Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible System Restore / Repair Virus


  • This topic is locked This topic is locked
68 replies to this topic

#1 jchico

jchico

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 25 April 2013 - 09:25 PM

Hello - not sure of problem, but based on some searching here, believe I hv a system restore or system repair virus.  While online, computer shut down and then restarted and asked me to start system repair.  I had skipped this request as the pop up looked fishy and tried to start up normally - only to have no ability to navigate to any programs and a warning from McAfee that I hv a risky connection blocked.   Have tried rebooting in safe mode and running both system repair and restore and they run for hours with nothing apparently happening.  Lastly - I am now getting LogonUI.exe error when signing on....  Ugh.   Very much appreciate any help that can be provided.  Thank you!!!!

 

Jim



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:00 PM

Posted 26 April 2013 - 11:53 AM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif NOTE. Make sure all logs are pasted not attached.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 26 April 2013 - 12:21 PM

Broni - Thank you for your reply.  I am at work and will not be able to attempt to address until this evening.  I don't believe I'll be able to download anythign as I can't get startup to complete and thus can't get online.  Can I load these tools using another computer to a stick and then plug into the disabled computer and run them from there?  How would I access the stick on the disabled computer?

 

Thank you



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:00 PM

Posted 26 April 2013 - 12:24 PM

I think I misread your initial post.

I can see that you can't boot in any mode.

Is that correct?

What Windows version is it?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 26 April 2013 - 12:43 PM

Thank you.  I'm not the most technically savvy person, so I probably did not describe the situation well.  It is Windows 7 home version. 



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:00 PM

Posted 26 April 2013 - 12:46 PM

 

I can see that you can't boot in any mode.

Is that correct?

 


Edited by Broni, 26 April 2013 - 12:46 PM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 26 April 2013 - 01:00 PM

Sorry, yes that is correct. Unable to boot in any mode.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:00 PM

Posted 26 April 2013 - 01:04 PM

I'll report this topic to appropriate helpers then.

Hold on there.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:00 PM

Posted 27 April 2013 - 05:06 PM

Hello and welcome to BleepingComputer! :welcome:

My name is Thisisu and I will be helping you with your malware related computer problems.

I do have some basic rules while we are working together so please read and follow them:
  • Be specific!
    • If you come across a problem while performing any of the steps listed here, do not simply state "It did not work." Tell me the exact error you encountered if one was given to you. For example, this is a much better response: "When I ran the ____ tool, an error box appeared on my screen and said 'Illegal operation attempted on a registry key that has been marked for deletion.'. There is only an 'OK' button in the box."
  • Do not run any scans/fixes on your own!
    • If at any time you feel that you can handle the rest of your computer problems on your own, please let me know. Otherwise, only follow the steps I or another helper from this thread have provided.
  • I will close the topic if I have not heard a response from you within 72 hours.
    • If you are going to be away, just let me know and I will leave the topic open until you can return.
  • Let's begin:
    • Please download Farbar Recovery Scan Tool and save it to a flash drive.

      Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

      Plug the flashdrive into the infected PC.
      :spacer:
    • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

      If you are using Vista or Windows 7 enter System Recovery Options.

      To enter System Recovery Options from the Advanced Boot Options:
      • Restart the computer.
      • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
      • Use the arrow keys to select the Repair your computer menu item.
      • Select US as the keyboard language settings, and then click Next.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account an click Next.
      Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
      To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



      To enter System Recovery Options by using Windows installation disc:
      • Insert the installation disc.
      • Restart your computer.
      • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
      • Click Repair your computer.
      • Select US as the keyboard language settings, and then click Next.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
    • On the System Recovery Options menu you will get the following options:
      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


      Select Command Prompt
      :spacer:
    • Once in the Command Prompt:
      • In the command window type in notepad and press Enter.
      • The notepad opens. Under File menu select Open.
      • Select "Computer" and find your flash drive letter and close the notepad.
      • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
        Note: Replace letter e with the drive letter of your flash drive.
      • The tool will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#10 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 27 April 2013 - 08:25 PM

