3744 MTConfig - ok
13:16:10.0566 3744 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
13:16:10.0566 3744 Mup - ok
13:16:10.0628 3744 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
13:16:10.0644 3744 napagent - ok
13:16:10.0675 3744 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
13:16:10.0691 3744 NativeWifiP - ok
13:16:10.0784 3744 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
13:16:10.0800 3744 NDIS - ok
13:16:10.0816 3744 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
13:16:10.0816 3744 NdisCap - ok
13:16:10.0847 3744 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
13:16:10.0847 3744 NdisTapi - ok
13:16:10.0878 3744 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
13:16:10.0878 3744 Ndisuio - ok
13:16:10.0909 3744 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
13:16:10.0909 3744 NdisWan - ok
13:16:10.0925 3744 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
13:16:10.0925 3744 NDProxy - ok
13:16:10.0972 3744 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
13:16:10.0972 3744 NetBIOS - ok
13:16:11.0034 3744 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
13:16:11.0034 3744 NetBT - ok
13:16:11.0096 3744 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:16:11.0096 3744 Netlogon - ok
13:16:11.0190 3744 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
13:16:11.0206 3744 Netman - ok
13:16:11.0237 3744 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
13:16:11.0268 3744 netprofm - ok
13:16:11.0377 3744 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:16:11.0377 3744 NetTcpPortSharing - ok
13:16:11.0424 3744 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
13:16:11.0424 3744 nfrd960 - ok
13:16:11.0486 3744 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
13:16:11.0486 3744 NisDrv - ok
13:16:11.0596 3744 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:16:11.0596 3744 NisSrv - ok
13:16:11.0642 3744 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
13:16:11.0642 3744 NlaSvc - ok
13:16:11.0798 3744 Norton PC Checkup Application Launcher - ok
13:16:11.0923 3744 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
13:16:11.0923 3744 Npfs - ok
13:16:11.0970 3744 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
13:16:11.0986 3744 nsi - ok
13:16:12.0017 3744 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
13:16:12.0017 3744 nsiproxy - ok
13:16:12.0095 3744 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
13:16:12.0110 3744 Ntfs - ok
13:16:12.0329 3744 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
13:16:12.0329 3744 Null - ok
13:16:12.0360 3744 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
13:16:12.0360 3744 nvraid - ok
13:16:12.0454 3744 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
13:16:12.0454 3744 nvstor - ok
13:16:12.0469 3744 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
13:16:12.0469 3744 nv_agp - ok
13:16:12.0559 3744 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
13:16:12.0561 3744 ohci1394 - ok
13:16:12.0826 3744 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:16:12.0826 3744 ose - ok
13:16:13.0263 3744 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:16:13.0388 3744 osppsvc - ok
13:16:13.0559 3744 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
13:16:13.0559 3744 p2pimsvc - ok
13:16:13.0590 3744 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
13:16:13.0606 3744 p2psvc - ok
13:16:13.0684 3744 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
13:16:13.0684 3744 Parport - ok
13:16:13.0731 3744 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
13:16:13.0731 3744 partmgr - ok
13:16:13.0778 3744 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
13:16:13.0778 3744 PcaSvc - ok
13:16:13.0996 3744 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
13:16:13.0996 3744 PCCUJobMgr - ok
13:16:14.0043 3744 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
13:16:14.0043 3744 pci - ok
13:16:14.0074 3744 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
13:16:14.0074 3744 pciide - ok
13:16:14.0090 3744 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
13:16:14.0105 3744 pcmcia - ok
13:16:14.0121 3744 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
13:16:14.0121 3744 pcw - ok
13:16:14.0152 3744 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
13:16:14.0152 3744 PEAUTH - ok
13:16:14.0214 3744 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
13:16:14.0214 3744 PerfHost - ok
13:16:14.0261 3744 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
13:16:14.0261 3744 PGEffect - ok
13:16:14.0417 3744 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
13:16:14.0433 3744 pla - ok
13:16:14.0682 3744 PLAVService (43d214b7e6bc6c84a4e33e353d488caa) C:\Program Files (x86)\Common Files\PLAV\PLAVservice.exe
13:16:14.0870 3744 PLAVService - ok
13:16:15.0041 3744 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
13:16:15.0041 3744 PlugPlay - ok
13:16:15.0119 3744 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
13:16:15.0119 3744 PNRPAutoReg - ok
13:16:15.0150 3744 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
