Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Boot.sst.b


  • This topic is locked This topic is locked
11 replies to this topic

#1 mrbeach

mrbeach

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 02 December 2012 - 05:19 AM

Hi,

I came across this forum while trying to find an answer to my problem and hope you may be able to help.

PC was infected with rootkit boot.sst.b that I found by using Kapersky Rescue Disk. Kapersky disinfected the rootkit but now the PC will not boot.

When turned on it gets as far as the starting windows screen and then re-boots and goes to start up repair. Neither start up repair or system restore succeed in getting the PC back to a bootable state.

Any help you may be able to provide would be greatly appreciated.

The PC is running Windows 7

Many thanks,
Martin

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:57 PM

Posted 02 December 2012 - 07:25 AM

Hello Martin,

Welcome to the forum.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 mrbeach

mrbeach
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 02 December 2012 - 11:04 AM

Hi Just Curious,

Many thanks for your reply. Below is the log of the scan.

Martin

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012 (ATTENTION: FRST version is 9 days old)
Ran by SYSTEM at 02-12-2012 11:56:12
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7834656 2009-06-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1779952 2009-07-07] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe [x]
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\Chris\...\Run: [Jessops Insert Detect] C:\Program Files\Jessops\Picture Suite\InsDetect.exe [262144 2003-02-17] ()
HKU\Chris\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-02] (Google Inc.)
HKU\Chris\...\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon [772096 2009-06-18] (Sony Ericsson Mobile Communications AB)
HKU\Chris\...\Policies\system: [LogonHoursAction] 2
HKU\Chris\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Julie\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Julie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-02] (Google Inc.)
HKU\Julie\...\Run: [Mxumiritad] rundll32.exe "C:\Users\Julie\AppData\Local\pcmsb19.dll",Startup [x]
HKU\Julie\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
HKU\Julie\...\Run: [Lgihekul] rundll32.exe "C:\Users\Julie\AppData\Local\eqiyayidadotib.dll",Startup [x]
HKU\Julie\...\Policies\system: [LogonHoursAction] 2
HKU\Julie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lou\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Lou\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-02] (Google Inc.)
HKU\Lou\...\Policies\system: [LogonHoursAction] 2
HKU\Lou\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Steve\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Steve\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-02] (Google Inc.)
HKU\Steve\...\Run: [cmdetup] rundll32 "C:\Users\Steve\AppData\Local\Temp\notegini64.dll",CreateProcessNotify [103936 2012-11-13] ()
HKU\Steve\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe -update activex [x]
HKU\Steve\...\Policies\system: [LogonHoursAction] 2
HKU\Steve\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA0ADAANgAyADcAOAAxADkALQBGAFAAOQAyACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQQArADIA"&"prod=90"&"ver=9.0.872 [x]
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-08-17] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-08-17] ()
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Chris\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Julie\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lou\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Steve\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-06-22] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-06-22] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-06-22] (McAfee, Inc.)
2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
3 s1018bus; C:\Windows\System32\Drivers\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
3 s1018mdfl; C:\Windows\System32\Drivers\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
3 s1018mdm; C:\Windows\System32\Drivers\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
3 s1018mgmt; C:\Windows\System32\Drivers\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
3 s1018nd5; C:\Windows\System32\Drivers\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
3 s1018obex; C:\Windows\System32\Drivers\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
3 s1018unic; C:\Windows\System32\Drivers\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
3 s125bus; C:\Windows\System32\Drivers\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
3 s125mdfl; C:\Windows\System32\Drivers\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation)
3 s125mdm; C:\Windows\System32\Drivers\s125mdm.sys [144648 2007-04-24] (MCCI Corporation)
3 s125mgmt; C:\Windows\System32\Drivers\s125mgmt.sys [126216 2007-04-24] (MCCI Corporation)
3 s125obex; C:\Windows\System32\Drivers\s125obex.sys [123656 2007-04-24] (MCCI Corporation)
3 mfeavfk01; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-02 11:56 - 2012-12-02 11:56 - 00000000 ____D C:\FRST
2012-12-01 09:08 - 2012-12-01 09:37 - 00002120 ____A C:\scu.dat
2012-12-01 09:03 - 2012-12-01 09:03 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-28 18:19 - 2012-11-28 18:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-28 18:19 - 2012-11-28 18:19 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-28 18:19 - 2012-11-28 18:19 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-28 18:18 - 2012-11-28 18:18 - 00000056 ____A C:\Windows\setupact.log
2012-11-28 18:18 - 2012-11-28 18:18 - 00000000 ____A C:\Windows\setuperr.log
2012-11-27 22:53 - 2012-11-27 22:52 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-11-27 22:53 - 2012-11-27 22:52 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-11-27 22:53 - 2012-11-27 22:52 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-11-27 22:53 - 2012-11-27 22:52 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-11-27 22:53 - 2012-11-27 22:52 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-11-27 22:13 - 2012-12-02 06:33 - 00000000 ____D C:\Program Files\CCleaner