Thank you Thisisu...  I hv followed your guidance.  Pls find below copy and paste of txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2013 07
Ran by SYSTEM on 27-04-2013 21:18:59
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [DLCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll,RunDLLEntry [28672 2006-02-24] ()
HKLM\...\Run: [dlccmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe" [431600 2007-01-30] (Dell)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-08] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\Daphne\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\Daphne\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Daphne\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-04-13] (Google Inc.)
Startup: C:\Users\Daphne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) =================

S2 dlcc_device; C:\Windows\system32\dlcccoms.exe [566768 2007-01-30] ( )
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1871032 2013-03-14] (Microsoft Corporation)
S2 0264381366908775mcinstcleanup; C:\Windows\TEMP\026438~1.EXE -cleanup -nolog [x]

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2007-06-19] (LeapFrog)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-04-27 21:18 - 2013-04-27 21:18 - 00000000 ____D C:\FRST
2013-04-25 19:20 - 2013-04-25 19:20 - 00003224 ____N C:\bootsqm.dat
2013-04-25 11:54 - 2013-04-25 11:54 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{EBD6B1B6-A50B-4DF2-AFC8-1CB8DE86729C}
2013-04-25 11:54 - 2013-04-25 11:54 - 00000000 ____D C:\Users\Daphne\Local Settings\{EBD6B1B6-A50B-4DF2-AFC8-1CB8DE86729C}
2013-04-25 11:54 - 2013-04-25 11:54 - 00000000 ____D C:\Users\Daphne\AppData\Local\{EBD6B1B6-A50B-4DF2-AFC8-1CB8DE86729C}
2013-04-24 11:53 - 2013-04-24 11:53 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{9AF388F5-039A-4EA3-95A8-106B2CEC77EA}
2013-04-24 11:53 - 2013-04-24 11:53 - 00000000 ____D C:\Users\Daphne\Local Settings\{9AF388F5-039A-4EA3-95A8-106B2CEC77EA}
2013-04-24 11:53 - 2013-04-24 11:53 - 00000000 ____D C:\Users\Daphne\AppData\Local\{9AF388F5-039A-4EA3-95A8-106B2CEC77EA}
2013-04-24 11:31 - 2013-04-12 09:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-23 23:53 - 2013-04-23 23:53 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{20770BB6-9A14-4075-BAC5-996FDEF71A94}
2013-04-23 23:53 - 2013-04-23 23:53 - 00000000 ____D C:\Users\Daphne\Local Settings\{20770BB6-9A14-4075-BAC5-996FDEF71A94}
2013-04-23 23:53 - 2013-04-23 23:53 - 00000000 ____D C:\Users\Daphne\AppData\Local\{20770BB6-9A14-4075-BAC5-996FDEF71A94}
2013-04-23 11:52 - 2013-04-23 11:52 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{2D9CD8D6-24BE-436E-8B0B-38F1C6AFFB98}
2013-04-23 11:52 - 2013-04-23 11:52 - 00000000 ____D C:\Users\Daphne\Local Settings\{2D9CD8D6-24BE-436E-8B0B-38F1C6AFFB98}
2013-04-23 11:52 - 2013-04-23 11:52 - 00000000 ____D C:\Users\Daphne\AppData\Local\{2D9CD8D6-24BE-436E-8B0B-38F1C6AFFB98}
2013-04-22 23:51 - 2013-04-22 23:51 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{B41DD0CE-2B63-4EAA-B379-E4CCB1789A8A}
2013-04-22 23:51 - 2013-04-22 23:51 - 00000000 ____D C:\Users\Daphne\Local Settings\{B41DD0CE-2B63-4EAA-B379-E4CCB1789A8A}
2013-04-22 23:51 - 2013-04-22 23:51 - 00000000 ____D C:\Users\Daphne\AppData\Local\{B41DD0CE-2B63-4EAA-B379-E4CCB1789A8A}
2013-04-22 11:51 - 2013-04-22 11:51 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{5787283F-3B77-4159-9AA9-0DB8AC0BAD65}