13:16:15.0150 3744 PNRPsvc - ok
13:16:15.0213 3744 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
13:16:15.0228 3744 PolicyAgent - ok
13:16:15.0291 3744 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
13:16:15.0291 3744 Power - ok
13:16:15.0478 3744 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
13:16:15.0478 3744 PptpMiniport - ok
13:16:15.0494 3744 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
13:16:15.0494 3744 Processor - ok
13:16:15.0556 3744 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
13:16:15.0556 3744 ProfSvc - ok
13:16:15.0603 3744 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:16:15.0618 3744 ProtectedStorage - ok
13:16:15.0712 3744 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
13:16:15.0743 3744 Psched - ok
13:16:15.0790 3744 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
13:16:15.0790 3744 QIOMem - ok
13:16:16.0071 3744 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
13:16:16.0118 3744 ql2300 - ok
13:16:16.0383 3744 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
13:16:16.0383 3744 ql40xx - ok
13:16:16.0430 3744 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
13:16:16.0445 3744 QWAVE - ok
13:16:16.0461 3744 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
13:16:16.0476 3744 QWAVEdrv - ok
13:16:16.0492 3744 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
13:16:16.0492 3744 RasAcd - ok
13:16:16.0554 3744 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
13:16:16.0554 3744 RasAgileVpn - ok
13:16:16.0617 3744 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
13:16:16.0632 3744 RasAuto - ok
13:16:16.0679 3744 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
13:16:16.0695 3744 Rasl2tp - ok
13:16:16.0788 3744 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
13:16:16.0820 3744 RasMan - ok
13:16:16.0913 3744 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
13:16:16.0913 3744 RasPppoe - ok
13:16:16.0960 3744 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
13:16:16.0960 3744 RasSstp - ok
13:16:16.0991 3744 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
13:16:16.0991 3744 rdbss - ok
13:16:17.0054 3744 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
13:16:17.0054 3744 rdpbus - ok
13:16:17.0069 3744 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
13:16:17.0069 3744 RDPCDD - ok
13:16:17.0100 3744 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
13:16:17.0116 3744 RDPENCDD - ok
13:16:17.0132 3744 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
13:16:17.0132 3744 RDPREFMP - ok
13:16:17.0210 3744 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
13:16:17.0241 3744 RDPWD - ok
13:16:17.0319 3744 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
13:16:17.0319 3744 rdyboost - ok
13:16:17.0366 3744 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
13:16:17.0366 3744 RemoteAccess - ok
13:16:17.0412 3744 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
13:16:17.0412 3744 RemoteRegistry - ok
13:16:17.0428 3744 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
13:16:17.0428 3744 RpcEptMapper - ok
13:16:17.0506 3744 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
13:16:17.0506 3744 RpcLocator - ok
13:16:17.0568 3744 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
13:16:17.0568 3744 RpcSs - ok
13:16:17.0615 3744 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
13:16:17.0615 3744 rspndr - ok
13:16:17.0693 3744 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
13:16:17.0693 3744 RSUSBSTOR - ok
13:16:17.0777 3744 RSUSBVSTOR (e5dc911d0feb72caff2bbdd6e7c3672f) C:\windows\system32\Drivers\RTSUVSTOR.sys
13:16:17.0780 3744 RSUSBVSTOR - ok
13:16:17.0878 3744 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
13:16:17.0883 3744 RTL8192Ce - ok
13:16:17.0919 3744 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:16:17.0920 3744 SamSs - ok
13:16:17.0951 3744 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
13:16:17.0952 3744 sbp2port - ok
13:16:18.0171 3744 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:16:18.0201 3744 SBSDWSCService - ok
13:16:18.0263 3744 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
13:16:18.0266 3744 SCardSvr - ok
13:16:18.0330 3744 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
13:16:18.0331 3744 scfilter - ok
13:16:18.0468 3744 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
13:16:18.0479 3744 Schedule - ok
13:16:18.0509 3744 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
13:16:18.0510 3744 SCPolicySvc - ok
13:16:18.0549 3744 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
13:16:18.0552 3744 SDRSVC - ok
13:16:18.0698 3744 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
13:16:18.0699 3744 secdrv - ok
13:16:18.0744 3744 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
13:16:18.0746 3744 seclogon - ok
13:16:18.0763 3744 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
13:16:18.0764 3744 SENS - ok
13:16:18.0784 3744 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
13:16:18.0785 3744 SensrSvc - ok