2012-11-27 20:10 - 2012-12-02 06:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-27 20:10 - 2012-11-27 20:11 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-27 20:10 - 2012-11-27 20:11 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-27 20:10 - 2012-11-27 20:10 - 00000000 ____D C:\Users\Chris\Application Data\Malwarebytes
2012-11-27 20:10 - 2012-11-27 20:10 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Malwarebytes
2012-11-27 20:10 - 2012-11-27 20:10 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-27 20:10 - 2012-11-27 20:10 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-11-27 19:28 - 2012-11-27 19:29 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{707221CA-2F0C-4962-8D38-A22EB0422D03}
2012-11-27 19:28 - 2012-11-27 19:29 - 00000000 ____D C:\Users\Julie\Local Settings\{707221CA-2F0C-4962-8D38-A22EB0422D03}
2012-11-27 19:28 - 2012-11-27 19:29 - 00000000 ____D C:\Users\Julie\AppData\Local\{707221CA-2F0C-4962-8D38-A22EB0422D03}
2012-11-27 18:07 - 2012-11-27 18:07 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{4BAA788A-8CF2-486C-B834-475256E60572}
2012-11-27 18:07 - 2012-11-27 18:07 - 00000000 ____D C:\Users\Lou\Local Settings\{4BAA788A-8CF2-486C-B834-475256E60572}
2012-11-27 18:07 - 2012-11-27 18:07 - 00000000 ____D C:\Users\Lou\AppData\Local\{4BAA788A-8CF2-486C-B834-475256E60572}
2012-11-26 17:58 - 2012-11-26 17:58 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{ED303850-701A-4FFD-AF0B-70DA175C9334}
2012-11-26 17:58 - 2012-11-26 17:58 - 00000000 ____D C:\Users\Lou\Local Settings\{ED303850-701A-4FFD-AF0B-70DA175C9334}
2012-11-26 17:58 - 2012-11-26 17:58 - 00000000 ____D C:\Users\Lou\AppData\Local\{ED303850-701A-4FFD-AF0B-70DA175C9334}
2012-11-26 17:00 - 2012-11-26 17:00 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{01BEE744-D7D1-46BF-83D5-361D8F197A47}
2012-11-26 17:00 - 2012-11-26 17:00 - 00000000 ____D C:\Users\Steve\Local Settings\{01BEE744-D7D1-46BF-83D5-361D8F197A47}
2012-11-26 17:00 - 2012-11-26 17:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{01BEE744-D7D1-46BF-83D5-361D8F197A47}
2012-11-25 15:24 - 2012-11-25 15:24 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{2E8F946E-C0E5-42AC-9C62-5BF111EA862E}
2012-11-25 15:24 - 2012-11-25 15:24 - 00000000 ____D C:\Users\Lou\Local Settings\{2E8F946E-C0E5-42AC-9C62-5BF111EA862E}
2012-11-25 15:24 - 2012-11-25 15:24 - 00000000 ____D C:\Users\Lou\AppData\Local\{2E8F946E-C0E5-42AC-9C62-5BF111EA862E}
2012-11-25 09:16 - 2012-11-25 09:16 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{F99929ED-FF12-4A4D-B63B-3E1F136D6483}
2012-11-25 09:16 - 2012-11-25 09:16 - 00000000 ____D C:\Users\Julie\Local Settings\{F99929ED-FF12-4A4D-B63B-3E1F136D6483}
2012-11-25 09:16 - 2012-11-25 09:16 - 00000000 ____D C:\Users\Julie\AppData\Local\{F99929ED-FF12-4A4D-B63B-3E1F136D6483}
2012-11-24 12:00 - 2012-11-24 12:00 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{40A24105-E91C-4F92-A437-5E4B0B6A5927}
2012-11-24 12:00 - 2012-11-24 12:00 - 00000000 ____D C:\Users\Steve\Local Settings\{40A24105-E91C-4F92-A437-5E4B0B6A5927}
2012-11-24 12:00 - 2012-11-24 12:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{40A24105-E91C-4F92-A437-5E4B0B6A5927}
2012-11-24 10:34 - 2012-11-24 10:34 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{B78E5ADD-5FEC-471F-BCBB-7F2A55BBA2EF}
2012-11-24 10:34 - 2012-11-24 10:34 - 00000000 ____D C:\Users\Lou\Local Settings\{B78E5ADD-5FEC-471F-BCBB-7F2A55BBA2EF}
2012-11-24 10:34 - 2012-11-24 10:34 - 00000000 ____D C:\Users\Lou\AppData\Local\{B78E5ADD-5FEC-471F-BCBB-7F2A55BBA2EF}
2012-11-23 17:32 - 2012-11-23 17:32 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{6B9F0B01-6E9A-44CC-822B-60C53F609FB0}
2012-11-23 17:32 - 2012-11-23 17:32 - 00000000 ____D C:\Users\Lou\Local Settings\{6B9F0B01-6E9A-44CC-822B-60C53F609FB0}
2012-11-23 17:32 - 2012-11-23 17:32 - 00000000 ____D C:\Users\Lou\AppData\Local\{6B9F0B01-6E9A-44CC-822B-60C53F609FB0}
2012-11-23 16:58 - 2012-11-23 16:58 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{0ADA2318-7959-4136-9516-7AE4B0829CC0}
2012-11-23 16:58 - 2012-11-23 16:58 - 00000000 ____D C:\Users\Steve\Local Settings\{0ADA2318-7959-4136-9516-7AE4B0829CC0}
2012-11-23 16:58 - 2012-11-23 16:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{0ADA2318-7959-4136-9516-7AE4B0829CC0}
2012-11-22 19:22 - 2012-11-22 19:22 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{84DF9B40-00C4-4F05-9C5A-937D42A68605}
2012-11-22 19:22 - 2012-11-22 19:22 - 00000000 ____D C:\Users\Steve\Local Settings\{84DF9B40-00C4-4F05-9C5A-937D42A68605}
2012-11-22 19:22 - 2012-11-22 19:22 - 00000000 ____D C:\Users\Steve\AppData\Local\{84DF9B40-00C4-4F05-9C5A-937D42A68605}
2012-11-22 16:59 - 2012-11-22 16:59 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{26436B48-F02F-4FC0-A1A3-EB350068703C}
2012-11-22 16:59 - 2012-11-22 16:59 - 00000000 ____D C:\Users\Lou\Local Settings\{26436B48-F02F-4FC0-A1A3-EB350068703C}
2012-11-22 16:59 - 2012-11-22 16:59 - 00000000 ____D C:\Users\Lou\AppData\Local\{26436B48-F02F-4FC0-A1A3-EB350068703C}
2012-11-21 18:19 - 2012-11-21 18:20 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{0E34A238-D4A6-4BFB-9DF6-B9C307BF6471}
2012-11-21 18:19 - 2012-11-21 18:20 - 00000000 ____D C:\Users\Steve\Local Settings\{0E34A238-D4A6-4BFB-9DF6-B9C307BF6471}
2012-11-21 18:19 - 2012-11-21 18:20 - 00000000 ____D C:\Users\Steve\AppData\Local\{0E34A238-D4A6-4BFB-9DF6-B9C307BF6471}
2012-11-20 17:16 - 2012-11-20 17:16 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{7A0D582A-8D5B-43A3-AE05-541752E28B27}
2012-11-20 17:16 - 2012-11-20 17:16 - 00000000 ____D C:\Users\Lou\Local Settings\{7A0D582A-8D5B-43A3-AE05-541752E28B27}
2012-11-20 17:16 - 2012-11-20 17:16 - 00000000 ____D C:\Users\Lou\AppData\Local\{7A0D582A-8D5B-43A3-AE05-541752E28B27}
2012-11-20 06:59 - 2012-11-20 06:59 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{4ACA9CC6-66E6-453C-8DFC-B271D1598219}
2012-11-20 06:59 - 2012-11-20 06:59 - 00000000 ____D C:\Users\Julie\Local Settings\{4ACA9CC6-66E6-453C-8DFC-B271D1598219}
2012-11-20 06:59 - 2012-11-20 06:59 - 00000000 ____D C:\Users\Julie\AppData\Local\{4ACA9CC6-66E6-453C-8DFC-B271D1598219}