2013-04-22 11:51 - 2013-04-22 11:51 - 00000000 ____D C:\Users\Daphne\Local Settings\{5787283F-3B77-4159-9AA9-0DB8AC0BAD65}
2013-04-22 11:51 - 2013-04-22 11:51 - 00000000 ____D C:\Users\Daphne\AppData\Local\{5787283F-3B77-4159-9AA9-0DB8AC0BAD65}
2013-04-21 23:50 - 2013-04-21 23:50 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{AF1ED946-525F-4207-ADD9-2B769A1DB637}
2013-04-21 23:50 - 2013-04-21 23:50 - 00000000 ____D C:\Users\Daphne\Local Settings\{AF1ED946-525F-4207-ADD9-2B769A1DB637}
2013-04-21 23:50 - 2013-04-21 23:50 - 00000000 ____D C:\Users\Daphne\AppData\Local\{AF1ED946-525F-4207-ADD9-2B769A1DB637}
2013-04-21 11:49 - 2013-04-21 11:49 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{EFA3D221-3328-474E-8DD4-670CEA8ED62D}
2013-04-21 11:49 - 2013-04-21 11:49 - 00000000 ____D C:\Users\Daphne\Local Settings\{EFA3D221-3328-474E-8DD4-670CEA8ED62D}
2013-04-21 11:49 - 2013-04-21 11:49 - 00000000 ____D C:\Users\Daphne\AppData\Local\{EFA3D221-3328-474E-8DD4-670CEA8ED62D}
2013-04-20 13:31 - 2013-04-20 13:31 - 00000000 ____D C:\Users\Daphne\My Documents\LDW
2013-04-20 13:31 - 2013-04-20 13:31 - 00000000 ____D C:\Users\Daphne\Documents\LDW
2013-04-20 13:30 - 2013-04-20 13:30 - 00002223 ____A C:ProgramData\Desktop\Jugar a Virtual Villagers 4 - The Tree of Life.lnk
2013-04-20 13:30 - 2013-04-20 13:30 - 00002223 ____A C:\Users\Public\Desktop\Jugar a Virtual Villagers 4 - The Tree of Life.lnk
2013-04-20 13:30 - 2013-04-20 13:30 - 00001306 ____A C:ProgramData\Desktop\Más Fántasticos Juegos.lnk
2013-04-20 13:30 - 2013-04-20 13:30 - 00001306 ____A C:\Users\Public\Desktop\Más Fántasticos Juegos.lnk
2013-04-20 13:30 - 2013-04-20 13:30 - 00000000 ____D C:\Program Files (x86)\Virtual Villagers 4 - The Tree of Life
2013-04-20 11:05 - 2013-04-20 11:05 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{1AB9B9C1-F593-4E62-8766-45A5059797EF}
2013-04-20 11:05 - 2013-04-20 11:05 - 00000000 ____D C:\Users\Daphne\Local Settings\{1AB9B9C1-F593-4E62-8766-45A5059797EF}
2013-04-20 11:05 - 2013-04-20 11:05 - 00000000 ____D C:\Users\Daphne\AppData\Local\{1AB9B9C1-F593-4E62-8766-45A5059797EF}
2013-04-19 23:04 - 2013-04-19 23:04 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{6FCD260E-32D0-4AB0-A450-985A68A93077}
2013-04-19 23:04 - 2013-04-19 23:04 - 00000000 ____D C:\Users\Daphne\Local Settings\{6FCD260E-32D0-4AB0-A450-985A68A93077}
2013-04-19 23:04 - 2013-04-19 23:04 - 00000000 ____D C:\Users\Daphne\AppData\Local\{6FCD260E-32D0-4AB0-A450-985A68A93077}
2013-04-19 11:03 - 2013-04-19 11:04 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{AE610187-EEB0-4D77-BAC2-9F4C81EC5DF1}
2013-04-19 11:03 - 2013-04-19 11:04 - 00000000 ____D C:\Users\Daphne\Local Settings\{AE610187-EEB0-4D77-BAC2-9F4C81EC5DF1}
2013-04-19 11:03 - 2013-04-19 11:04 - 00000000 ____D C:\Users\Daphne\AppData\Local\{AE610187-EEB0-4D77-BAC2-9F4C81EC5DF1}
2013-04-18 12:08 - 2013-04-18 12:08 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{F21D85BD-5635-4ECD-86DA-2B7B2DF7C9DE}
2013-04-18 12:08 - 2013-04-18 12:08 - 00000000 ____D C:\Users\Daphne\Local Settings\{F21D85BD-5635-4ECD-86DA-2B7B2DF7C9DE}
2013-04-18 12:08 - 2013-04-18 12:08 - 00000000 ____D C:\Users\Daphne\AppData\Local\{F21D85BD-5635-4ECD-86DA-2B7B2DF7C9DE}
2013-04-18 00:08 - 2013-04-18 00:08 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{458C31D7-A5AB-4BA1-BE91-DBCE86D2C005}