13:16:18.0812 3744 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
13:16:18.0821 3744 Serenum - ok
13:16:18.0837 3744 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
13:16:18.0838 3744 Serial - ok
13:16:18.0870 3744 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
13:16:18.0872 3744 sermouse - ok
13:16:18.0902 3744 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
13:16:18.0904 3744 SessionEnv - ok
13:16:18.0907 3744 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
13:16:18.0908 3744 sffdisk - ok
13:16:18.0911 3744 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
13:16:18.0912 3744 sffp_mmc - ok
13:16:18.0915 3744 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
13:16:18.0915 3744 sffp_sd - ok
13:16:18.0919 3744 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
13:16:18.0921 3744 sfloppy - ok
13:16:19.0021 3744 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
13:16:19.0024 3744 Sftfs - ok
13:16:19.0168 3744 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:16:19.0173 3744 sftlist - ok
13:16:19.0228 3744 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
13:16:19.0229 3744 Sftplay - ok
13:16:19.0251 3744 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
13:16:19.0252 3744 Sftredir - ok
13:16:19.0300 3744 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
13:16:19.0301 3744 Sftvol - ok
13:16:19.0361 3744 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:16:19.0363 3744 sftvsa - ok
13:16:19.0398 3744 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
13:16:19.0402 3744 ShellHWDetection - ok
13:16:19.0440 3744 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
13:16:19.0441 3744 SiSRaid2 - ok
13:16:19.0446 3744 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
13:16:19.0448 3744 SiSRaid4 - ok
13:16:19.0469 3744 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
13:16:19.0470 3744 Smb - ok
13:16:19.0507 3744 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
13:16:19.0509 3744 SNMPTRAP - ok
13:16:19.0530 3744 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
13:16:19.0531 3744 spldr - ok
13:16:19.0576 3744 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
13:16:19.0583 3744 Spooler - ok
13:16:19.0742 3744 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
13:16:19.0795 3744 sppsvc - ok
13:16:19.0880 3744 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
13:16:19.0882 3744 sppuinotify - ok
13:16:19.0932 3744 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
13:16:19.0936 3744 srv - ok
13:16:19.0961 3744 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
13:16:19.0965 3744 srv2 - ok
13:16:20.0001 3744 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
13:16:20.0004 3744 SrvHsfHDA - ok
13:16:20.0078 3744 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
13:16:20.0109 3744 SrvHsfV92 - ok
13:16:20.0364 3744 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
13:16:20.0388 3744 SrvHsfWinac - ok
13:16:20.0424 3744 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
13:16:20.0426 3744 srvnet - ok
13:16:20.0471 3744 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
13:16:20.0475 3744 SSDPSRV - ok
13:16:20.0490 3744 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
13:16:20.0492 3744 SstpSvc - ok
13:16:20.0514 3744 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
13:16:20.0515 3744 stexstor - ok
13:16:20.0557 3744 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
13:16:20.0563 3744 stisvc - ok
13:16:20.0582 3744 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
13:16:20.0583 3744 swenum - ok
13:16:20.0636 3744 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
13:16:20.0642 3744 swprv - ok
13:16:20.0846 3744 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
13:16:20.0852 3744 SynTP - ok
13:16:21.0200 3744 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
13:16:21.0247 3744 SysMain - ok
13:16:21.0371 3744 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
13:16:21.0387 3744 TabletInputService - ok
13:16:21.0449 3744 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
13:16:21.0449 3744 TapiSrv - ok
13:16:21.0481 3744 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
13:16:21.0481 3744 TBS - ok
13:16:21.0933 3744 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
13:16:21.0995 3744 Tcpip - ok
13:16:22.0385 3744 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
13:16:22.0401 3744 TCPIP6 - ok
13:16:22.0573 3744 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
13:16:22.0573 3744 tcpipreg - ok
13:16:22.0635 3744 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
13:16:22.0635 3744 tdcmdpst - ok
13:16:22.0666 3744 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
13:16:22.0666 3744 TDPIPE - ok
13:16:22.0697 3744 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
13:16:22.0697 3744 TDTCP - ok
13:16:22.0713 3744 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
13:16:22.0729 3744 tdx - ok
13:16:22.0729 3744 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
13:16:22.0729 3744 TermDD - ok
13:16:22.0885 3744 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