2012-11-19 18:50 - 2012-11-19 18:50 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{580326B8-125E-4CB7-AC1D-33C463066E98}
2012-11-19 18:50 - 2012-11-19 18:50 - 00000000 ____D C:\Users\Lou\Local Settings\{580326B8-125E-4CB7-AC1D-33C463066E98}
2012-11-19 18:50 - 2012-11-19 18:50 - 00000000 ____D C:\Users\Lou\AppData\Local\{580326B8-125E-4CB7-AC1D-33C463066E98}
2012-11-18 20:35 - 2012-11-18 20:35 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{4082DE4D-31AE-4926-8A9E-B7ACA5E28F4F}
2012-11-18 20:35 - 2012-11-18 20:35 - 00000000 ____D C:\Users\Steve\Local Settings\{4082DE4D-31AE-4926-8A9E-B7ACA5E28F4F}
2012-11-18 20:35 - 2012-11-18 20:35 - 00000000 ____D C:\Users\Steve\AppData\Local\{4082DE4D-31AE-4926-8A9E-B7ACA5E28F4F}
2012-11-18 11:38 - 2012-11-18 11:38 - 00001975 ____A C:\Users\Lou\My Documents\Planets - Shortcut.lnk
2012-11-18 11:38 - 2012-11-18 11:38 - 00001975 ____A C:\Users\Lou\Documents\Planets - Shortcut.lnk
2012-11-18 10:06 - 2012-11-18 10:06 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{5E488431-C0EA-487E-A157-857227876C45}
2012-11-18 10:06 - 2012-11-18 10:06 - 00000000 ____D C:\Users\Lou\Local Settings\{5E488431-C0EA-487E-A157-857227876C45}
2012-11-18 10:06 - 2012-11-18 10:06 - 00000000 ____D C:\Users\Lou\AppData\Local\{5E488431-C0EA-487E-A157-857227876C45}
2012-11-17 10:12 - 2012-11-17 10:12 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{05C14128-F272-4001-AAC8-6314AC50D14E}
2012-11-17 10:12 - 2012-11-17 10:12 - 00000000 ____D C:\Users\Lou\Local Settings\{05C14128-F272-4001-AAC8-6314AC50D14E}
2012-11-17 10:12 - 2012-11-17 10:12 - 00000000 ____D C:\Users\Lou\AppData\Local\{05C14128-F272-4001-AAC8-6314AC50D14E}
2012-11-16 19:12 - 2012-11-16 19:12 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{3C851943-B3DB-4E27-820B-DAAEE0E1A126}
2012-11-16 19:12 - 2012-11-16 19:12 - 00000000 ____D C:\Users\Lou\Local Settings\{3C851943-B3DB-4E27-820B-DAAEE0E1A126}
2012-11-16 19:12 - 2012-11-16 19:12 - 00000000 ____D C:\Users\Lou\AppData\Local\{3C851943-B3DB-4E27-820B-DAAEE0E1A126}
2012-11-15 23:09 - 2012-07-26 05:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-15 23:09 - 2012-07-26 05:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-15 23:09 - 2012-07-26 03:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-15 23:09 - 2012-06-02 15:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-15 23:04 - 2012-10-08 13:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-15 23:04 - 2012-10-08 12:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-15 23:04 - 2012-10-08 12:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-15 23:04 - 2012-10-08 12:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-15 23:04 - 2012-10-08 12:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-15 23:04 - 2012-10-08 12:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-15 23:04 - 2012-10-08 12:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-15 23:04 - 2012-10-08 12:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-15 23:04 - 2012-10-08 12:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-15 23:04 - 2012-10-08 12:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-15 23:04 - 2012-10-08 12:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-15 23:04 - 2012-10-08 12:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-15 23:04 - 2012-10-08 12:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-15 23:04 - 2012-10-08 12:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-15 23:04 - 2012-10-08 12:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-15 23:04 - 2012-10-08 12:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-15 23:04 - 2012-10-08 09:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-15 23:04 - 2012-10-08 09:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-15 23:04 - 2012-10-08 08:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-15 23:04 - 2012-10-08 08:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-15 23:04 - 2012-10-08 08:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-15 23:04 - 2012-10-08 08:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-15 23:04 - 2012-10-08 08:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-15 23:04 - 2012-10-08 08:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-15 23:04 - 2012-10-08 08:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-15 23:04 - 2012-10-08 08:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-15 23:04 - 2012-10-08 08:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-15 23:04 - 2012-10-08 08:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-15 23:04 - 2012-10-08 08:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-15 23:04 - 2012-10-08 08:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-15 23:04 - 2012-10-08 08:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-15 23:04 - 2012-10-08 08:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-15 23:01 - 2012-07-26 04:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-15 23:01 - 2012-07-26 04:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-15 23:01 - 2012-07-26 04:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-15 23:01 - 2012-07-26 04:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-15 23:01 - 2012-07-26 04:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 23:01 - 2012-07-26 03:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-15 23:01 - 2012-07-26 03:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-15 23:01 - 2012-06-02 15:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-15 18:05 - 2012-11-15 18:05 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{BF0F9F53-543A-49FF-A254-EADDD364EA10}
2012-11-15 18:05 - 2012-11-15 18:05 - 00000000 ____D C:\Users\Steve\Local Settings\{BF0F9F53-543A-49FF-A254-EADDD364EA10}
2012-11-15 18:05 - 2012-11-15 18:05 - 00000000 ____D C:\Users\Steve\AppData\Local\{BF0F9F53-543A-49FF-A254-EADDD364EA10}