2013-04-18 00:08 - 2013-04-18 00:08 - 00000000 ____D C:\Users\Daphne\Local Settings\{458C31D7-A5AB-4BA1-BE91-DBCE86D2C005}
2013-04-18 00:08 - 2013-04-18 00:08 - 00000000 ____D C:\Users\Daphne\AppData\Local\{458C31D7-A5AB-4BA1-BE91-DBCE86D2C005}
2013-04-17 20:22 - 2013-04-17 20:23 - 00000000 ____D C:\Users\Daphne\AppData\OICE_15_974FA576_32C1D314_2742
2013-04-17 12:07 - 2013-04-17 12:07 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{044B688A-8789-42D9-B9CD-83FE558D349F}
2013-04-17 12:07 - 2013-04-17 12:07 - 00000000 ____D C:\Users\Daphne\Local Settings\{044B688A-8789-42D9-B9CD-83FE558D349F}
2013-04-17 12:07 - 2013-04-17 12:07 - 00000000 ____D C:\Users\Daphne\AppData\Local\{044B688A-8789-42D9-B9CD-83FE558D349F}
2013-04-16 12:49 - 2013-04-16 12:49 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{97D69056-2C30-4994-8A8A-2BA8B29D31D8}
2013-04-16 12:49 - 2013-04-16 12:49 - 00000000 ____D C:\Users\Daphne\Local Settings\{97D69056-2C30-4994-8A8A-2BA8B29D31D8}
2013-04-16 12:49 - 2013-04-16 12:49 - 00000000 ____D C:\Users\Daphne\AppData\Local\{97D69056-2C30-4994-8A8A-2BA8B29D31D8}
2013-04-16 00:48 - 2013-04-16 00:48 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{5C86387D-DBD7-41C8-A555-C2AA27658D54}
2013-04-16 00:48 - 2013-04-16 00:48 - 00000000 ____D C:\Users\Daphne\Local Settings\{5C86387D-DBD7-41C8-A555-C2AA27658D54}
2013-04-16 00:48 - 2013-04-16 00:48 - 00000000 ____D C:\Users\Daphne\AppData\Local\{5C86387D-DBD7-41C8-A555-C2AA27658D54}
2013-04-15 12:47 - 2013-04-15 12:48 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{9E781D9B-1DEA-4FC6-ADAC-D6015C217C34}
2013-04-15 12:47 - 2013-04-15 12:48 - 00000000 ____D C:\Users\Daphne\Local Settings\{9E781D9B-1DEA-4FC6-ADAC-D6015C217C34}
2013-04-15 12:47 - 2013-04-15 12:48 - 00000000 ____D C:\Users\Daphne\AppData\Local\{9E781D9B-1DEA-4FC6-ADAC-D6015C217C34}
2013-04-14 19:24 - 2013-04-14 19:24 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{C193BB88-4949-4252-A63C-80E778CA95B0}
2013-04-14 19:24 - 2013-04-14 19:24 - 00000000 ____D C:\Users\Daphne\Local Settings\{C193BB88-4949-4252-A63C-80E778CA95B0}
2013-04-14 19:24 - 2013-04-14 19:24 - 00000000 ____D C:\Users\Daphne\AppData\Local\{C193BB88-4949-4252-A63C-80E778CA95B0}
2013-04-13 19:18 - 2013-04-13 19:18 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{603B48D2-498F-480E-B519-3BC9EB329C80}
2013-04-13 19:18 - 2013-04-13 19:18 - 00000000 ____D C:\Users\Daphne\Local Settings\{603B48D2-498F-480E-B519-3BC9EB329C80}
2013-04-13 19:18 - 2013-04-13 19:18 - 00000000 ____D C:\Users\Daphne\AppData\Local\{603B48D2-498F-480E-B519-3BC9EB329C80}
2013-04-12 23:20 - 2013-04-12 23:20 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{4C5EBFB1-76D5-46B2-A54B-41C6A2DB79A7}
2013-04-12 23:20 - 2013-04-12 23:20 - 00000000 ____D C:\Users\Daphne\Local Settings\{4C5EBFB1-76D5-46B2-A54B-41C6A2DB79A7}
2013-04-12 23:20 - 2013-04-12 23:20 - 00000000 ____D C:\Users\Daphne\AppData\Local\{4C5EBFB1-76D5-46B2-A54B-41C6A2DB79A7}
2013-04-12 11:19 - 2013-04-12 11:19 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{BFB4C44B-1999-4109-8393-901D1EC7FA44}
2013-04-12 11:19 - 2013-04-12 11:19 - 00000000 ____D C:\Users\Daphne\Local Settings\{BFB4C44B-1999-4109-8393-901D1EC7FA44}
2013-04-12 11:19 - 2013-04-12 11:19 - 00000000 ____D C:\Users\Daphne\AppData\Local\{BFB4C44B-1999-4109-8393-901D1EC7FA44}