13:16:22.0916 3744 TermService - ok
13:16:22.0931 3744 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
13:16:22.0931 3744 Themes - ok
13:16:22.0963 3744 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
13:16:22.0963 3744 THREADORDER - ok
13:16:23.0041 3744 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:16:23.0041 3744 TMachInfo - ok
13:16:23.0072 3744 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
13:16:23.0072 3744 TODDSrv - ok
13:16:23.0212 3744 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
13:16:23.0228 3744 TosCoSrv - ok
13:16:23.0290 3744 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe
13:16:23.0290 3744 TOSHIBA eco Utility Service - ok
13:16:23.0337 3744 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:16:23.0353 3744 TOSHIBA HDD SSD Alert Service - ok
13:16:23.0446 3744 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
13:16:23.0462 3744 tos_sps64 - ok
13:16:23.0555 3744 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
13:16:23.0571 3744 TPCHSrv - ok
13:16:23.0665 3744 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
13:16:23.0665 3744 TrkWks - ok
13:16:23.0727 3744 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
13:16:23.0727 3744 TrustedInstaller - ok
13:16:23.0789 3744 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
13:16:23.0789 3744 tssecsrv - ok
13:16:23.0805 3744 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
13:16:23.0805 3744 TsUsbFlt - ok
13:16:23.0805 3744 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
13:16:23.0805 3744 TsUsbGD - ok
13:16:23.0836 3744 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
13:16:23.0836 3744 tunnel - ok
13:16:23.0883 3744 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:16:23.0883 3744 TVALZ - ok
13:16:23.0914 3744 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
13:16:23.0914 3744 TVALZFL - ok
13:16:23.0961 3744 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
13:16:23.0961 3744 uagp35 - ok
13:16:23.0992 3744 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
13:16:24.0008 3744 udfs - ok
13:16:24.0039 3744 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
13:16:24.0039 3744 UI0Detect - ok
13:16:24.0055 3744 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
13:16:24.0055 3744 uliagpkx - ok
13:16:24.0086 3744 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
13:16:24.0086 3744 umbus - ok
13:16:24.0086 3744 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
13:16:24.0101 3744 UmPass - ok
13:16:24.0507 3744 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:16:24.0601 3744 UNS - ok
13:16:24.0725 3744 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
13:16:24.0741 3744 upnphost - ok
13:16:24.0803 3744 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
13:16:24.0803 3744 usbccgp - ok
13:16:24.0835 3744 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
13:16:24.0850 3744 usbcir - ok
13:16:24.0881 3744 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
13:16:24.0881 3744 usbehci - ok
13:16:24.0913 3744 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
13:16:24.0928 3744 usbhub - ok
13:16:24.0991 3744 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
13:16:24.0991 3744 usbohci - ok
13:16:25.0037 3744 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
13:16:25.0037 3744 usbprint - ok
13:16:25.0069 3744 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
13:16:25.0069 3744 usbscan - ok
13:16:25.0084 3744 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:16:25.0084 3744 USBSTOR - ok
13:16:25.0100 3744 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
13:16:25.0100 3744 usbuhci - ok
13:16:25.0147 3744 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
13:16:25.0147 3744 usbvideo - ok
13:16:25.0193 3744 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
13:16:25.0209 3744 UxSms - ok
13:16:25.0240 3744 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:16:25.0240 3744 VaultSvc - ok
13:16:25.0256 3744 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
13:16:25.0256 3744 vdrvroot - ok
13:16:25.0334 3744 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
13:16:25.0334 3744 vds - ok
13:16:25.0381 3744 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
13:16:25.0381 3744 vga - ok
13:16:25.0396 3744 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
13:16:25.0396 3744 VgaSave - ok
13:16:25.0412 3744 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
13:16:25.0412 3744 vhdmp - ok
13:16:25.0427 3744 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
13:16:25.0427 3744 viaide - ok
13:16:25.0443 3744 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
13:16:25.0443 3744 volmgr - ok
13:16:25.0474 3744 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
13:16:25.0474 3744 volmgrx - ok
13:16:25.0505 3744 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
13:16:25.0505 3744 volsnap - ok
13:16:25.0552 3744 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
13:16:25.0552 3744 vsmraid - ok
13:16:25.0677 3744 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
13:16:25.0724 3744 VSS - ok