2012-11-15 17:25 - 2012-10-09 19:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-15 17:25 - 2012-10-09 19:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-15 17:25 - 2012-10-09 18:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-15 17:25 - 2012-10-09 18:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-15 17:24 - 2012-10-18 19:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-15 17:24 - 2012-10-03 18:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-15 17:24 - 2012-10-03 18:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-15 17:24 - 2012-10-03 18:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-15 17:24 - 2012-10-03 18:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-15 17:24 - 2012-10-03 18:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-15 17:24 - 2012-10-03 18:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-15 17:24 - 2012-10-03 18:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-15 17:24 - 2012-10-03 17:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-15 17:24 - 2012-10-03 17:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-15 17:24 - 2012-10-03 17:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-15 17:24 - 2012-10-03 17:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-15 17:24 - 2012-09-25 23:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-15 17:24 - 2012-09-25 23:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-15 17:24 - 2012-01-13 08:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-14 20:34 - 2012-11-14 20:34 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{964F7B35-71A5-4954-ADC5-EF9C4ED09835}
2012-11-14 20:34 - 2012-11-14 20:34 - 00000000 ____D C:\Users\Julie\Local Settings\{964F7B35-71A5-4954-ADC5-EF9C4ED09835}
2012-11-14 20:34 - 2012-11-14 20:34 - 00000000 ____D C:\Users\Julie\AppData\Local\{964F7B35-71A5-4954-ADC5-EF9C4ED09835}
2012-11-14 08:50 - 2012-11-14 08:51 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{48FF9281-6779-45FB-85FA-DC135997B38E}
2012-11-14 08:50 - 2012-11-14 08:51 - 00000000 ____D C:\Users\Steve\Local Settings\{48FF9281-6779-45FB-85FA-DC135997B38E}
2012-11-14 08:50 - 2012-11-14 08:51 - 00000000 ____D C:\Users\Steve\AppData\Local\{48FF9281-6779-45FB-85FA-DC135997B38E}
2012-11-13 16:58 - 2012-11-13 16:58 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{AD9DEAC6-1838-48AC-8228-1746AD54B555}
2012-11-13 16:58 - 2012-11-13 16:58 - 00000000 ____D C:\Users\Steve\Local Settings\{AD9DEAC6-1838-48AC-8228-1746AD54B555}
2012-11-13 16:58 - 2012-11-13 16:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{AD9DEAC6-1838-48AC-8228-1746AD54B555}
2012-11-11 11:43 - 2012-11-11 11:43 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{5D267924-A562-4D94-BED5-6E4E91E61803}
2012-11-11 11:43 - 2012-11-11 11:43 - 00000000 ____D C:\Users\Steve\Local Settings\{5D267924-A562-4D94-BED5-6E4E91E61803}
2012-11-11 11:43 - 2012-11-11 11:43 - 00000000 ____D C:\Users\Steve\AppData\Local\{5D267924-A562-4D94-BED5-6E4E91E61803}
2012-11-11 09:56 - 2012-11-11 09:56 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{95029736-D392-4849-9949-8626CCB7BCC1}
2012-11-11 09:56 - 2012-11-11 09:56 - 00000000 ____D C:\Users\Lou\Local Settings\{95029736-D392-4849-9949-8626CCB7BCC1}
2012-11-11 09:56 - 2012-11-11 09:56 - 00000000 ____D C:\Users\Lou\AppData\Local\{95029736-D392-4849-9949-8626CCB7BCC1}
2012-11-10 12:55 - 2012-11-10 12:56 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{8FC299EE-ADCF-42A6-A658-81A13E09A280}
2012-11-10 12:55 - 2012-11-10 12:56 - 00000000 ____D C:\Users\Steve\Local Settings\{8FC299EE-ADCF-42A6-A658-81A13E09A280}
2012-11-10 12:55 - 2012-11-10 12:56 - 00000000 ____D C:\Users\Steve\AppData\Local\{8FC299EE-ADCF-42A6-A658-81A13E09A280}
2012-11-09 21:29 - 2012-11-09 21:29 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{4402A918-2043-408B-97A7-B0C38ACC9C74}
2012-11-09 21:29 - 2012-11-09 21:29 - 00000000 ____D C:\Users\Steve\Local Settings\{4402A918-2043-408B-97A7-B0C38ACC9C74}
2012-11-09 21:29 - 2012-11-09 21:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{4402A918-2043-408B-97A7-B0C38ACC9C74}
2012-11-09 16:59 - 2012-11-09 16:59 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{E615424C-F11D-4590-871C-C757362E72D7}
2012-11-09 16:59 - 2012-11-09 16:59 - 00000000 ____D C:\Users\Lou\Local Settings\{E615424C-F11D-4590-871C-C757362E72D7}
2012-11-09 16:59 - 2012-11-09 16:59 - 00000000 ____D C:\Users\Lou\AppData\Local\{E615424C-F11D-4590-871C-C757362E72D7}
2012-11-09 08:55 - 2012-11-09 08:55 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{0AE78E46-E428-447F-9115-A1339E16751B}
2012-11-09 08:55 - 2012-11-09 08:55 - 00000000 ____D C:\Users\Steve\Local Settings\{0AE78E46-E428-447F-9115-A1339E16751B}
2012-11-09 08:55 - 2012-11-09 08:55 - 00000000 ____D C:\Users\Steve\AppData\Local\{0AE78E46-E428-447F-9115-A1339E16751B}
2012-11-07 18:31 - 2012-11-07 18:31 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{6EE7B5DB-9BB7-456F-8517-BB380622647E}
2012-11-07 18:31 - 2012-11-07 18:31 - 00000000 ____D C:\Users\Julie\Local Settings\{6EE7B5DB-9BB7-456F-8517-BB380622647E}
2012-11-07 18:31 - 2012-11-07 18:31 - 00000000 ____D C:\Users\Julie\AppData\Local\{6EE7B5DB-9BB7-456F-8517-BB380622647E}
2012-11-06 19:38 - 2012-11-06 19:38 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{270461A7-914A-4B62-8D4D-9EA4873BBCE1}
2012-11-06 19:38 - 2012-11-06 19:38 - 00000000 ____D C:\Users\Julie\Local Settings\{270461A7-914A-4B62-8D4D-9EA4873BBCE1}
2012-11-06 19:38 - 2012-11-06 19:38 - 00000000 ____D C:\Users\Julie\AppData\Local\{270461A7-914A-4B62-8D4D-9EA4873BBCE1}
2012-11-06 17:09 - 2012-11-06 17:09 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{DC7AEBCD-DA89-4813-B0B0-BED560A02918}
2012-11-06 17:09 - 2012-11-06 17:09 - 00000000 ____D C:\Users\Lou\Local Settings\{DC7AEBCD-DA89-4813-B0B0-BED560A02918}
2012-11-06 17:09 - 2012-11-06 17:09 - 00000000 ____D C:\Users\Lou\AppData\Local\{DC7AEBCD-DA89-4813-B0B0-BED560A02918}
2012-11-05 16:51 - 2012-11-05 16:51 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{757B0852-EC69-42D5-826D-96A7D111357F}
2012-11-05 16:51 - 2012-11-05 16:51 - 00000000 ____D C:\Users\Lou\Local Settings\{757B0852-EC69-42D5-826D-96A7D111357F}
2012-11-05 16:51 - 2012-11-05 16:51 - 00000000 ____D C:\Users\Lou\AppData\Local\{757B0852-EC69-42D5-826D-96A7D111357F}
2012-11-04 09:45 - 2012-11-04 09:46 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{C9B11192-76AF-4686-B758-3178CE8E5926}
2012-11-04 09:45 - 2012-11-04 09:46 - 00000000 ____D C:\Users\Lou\Local Settings\{C9B11192-76AF-4686-B758-3178CE8E5926}
2012-11-04 09:45 - 2012-11-04 09:46 - 00000000 ____D C:\Users\Lou\AppData\Local\{C9B11192-76AF-4686-B758-3178CE8E5926}