2013-04-11 20:18 - 2013-04-11 20:18 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{72EF94E2-9811-48E8-B53D-FEE1EEDF07A7}
2013-04-11 20:18 - 2013-04-11 20:18 - 00000000 ____D C:\Users\Daphne\Local Settings\{72EF94E2-9811-48E8-B53D-FEE1EEDF07A7}
2013-04-11 20:18 - 2013-04-11 20:18 - 00000000 ____D C:\Users\Daphne\AppData\Local\{72EF94E2-9811-48E8-B53D-FEE1EEDF07A7}
2013-04-10 23:34 - 2013-04-10 23:34 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{CD9728C9-06CE-43A8-9DDF-2D25C6106660}
2013-04-10 23:34 - 2013-04-10 23:34 - 00000000 ____D C:\Users\Daphne\Local Settings\{CD9728C9-06CE-43A8-9DDF-2D25C6106660}
2013-04-10 23:34 - 2013-04-10 23:34 - 00000000 ____D C:\Users\Daphne\AppData\Local\{CD9728C9-06CE-43A8-9DDF-2D25C6106660}
2013-04-10 16:43 - 2013-02-12 10:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 16:43 - 2013-02-12 10:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 16:43 - 2013-02-12 10:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 16:43 - 2013-02-12 10:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 16:43 - 2013-02-12 10:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 16:43 - 2013-02-12 08:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 16:42 - 2013-02-28 22:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 16:41 - 2013-03-02 00:49 - 01499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 16:41 - 2013-03-02 00:49 - 01198080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 16:41 - 2013-03-02 00:49 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-10 16:41 - 2013-03-02 00:44 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-04-10 16:41 - 2013-03-02 00:43 - 09377280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 16:41 - 2013-03-02 00:43 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 16:41 - 2013-03-02 00:43 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-10 16:41 - 2013-03-02 00:43 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-10 16:41 - 2013-03-02 00:43 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 16:41 - 2013-03-02 00:43 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-10 16:41 - 2013-03-02 00:42 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 16:41 - 2013-03-02 00:42 - 02463744 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 16:41 - 2013-03-02 00:42 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-10 16:41 - 2013-03-02 00:42 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-10 16:41 - 2013-03-02 00:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 16:41 - 2013-03-02 00:06 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 16:41 - 2013-03-02 00:05 - 01230848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 16:41 - 2013-03-02 00:05 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-10 16:41 - 2013-03-02 00:02 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 16:41 - 2013-03-02 00:02 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 16:41 - 2013-03-02 00:02 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-04-10 16:41 - 2013-03-02 00:02 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-10 16:41 - 2013-03-02 00:02 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-10 16:41 - 2013-03-02 00:01 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 16:41 - 2013-03-02 00:01 - 02077184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 16:41 - 2013-03-02 00:01 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-10 16:41 - 2013-03-02 