13:16:25.0895 3744 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
13:16:25.0911 3744 vwifibus - ok
13:16:25.0927 3744 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
13:16:25.0927 3744 vwififlt - ok
13:16:25.0973 3744 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
13:16:25.0973 3744 W32Time - ok
13:16:25.0989 3744 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
13:16:26.0005 3744 WacomPen - ok
13:16:26.0020 3744 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:16:26.0020 3744 WANARP - ok
13:16:26.0036 3744 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:16:26.0051 3744 Wanarpv6 - ok
13:16:26.0129 3744 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
13:16:26.0145 3744 WatAdminSvc - ok
13:16:26.0239 3744 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
13:16:26.0254 3744 wbengine - ok
13:16:26.0441 3744 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
13:16:26.0441 3744 WbioSrvc - ok
13:16:26.0488 3744 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
13:16:26.0504 3744 wcncsvc - ok
13:16:26.0519 3744 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
13:16:26.0519 3744 WcsPlugInService - ok
13:16:26.0566 3744 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
13:16:26.0566 3744 Wd - ok
13:16:26.0644 3744 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
13:16:26.0644 3744 Wdf01000 - ok
13:16:26.0660 3744 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
13:16:26.0675 3744 WdiServiceHost - ok
13:16:26.0675 3744 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
13:16:26.0675 3744 WdiSystemHost - ok
13:16:26.0722 3744 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
13:16:26.0722 3744 WebClient - ok
13:16:26.0753 3744 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
13:16:26.0753 3744 Wecsvc - ok
13:16:26.0863 3744 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
13:16:26.0878 3744 wercplsupport - ok
13:16:26.0925 3744 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
13:16:26.0925 3744 WerSvc - ok
13:16:26.0987 3744 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
13:16:26.0987 3744 WfpLwf - ok
13:16:27.0003 3744 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
13:16:27.0003 3744 WIMMount - ok
13:16:27.0112 3744 WinDefend - ok
13:16:27.0112 3744 WinHttpAutoProxySvc - ok
13:16:27.0221 3744 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
13:16:27.0237 3744 Winmgmt - ok
13:16:27.0471 3744 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
13:16:27.0533 3744 WinRM - ok
13:16:27.0736 3744 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
13:16:27.0736 3744 WinUsb - ok
13:16:27.0783 3744 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
13:16:27.0799 3744 Wlansvc - ok
13:16:27.0877 3744 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:16:27.0877 3744 wlcrasvc - ok
13:16:28.0126 3744 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:16:28.0204 3744 wlidsvc - ok
13:16:28.0360 3744 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
13:16:28.0376 3744 WmiAcpi - ok
13:16:28.0454 3744 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
13:16:28.0469 3744 wmiApSrv - ok
13:16:28.0516 3744 WMPNetworkSvc - ok
13:16:28.0547 3744 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
13:16:28.0563 3744 WPCSvc - ok
13:16:28.0579 3744 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
13:16:28.0579 3744 WPDBusEnum - ok
13:16:28.0625 3744 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
13:16:28.0625 3744 ws2ifsl - ok
13:16:28.0672 3744 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
13:16:28.0688 3744 wscsvc - ok
13:16:28.0688 3744 WSearch - ok
13:16:28.0906 3744 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
13:16:29.0015 3744 wuauserv - ok
13:16:29.0343 3744 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
13:16:29.0343 3744 WudfPf - ok
13:16:29.0390 3744 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
13:16:29.0405 3744 WUDFRd - ok
13:16:29.0437 3744 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
13:16:29.0437 3744 wudfsvc - ok
13:16:29.0468 3744 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
13:16:29.0468 3744 WwanSvc - ok
13:16:29.0515 3744 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:16:29.0749 3744 \Device\Harddisk0\DR0 - ok
13:16:30.0076 3744 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
13:16:30.0076 3744 \Device\Harddisk1\DR1 - ok
13:16:30.0092 3744 Boot (0x1200) (8ac23bed265b9837b514c7ad0ae3474b) \Device\Harddisk0\DR0\Partition0
13:16:30.0092 3744 \Device\Harddisk0\DR0\Partition0 - ok
13:16:30.0092 3744 Boot (0x1200) (80bc17dc7ee26e8576cd4814feb96197) \Device\Harddisk1\DR1\Partition0
13:16:30.0092 3744 \Device\Harddisk1\DR1\Partition0 - ok
13:16:30.0107 3744 ============================================================
13:16:30.0107 3744 Scan finished
13:16:30.0107 3744 ============================================================
13:16:30.0107 3736 Detected object count: 0
13:16:30.0107 3736 Actual detected object count: 0
13:16:48.0063 3692 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users