==================== One Month Modified Files and Folders =======

2012-12-02 11:56 - 2012-12-02 11:56 - 00000000 ____D C:\FRST
2012-12-02 06:33 - 2012-11-27 22:13 - 00000000 ____D C:\Program Files\CCleaner
2012-12-02 06:33 - 2012-11-27 20:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-02 06:33 - 2012-09-19 16:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-02 06:33 - 2012-07-20 13:36 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-12-02 06:33 - 2011-12-29 12:23 - 00000000 ____D C:\Program Files\Bonjour
2012-12-02 06:33 - 2011-12-29 12:23 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-12-02 06:33 - 2011-09-25 14:10 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2012-12-02 06:33 - 2011-09-25 14:10 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan
2012-12-02 06:33 - 2011-09-25 14:10 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-12-02 06:33 - 2011-08-10 19:31 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-12-02 06:33 - 2011-02-09 22:15 - 00000000 ____D C:\Program Files (x86)\McAfee Online Backup
2012-12-02 06:33 - 2009-10-29 11:16 - 00000000 ____D C:\users\Julie
2012-12-02 06:33 - 2009-10-29 08:31 - 00000000 ____D C:\users\Lou
2012-12-02 06:33 - 2009-10-28 22:01 - 00000000 ____D C:\users\Steve
2012-12-02 06:33 - 2009-10-28 21:30 - 00000000 ____D C:\users\Chris
2012-12-02 06:33 - 2009-10-23 17:10 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Online
2012-12-02 06:33 - 2009-10-23 17:10 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-12-02 06:33 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-12-02 06:33 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-12-02 06:33 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-12-02 06:33 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-12-02 06:33 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-12-02 06:33 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2012-12-02 06:33 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-12-02 06:33 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2012-12-02 06:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\migwiz
2012-12-02 06:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2012-12-02 06:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Cursors
2012-12-02 06:33 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-12-02 06:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2012-12-01 15:39 - 2009-10-28 21:30 - 00000000 ____D C:\Users\Chris\Local Settings\SoftThinks
2012-12-01 15:39 - 2009-10-28 21:30 - 00000000 ____D C:\Users\Chris\Local Settings\Application Data\SoftThinks
2012-12-01 15:39 - 2009-10-28 21:30 - 00000000 ____D C:\Users\Chris\AppData\Local\SoftThinks
2012-12-01 09:37 - 2012-12-01 09:08 - 00002120 ____A C:\scu.dat
2012-12-01 09:03 - 2012-12-01 09:03 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-28 19:25 - 2009-07-14 06:10 - 01286779 ____A C:\Windows\WindowsUpdate.log
2012-11-28 19:09 - 2012-10-18 22:07 - 00002376 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-11-28 19:09 - 2012-10-18 22:07 - 00002376 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-11-28 19:09 - 2010-12-02 09:05 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-28 19:07 - 2010-12-02 09:05 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-28 18:56 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-28 18:56 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-28 18:29 - 2012-11-28 18:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-28 18:23 - 2011-02-09 22:16 - 00001830 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-11-28 18:23 - 2011-02-09 22:16 - 00001830 ____A C:\Users\All Users\Desktop\McAfee Total Protection.lnk
2012-11-28 18:19 - 2012-11-28 18:19 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-28 18:19 - 2012-11-28 18:19 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-28 18:19 - 2011-09-25 14:10 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-28 18:18 - 2012-11-28 18:18 - 00000056 ____A C:\Windows\setupact.log
2012-11-28 18:18 - 2012-11-28 18:18 - 00000000 ____A C:\Windows\setuperr.log
2012-11-28 18:18 - 2009-10-28 21:33 - 00000071 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2012-11-28 18:18 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-27 22:52 - 2012-11-27 22:53 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-11-27 22:52 - 2012-11-27 22:53 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-11-27 22:52 - 2012-11-27 22:53 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-11-27 22:52 - 2012-11-27 22:53 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-11-27 22:52 - 2012-11-27 22:53 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-11-27 22:47 - 2011-08-12 14:41 - 00000000 ____D C:\Windows\Minidump
2012-11-27 22:47 - 2009-10-24 02:47 - 00000000 ____D C:\Windows\Panther
2012-11-27 20:11 - 2012-11-27 20:10 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-27 20:11 - 2012-11-27 20:10 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-27 20:11 - 2009-07-14 06:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-27 20:10 - 2012-11-27 20:10 - 00000000 ____D C:\Users\Chris\Application Data\Malwarebytes
2012-11-27 20:10 - 2012-11-27 20:10 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Malwarebytes
2012-11-27 20:10 - 2012-11-27 20:10 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-27 20:10 - 2012-11-27 20:10 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-11-27 19:29 - 2012-11-27 19:28 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{707221CA-2F0C-4962-8D38-A22EB0422D03}
2012-11-27 19:29 - 2012-11-27 19:28 - 00000000 ____D C:\Users\Julie\Local Settings\{707221CA-2F0C-4962-8D38-A22EB0422D03}
2012-11-27 19:29 - 2012-11-27 19:28 - 00000000 ____D C:\Users\Julie\AppData\Local\{707221CA-2F0C-4962-8D38-A22EB0422D03}
2012-11-27 19:27 - 2009-12-09 21:31 - 00000000 ____D C:\Users\Julie\Tracing
2012-11-27 19:26 - 2009-10-29 11:16 - 00000000 ____D C:\Users\Julie\Local Settings\SoftThinks
2012-11-27 19:26 - 2009-10-29 11:16 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\SoftThinks
2012-11-27 19:26 - 2009-10-29 11:16 - 00000000 ____D C:\Users\Julie\AppData\Local\SoftThinks
2012-11-27 18:07 - 2012-11-27 18:07 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{4BAA788A-8CF2-486C-B834-475256E60572}
2012-11-27 18:07 - 2012-11-27 18:07 - 00000000 ____D C:\Users\Lou\Local Settings\{4BAA788A-8CF2-486C-B834-475256E60572}
2012-11-27 18:07 - 2012-11-27 18:07 - 00000000 ____D C:\Users\Lou\AppData\Local\{4BAA788A-8CF2-486C-B834-475256E60572}
2012-11-27 18:06 - 2009-12-18 08:46 - 00000000 ____D C:\Users\Lou\Tracing
2012-11-26 21:00 - 2009-10-28 22:09 - 00000000 ____D C:\Users\Steve\Application Data\Adobe
2012-11-26 21:00 - 2009-10-28 22:09 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Adobe
2012-11-26 17:58 - 2012-11-26 17:58 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{ED303850-701A-4FFD-AF0B-70DA175C9334}
2012-11-26 17:58 - 2012-11-26 17:58 - 00000000 ____D C:\Users\Lou\Local Settings\{ED303850-701A-4FFD-AF0B-70DA175C9334}
2012-11-26 17:58 - 2012-11-26 17:58 - 00000000 ____D C:\Users\Lou\AppData\Local\{ED303850-701A-4FFD-AF0B-70DA175C9334}