00:01 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-10 16:41 - 2013-03-02 00:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 16:41 - 2013-03-02 00:01 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 16:41 - 2013-03-01 23:38 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-10 16:41 - 2013-03-01 23:03 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-10 16:41 - 2013-03-01 22:56 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 16:41 - 2013-03-01 22:56 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-10 16:41 - 2013-03-01 22:30 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-10 16:41 - 2013-03-01 22:29 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 16:41 - 2013-03-01 22:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-10 16:40 - 2013-03-19 01:05 - 05466472 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 16:40 - 2013-03-19 00:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 16:40 - 2013-03-19 00:51 - 00058368 ____A (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2013-04-10 16:40 - 2013-03-19 00:51 - 00034304 ____A (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2013-04-10 16:40 - 2013-03-19 00:04 - 03971432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 16:40 - 2013-03-19 00:04 - 03915608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 16:40 - 2013-03-18 23:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 16:40 - 2013-03-18 23:49 - 00050688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2013-04-10 16:40 - 2013-03-18 22:57 - 00148480 ____A (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2013-04-10 16:40 - 2013-03-18 22:57 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2013-04-10 16:40 - 2013-03-18 22:57 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2013-04-10 16:40 - 2013-03-18 22:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 16:40 - 2013-01-24 00:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-10 10:18 - 2013-04-10 10:18 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{E1F9F0BC-0E44-4353-B72B-04CDA8C6B4CC}
2013-04-10 10:18 - 2013-04-10 10:18 - 00000000 ____D C:\Users\Daphne\Local Settings\{E1F9F0BC-0E44-4353-B72B-04CDA8C6B4CC}
2013-04-10 10:18 - 2013-04-10 10:18 - 00000000 ____D C:\Users\Daphne\AppData\Local\{E1F9F0BC-0E44-4353-B72B-04CDA8C6B4CC}
2013-04-09 12:01 - 2013-04-09 12:01 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{88B50AFC-EBE4-463A-B367-37B81B412446}
2013-04-09 12:01 - 2013-04-09 12:01 - 00000000 ____D C:\Users\Daphne\Local Settings\{88B50AFC-EBE4-463A-B367-37B81B412446}
2013-04-09 12:01 - 2013-04-09 12:01 - 00000000 ____D C:\Users\Daphne\AppData\Local\{88B50AFC-EBE4-463A-B367-37B81B412446}
2013-04-08 16:08 - 2013-04-08 16:08 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{AE08C08B-8756-41C3-BA89-C823B2764344}
2013-04-08 16:08 - 2013-04-08 16:08 - 00000000 ____D C:\Users\Daphne\Local Settings\{AE08C08B-8756-41C3-BA89-C823B2764344}
2013-04-08 16:08 - 2013-04-08 16:08 - 00000000 ____D C:\Users\Daphne\AppData\Local\{AE08C08B-8756-41C3-BA89-C823B2764344}
2013-04-07 14:42 - 2013-04-07 14:42 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{68D9B8ED-BAB3-40E4-AA5C-5A7AFFF8A936}
2013-04-07 14:42 - 2013-04-07 14:42 - 00000000 ____D C:\Users\Daphne\Local Settings\{68D9B8ED-BAB3-40E4-AA5C-5A7AFFF8A936}
2013-04-07 14:42 - 2013-04-07 14:42 - 00000000 ____D C:\Users\Daphne\AppData\Local\{68D9B8ED-BAB3-40E4-AA5C-5A7AFFF8A936}