2012-11-26 17:00 - 2012-11-26 17:00 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{01BEE744-D7D1-46BF-83D5-361D8F197A47}
2012-11-26 17:00 - 2012-11-26 17:00 - 00000000 ____D C:\Users\Steve\Local Settings\{01BEE744-D7D1-46BF-83D5-361D8F197A47}
2012-11-26 17:00 - 2012-11-26 17:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{01BEE744-D7D1-46BF-83D5-361D8F197A47}
2012-11-26 16:59 - 2009-10-29 10:00 - 00000000 ___HD C:\Users\Steve\Tracing
2012-11-25 15:24 - 2012-11-25 15:24 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{2E8F946E-C0E5-42AC-9C62-5BF111EA862E}
2012-11-25 15:24 - 2012-11-25 15:24 - 00000000 ____D C:\Users\Lou\Local Settings\{2E8F946E-C0E5-42AC-9C62-5BF111EA862E}
2012-11-25 15:24 - 2012-11-25 15:24 - 00000000 ____D C:\Users\Lou\AppData\Local\{2E8F946E-C0E5-42AC-9C62-5BF111EA862E}
2012-11-25 09:16 - 2012-11-25 09:16 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{F99929ED-FF12-4A4D-B63B-3E1F136D6483}
2012-11-25 09:16 - 2012-11-25 09:16 - 00000000 ____D C:\Users\Julie\Local Settings\{F99929ED-FF12-4A4D-B63B-3E1F136D6483}
2012-11-25 09:16 - 2012-11-25 09:16 - 00000000 ____D C:\Users\Julie\AppData\Local\{F99929ED-FF12-4A4D-B63B-3E1F136D6483}
2012-11-24 12:00 - 2012-11-24 12:00 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{40A24105-E91C-4F92-A437-5E4B0B6A5927}
2012-11-24 12:00 - 2012-11-24 12:00 - 00000000 ____D C:\Users\Steve\Local Settings\{40A24105-E91C-4F92-A437-5E4B0B6A5927}
2012-11-24 12:00 - 2012-11-24 12:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{40A24105-E91C-4F92-A437-5E4B0B6A5927}
2012-11-24 10:34 - 2012-11-24 10:34 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{B78E5ADD-5FEC-471F-BCBB-7F2A55BBA2EF}
2012-11-24 10:34 - 2012-11-24 10:34 - 00000000 ____D C:\Users\Lou\Local Settings\{B78E5ADD-5FEC-471F-BCBB-7F2A55BBA2EF}
2012-11-24 10:34 - 2012-11-24 10:34 - 00000000 ____D C:\Users\Lou\AppData\Local\{B78E5ADD-5FEC-471F-BCBB-7F2A55BBA2EF}
2012-11-23 17:32 - 2012-11-23 17:32 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{6B9F0B01-6E9A-44CC-822B-60C53F609FB0}
2012-11-23 17:32 - 2012-11-23 17:32 - 00000000 ____D C:\Users\Lou\Local Settings\{6B9F0B01-6E9A-44CC-822B-60C53F609FB0}
2012-11-23 17:32 - 2012-11-23 17:32 - 00000000 ____D C:\Users\Lou\AppData\Local\{6B9F0B01-6E9A-44CC-822B-60C53F609FB0}
2012-11-23 16:58 - 2012-11-23 16:58 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{0ADA2318-7959-4136-9516-7AE4B0829CC0}
2012-11-23 16:58 - 2012-11-23 16:58 - 00000000 ____D C:\Users\Steve\Local Settings\{0ADA2318-7959-4136-9516-7AE4B0829CC0}
2012-11-23 16:58 - 2012-11-23 16:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{0ADA2318-7959-4136-9516-7AE4B0829CC0}
2012-11-22 19:22 - 2012-11-22 19:22 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{84DF9B40-00C4-4F05-9C5A-937D42A68605}
2012-11-22 19:22 - 2012-11-22 19:22 - 00000000 ____D C:\Users\Steve\Local Settings\{84DF9B40-00C4-4F05-9C5A-937D42A68605}
2012-11-22 19:22 - 2012-11-22 19:22 - 00000000 ____D C:\Users\Steve\AppData\Local\{84DF9B40-00C4-4F05-9C5A-937D42A68605}
2012-11-22 16:59 - 2012-11-22 16:59 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{26436B48-F02F-4FC0-A1A3-EB350068703C}
2012-11-22 16:59 - 2012-11-22 16:59 - 00000000 ____D C:\Users\Lou\Local Settings\{26436B48-F02F-4FC0-A1A3-EB350068703C}
2012-11-22 16:59 - 2012-11-22 16:59 - 00000000 ____D C:\Users\Lou\AppData\Local\{26436B48-F02F-4FC0-A1A3-EB350068703C}
2012-11-21 18:20 - 2012-11-21 18:19 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{0E34A238-D4A6-4BFB-9DF6-B9C307BF6471}
2012-11-21 18:20 - 2012-11-21 18:19 - 00000000 ____D C:\Users\Steve\Local Settings\{0E34A238-D4A6-4BFB-9DF6-B9C307BF6471}
2012-11-21 18:20 - 2012-11-21 18:19 - 00000000 ____D C:\Users\Steve\AppData\Local\{0E34A238-D4A6-4BFB-9DF6-B9C307BF6471}
2012-11-20 17:16 - 2012-11-20 17:16 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{7A0D582A-8D5B-43A3-AE05-541752E28B27}
2012-11-20 17:16 - 2012-11-20 17:16 - 00000000 ____D C:\Users\Lou\Local Settings\{7A0D582A-8D5B-43A3-AE05-541752E28B27}
2012-11-20 17:16 - 2012-11-20 17:16 - 00000000 ____D C:\Users\Lou\AppData\Local\{7A0D582A-8D5B-43A3-AE05-541752E28B27}
2012-11-20 06:59 - 2012-11-20 06:59 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{4ACA9CC6-66E6-453C-8DFC-B271D1598219}
2012-11-20 06:59 - 2012-11-20 06:59 - 00000000 ____D C:\Users\Julie\Local Settings\{4ACA9CC6-66E6-453C-8DFC-B271D1598219}
2012-11-20 06:59 - 2012-11-20 06:59 - 00000000 ____D C:\Users\Julie\AppData\Local\{4ACA9CC6-66E6-453C-8DFC-B271D1598219}
2012-11-20 06:59 - 2009-10-29 20:32 - 00068328 ____A C:\Users\Julie\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-20 06:59 - 2009-10-29 20:32 - 00068328 ____A C:\Users\Julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-20 06:59 - 2009-10-29 20:32 - 00068328 ____A C:\Users\Julie\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-19 18:50 - 2012-11-19 18:50 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{580326B8-125E-4CB7-AC1D-33C463066E98}
2012-11-19 18:50 - 2012-11-19 18:50 - 00000000 ____D C:\Users\Lou\Local Settings\{580326B8-125E-4CB7-AC1D-33C463066E98}
2012-11-19 18:50 - 2012-11-19 18:50 - 00000000 ____D C:\Users\Lou\AppData\Local\{580326B8-125E-4CB7-AC1D-33C463066E98}
2012-11-18 21:57 - 2012-07-09 17:46 - 00000000 ____D C:\Users\Chris\Tracing
2012-11-18 20:35 - 2012-11-18 20:35 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{4082DE4D-31AE-4926-8A9E-B7ACA5E28F4F}
2012-11-18 20:35 - 2012-11-18 20:35 - 00000000 ____D C:\Users\Steve\Local Settings\{4082DE4D-31AE-4926-8A9E-B7ACA5E28F4F}
2012-11-18 20:35 - 2012-11-18 20:35 - 00000000 ____D C:\Users\Steve\AppData\Local\{4082DE4D-31AE-4926-8A9E-B7ACA5E28F4F}
2012-11-18 19:53 - 2009-10-28 21:30 - 00068328 ____A C:\Users\Chris\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-18 19:53 - 2009-10-28 21:30 - 00068328 ____A C:\Users\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-18 19:53 - 2009-10-28 21:30 - 00068328 ____A C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-18 11:38 - 2012-11-18 11:38 - 00001975 ____A C:\Users\Lou\My Documents\Planets - Shortcut.lnk
2012-11-18 11:38 - 2012-11-18 11:38 - 00001975 ____A C:\Users\Lou\Documents\Planets - Shortcut.lnk
2012-11-18 10:06 - 2012-11-18 10:06 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{5E488431-C0EA-487E-A157-857227876C45}
2012-11-18 10:06 - 2012-11-18 10:06 - 00000000 ____D C:\Users\Lou\Local Settings\{5E488431-C0EA-487E-A157-857227876C45}
2012-11-18 10:06 - 2012-11-18 10:06 - 00000000 ____D C:\Users\Lou\AppData\Local\{5E488431-C0EA-487E-A157-857227876C45}
2012-11-17 10:12 - 2012-11-17 10:12 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{05C14128-F272-4001-AAC8-6314AC50D14E}
2012-11-17 10:12 - 2012-11-17 10:12 - 00000000 ____D C:\Users\Lou\Local Settings\{05C14128-F272-4001-AAC8-6314AC50D14E}
2012-11-17 10:12 - 2012-11-17 10:12 - 00000000 ____D C:\Users\Lou\AppData\Local\{05C14128-F272-4001-AAC8-6314AC50D14E}
2012-11-16 19:12 - 2012-11-16 19:12 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{3C851943-B3DB-4E27-820B-DAAEE0E1A126}
2012-11-16 19:12 - 2012-11-16 19:12 - 00000000 ____D C:\Users\Lou\Local Settings\{3C851943-B3DB-4E27-820B-DAAEE0E1A126}
2012-11-16 19:12 - 2012-11-16 19:12 - 00000000 ____D C:\Users\Lou\AppData\Local\{3C851943-B3DB-4E27-820B-DAAEE0E1A126}
2012-11-16 19:12 - 2009-10-29 08:32 - 00068328 ____A C:\Users\Lou\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-16 19:12 - 2009-10-29 08:32 - 00068328 ____A C:\Users\Lou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-16 19:12 - 2009-10-29 08:32 - 00068328 ____A C:\Users\Lou\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-16 07:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2012-11-16 06:49 - 2009-07-14 05:45 - 00310896 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 23:09 - 2009-10-23 17:08 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-15 23:09 - 2009-10-23 17:08 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-11-15 23:02 - 2009-11-08 21:14 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-15 18:05 - 2012-11-15 18:05 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{BF0F9F53-543A-49FF-A254-EADDD364EA10}
2012-11-15 18:05 - 2012-11-15 18:05 - 00000000 ____D C:\Users\Steve\Local Settings\{BF0F9F53-543A-49FF-A254-EADDD364EA10}
2012-11-15 18:05 - 2012-11-15 18:05 - 00000000 ____D C:\Users\Steve\AppData\Local\{BF0F9F53-543A-49FF-A254-EADDD364EA10}
2012-11-14 20:34 - 2012-11-14 20:34 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{964F7B35-71A5-4954-ADC5-EF9C4ED09835}
2012-11-14 20:34 - 2012-11-14 20:34 - 00000000 ____D C:\Users\Julie\Local Settings\{964F7B35-71A5-4954-ADC5-EF9C4ED09835}
2012-11-14 20:34 - 2012-11-14 20:34 - 00000000 ____D C:\Users\Julie\AppData\Local\{964F7B35-71A5-4954-ADC5-EF9C4ED09835}
2012-11-14 08:51 - 2012-11-14 08:50 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{48FF9281-6779-45FB-85FA-DC135997B38E}
2012-11-14 08:51 - 2012-11-14 08:50 - 00000000 ____D C:\Users\Steve\Local Settings\{48FF9281-6779-45FB-85FA-DC135997B38E}
2012-11-14 08:51 - 2012-11-14 08:50 - 00000000 ____D C:\Users\Steve\AppData\Local\{48FF9281-6779-45FB-85FA-DC135997B38E}
2012-11-13 16:58 - 2012-11-13 16:58 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{AD9DEAC6-1838-48AC-8228-1746AD54B555}
2012-11-13 16:58 - 2012-11-13 16:58 - 00000000 ____D C:\Users\Steve\Local Settings\{AD9DEAC6-1838-48AC-8228-1746AD54B555}
2012-11-13 16:58 - 2012-11-13 16:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{AD9DEAC6-1838-48AC-8228-1746AD54B555}
2012-11-11 11:43 - 2012-11-11 11:43 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{5D267924-A562-4D94-BED5-6E4E91E61803}
2012-11-11 11:43 - 2012-11-11 11:43 - 00000000 ____D C:\Users\Steve\Local Settings\{5D267924-A562-4D94-BED5-6E4E91E61803}
2012-11-11 11:43 - 2012-11-11 11:43 - 00000000 ____D C:\Users\Steve\AppData\Local\{5D267924-A562-4D94-BED5-6E4E91E61803}
2012-11-11 09:56 - 2012-11-11 09:56 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{95029736-D392-4849-9949-8626CCB7BCC1}
2012-11-11 09:56 - 2012-11-11 09:56 - 00000000 ____D C:\Users\Lou\Local Settings\{95029736-D392-4849-9949-8626CCB7BCC1}
2012-11-11 09:56 - 2012-11-11 09:56 - 00000000 ____D C:\Users\Lou\AppData\Local\{95029736-D392-4849-9949-8626CCB7BCC1}
2012-11-10 12:56 - 2012-11-10 12:55 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{8FC299EE-ADCF-42A6-A658-81A13E09A280}
2012-11-10 12:56 - 2012-11-10 12:55 - 00000000 ____D C:\Users\Steve\Local Settings\{8FC299EE-ADCF-42A6-A658-81A13E09A280}
2012-11-10 12:56 - 2012-11-10 12:55 - 00000000 ____D C:\Users\Steve\AppData\Local\{8FC299EE-ADCF-42A6-A658-81A13E09A280}
2012-11-09 21:29 - 2012-11-09 21:29 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{4402A918-2043-408B-97A7-B0C38ACC9C74}
2012-11-09 21:29 - 2012-11-09 21:29 - 00000000 ____D C:\Users\Steve\Local Settings\{4402A918-2043-408B-97A7-B0C38ACC9C74}
2012-11-09 21:29 - 2012-11-09 21:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{4402A918-2043-408B-97A7-B0C38ACC9C74}
2012-11-09 16:59 - 2012-11-09 16:59 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{E615424C-F11D-4590-871C-C757362E72D7}
2012-11-09 16:59 - 2012-11-09 16:59 - 00000000 ____D C:\Users\Lou\Local Settings\{E615424C-F11D-4590-871C-C757362E72D7}
2012-11-09 16:59 - 2012-11-09 16:59 - 00000000 ____D C:\Users\Lou\AppData\Local\{E615424C-F11D-4590-871C-C757362E72D7}
2012-11-09 08:55 - 2012-11-09 08:55 - 00000000 ____D C:\Users\Steve\Local Settings\Application Data\{0AE78E46-E428-447F-9115-A1339E16751B}
2012-11-09 08:55 - 2012-11-09 08:55 - 00000000 ____D C:\Users\Steve\Local Settings\{0AE78E46-E428-447F-9115-A1339E16751B}
2012-11-09 08:55 - 2012-11-09 08:55 - 00000000 ____D C:\Users\Steve\AppData\Local\{0AE78E46-E428-447F-9115-A1339E16751B}
2012-11-08 06:32 - 2011-02-09 22:14 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-11-07 18:31 - 2012-11-07 18:31 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{6EE7B5DB-9BB7-456F-8517-BB380622647E}
2012-11-07 18:31 - 2012-11-07 18:31 - 00000000 ____D C:\Users\Julie\Local Settings\{6EE7B5DB-9BB7-456F-8517-BB380622647E}
2012-11-07 18:31 - 2012-11-07 18:31 - 00000000 ____D C:\Users\Julie\AppData\Local\{6EE7B5DB-9BB7-456F-8517-BB380622647E}
2012-11-06 19:38 - 2012-11-06 19:38 - 00000000 ____D C:\Users\Julie\Local Settings\Application Data\{270461A7-914A-4B62-8D4D-9EA4873BBCE1}
2012-11-06 19:38 - 2012-11-06 19:38 - 00000000 ____D C:\Users\Julie\Local Settings\{270461A7-914A-4B62-8D4D-9EA4873BBCE1}
2012-11-06 19:38 - 2012-11-06 19:38 - 00000000 ____D C:\Users\Julie\AppData\Local\{270461A7-914A-4B62-8D4D-9EA4873BBCE1}
2012-11-06 17:09 - 2012-11-06 17:09 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{DC7AEBCD-DA89-4813-B0B0-BED560A02918}
2012-11-06 17:09 - 2012-11-06 17:09 - 00000000 ____D C:\Users\Lou\Local Settings\{DC7AEBCD-DA89-4813-B0B0-BED560A02918}
2012-11-06 17:09 - 2012-11-06 17:09 - 00000000 ____D C:\Users\Lou\AppData\Local\{DC7AEBCD-DA89-4813-B0B0-BED560A02918}
2012-11-05 16:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-05 16:51 - 2012-11-05 16:51 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{757B0852-EC69-42D5-826D-96A7D111357F}
2012-11-05 16:51 - 2012-11-05 16:51 - 00000000 ____D C:\Users\Lou\Local Settings\{757B0852-EC69-42D5-826D-96A7D111357F}
2012-11-05 16:51 - 2012-11-05 16:51 - 00000000 ____D C:\Users\Lou\AppData\Local\{757B0852-EC69-42D5-826D-96A7D111357F}
2012-11-04 09:46 - 2012-11-04 09:45 - 00000000 ____D C:\Users\Lou\Local Settings\Application Data\{C9B11192-76AF-4686-B758-3178CE8E5926}
2012-11-04 09:46 - 2012-11-04 09:45 - 00000000 ____D C:\Users\Lou\Local Settings\{C9B11192-76AF-4686-B758-3178CE8E5926}
2012-11-04 09:46 - 2012-11-04 09:45 - 00000000 ____D C:\Users\Lou\AppData\Local\{C9B11192-76AF-4686-B758-3178CE8E5926}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2392863805-651778499-531342879-1000\$f4c114978d9a5978ee990bf837c58908
C:\$Recycle.Bin\S-1-5-21-2392863805-651778499-531342879-1000\$f4c114978d9a5978ee990bf837c58908\L
C:\$Recycle.Bin\S-1-5-21-2392863805-651778499-531342879-1000\$f4c114978d9a5978ee990bf837c58908\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-11 20:00:27
Restore point made on: 2012-11-15 23:00:59
Restore point made on: 2012-11-18 20:00:28
Restore point made on: 2012-11-25 20:00:26
Restore point made on: 2012-11-27 22:52:11
Restore point made on: 2012-11-28 19:25:20

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3061.18 MB
Available physical RAM: 2514.2 MB
Total Pagefile: 3059.32 MB
Available Pagefile: 2509.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:288.89 GB) (Free:204.19 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:9.12 GB) (Free:4.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive e: detected. Check for MBR/Partition infection.
4 Drive f: () (Removable) (Total:1.85 GB) (Free:1.47 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 13 MB
Disk 1 Online 1900 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 62 MB 31 KB
Partition 2 Primary 9 GB 63 MB
Partition 3 Primary 288 GB 9 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 62 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 9 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 288 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1896 MB 3872 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1896 MB Healthy

=========================================================

Last Boot: 2012-11-25 09:38

==================== End Of Log =============================

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:57 PM

Posted 02 December 2012 - 11:26 AM

We expect the following fix to restore the system. But after that we need to check the system to make sure it is fully functional as I see the remains of another infection (ZeroAccess) too.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Julie\...\Run: [Mxumiritad] rundll32.exe  "C:\Users\Julie\AppData\Local\pcmsb19.dll",Startup [x]
HKU\Julie\...\Run: [Lgihekul] rundll32.exe "C:\Users\Julie\AppData\Local\eqiyayidadotib.dll",Startup [x]
HKU\Steve\...\Run: [cmdetup] rundll32 "C:\Users\Steve\AppData\Local\Temp\notegini64.dll",CreateProcessNotify [103936 2012-11-13] ()
C:\Users\Steve\AppData\Local\Temp\notegini64.dll
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start
C:\$Recycle.Bin\S-1-5-21-2392863805-651778499-531342879-1000\$f4c114978d9a5978ee990bf837c58908
TDL4: custom:26000022 <===== ATTENTION!
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

#5 mrbeach

mrbeach
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 02 December 2012 - 11:53 AM

Fixlog.txt results below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012
Ran by SYSTEM at 2012-12-02 11:50:07 Run:1
Running from F:\

==============================================

HKEY_USERS\Julie\Software\Microsoft\Windows\CurrentVersion\Run\\Mxumiritad Value deleted successfully.
HKEY_USERS\Julie\Software\Microsoft\Windows\CurrentVersion\Run\\Lgihekul Value deleted successfully.
HKEY_USERS\Steve\Software\Microsoft\Windows\CurrentVersion\Run\\cmdetup Value deleted successfully.
C:\Users\Steve\AppData\Local\Temp\notegini64.dll moved successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
HKLM-x32\\\.\.\.\\RunOnce\\AvgUninstallURL Value deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2392863805-651778499-531342879-1000\$f4c114978d9a5978ee990bf837c58908 moved successfully.

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:57 PM

Posted 02 December 2012 - 11:55 AM

Well done. Please restart, let it boot normally and tell me how it went.

#7 mrbeach

mrbeach
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 02 December 2012 - 12:07 PM

Hi Farbar,

I have booted the PC normally and everything looks fine.

Many thanks for your help. It is much appreciated.

Martin

Edited by mrbeach, 02 December 2012 - 12:10 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:57 PM

Posted 02 December 2012 - 12:15 PM

Great. You are very welcome. :thumbup2:

Would you like me to check other things?

#9 mrbeach

mrbeach
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 02 December 2012 - 12:48 PM

By the looks of it everyting is good at the minute. I have shutdown and rebooted the PC a couple of times and hope I have no other infections so, thanks once again.

Martin

Edited by mrbeach, 02 December 2012 - 12:49 PM.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:57 PM

Posted 02 December 2012 - 01:14 PM

You are most welcome. Should I close the topic?

#11 mrbeach

mrbeach
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 02 December 2012 - 02:05 PM

Might as well.

Cheers,
Martin

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:57 PM

Posted 02 December 2012 - 02:09 PM

OK then, as you like Martin.:)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users