2013-04-06 18:37 - 2013-04-06 18:38 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{610A13FB-428E-483F-816F-C6191C15BCB2}
2013-04-06 18:37 - 2013-04-06 18:38 - 00000000 ____D C:\Users\Daphne\Local Settings\{610A13FB-428E-483F-816F-C6191C15BCB2}
2013-04-06 18:37 - 2013-04-06 18:38 - 00000000 ____D C:\Users\Daphne\AppData\Local\{610A13FB-428E-483F-816F-C6191C15BCB2}
2013-04-05 21:06 - 2013-04-05 21:06 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{258A87A5-8FE3-4B6D-BA5F-58724FF4284A}
2013-04-05 21:06 - 2013-04-05 21:06 - 00000000 ____D C:\Users\Daphne\Local Settings\{258A87A5-8FE3-4B6D-BA5F-58724FF4284A}
2013-04-05 21:06 - 2013-04-05 21:06 - 00000000 ____D C:\Users\Daphne\AppData\Local\{258A87A5-8FE3-4B6D-BA5F-58724FF4284A}
2013-04-05 00:06 - 2013-04-05 00:06 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{440C337B-AE81-4D89-8F5A-B66962658B46}
2013-04-05 00:06 - 2013-04-05 00:06 - 00000000 ____D C:\Users\Daphne\Local Settings\{440C337B-AE81-4D89-8F5A-B66962658B46}
2013-04-05 00:06 - 2013-04-05 00:06 - 00000000 ____D C:\Users\Daphne\AppData\Local\{440C337B-AE81-4D89-8F5A-B66962658B46}
2013-04-04 12:05 - 2013-04-04 12:05 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{AA5157C7-6E5B-4069-AD87-962A3113C3DC}
2013-04-04 12:05 - 2013-04-04 12:05 - 00000000 ____D C:\Users\Daphne\Local Settings\{AA5157C7-6E5B-4069-AD87-962A3113C3DC}
2013-04-04 12:05 - 2013-04-04 12:05 - 00000000 ____D C:\Users\Daphne\AppData\Local\{AA5157C7-6E5B-4069-AD87-962A3113C3DC}
2013-04-03 11:19 - 2013-04-03 11:19 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{0C129B2D-0599-4B08-A80C-EDBD75EDF2CF}
2013-04-03 11:19 - 2013-04-03 11:19 - 00000000 ____D C:\Users\Daphne\Local Settings\{0C129B2D-0599-4B08-A80C-EDBD75EDF2CF}
2013-04-03 11:19 - 2013-04-03 11:19 - 00000000 ____D C:\Users\Daphne\AppData\Local\{0C129B2D-0599-4B08-A80C-EDBD75EDF2CF}
2013-04-02 23:09 - 2013-04-02 23:09 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{028CC37C-5B3B-4B6C-9D48-C77AE61A4270}
2013-04-02 23:09 - 2013-04-02 23:09 - 00000000 ____D C:\Users\Daphne\Local Settings\{028CC37C-5B3B-4B6C-9D48-C77AE61A4270}
2013-04-02 23:09 - 2013-04-02 23:09 - 00000000 ____D C:\Users\Daphne\AppData\Local\{028CC37C-5B3B-4B6C-9D48-C77AE61A4270}
2013-04-02 10:46 - 2013-04-02 10:46 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{959C1E84-31FD-44BC-8A8B-F7271BA76100}
2013-04-02 10:46 - 2013-04-02 10:46 - 00000000 ____D C:\Users\Daphne\Local Settings\{959C1E84-31FD-44BC-8A8B-F7271BA76100}
2013-04-02 10:46 - 2013-04-02 10:46 - 00000000 ____D C:\Users\Daphne\AppData\Local\{959C1E84-31FD-44BC-8A8B-F7271BA76100}
2013-04-01 17:52 - 2013-04-01 17:52 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{90437158-BCC7-4DD7-8196-03A1BFB49A4D}
2013-04-01 17:52 - 2013-04-01 17:52 - 00000000 ____D C:\Users\Daphne\Local Settings\{90437158-BCC7-4DD7-8196-03A1BFB49A4D}
2013-04-01 17:52 - 2013-04-01 17:52 - 00000000 ____D C:\Users\Daphne\AppData\Local\{90437158-BCC7-4DD7-8196-03A1BFB49A4D}
2013-04-01 11:06 - 2013-04-01 11:06 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{5D334A2F-14A5-48D1-907E-0DBB8D1841C0}
2013-04-01 11:06 - 2013-04-01 11:06 - 00000000 ____D C:\Users\Daphne\Local Settings\{5D334A2F-14A5-48D1-907E-0DBB8D1841C0}
2013-04-01 11:06 - 2013-04-01 11:06 - 00000000 ____D C:\Users\Daphne\AppData\Local\{5D334A2F-14A5-48D1-907E-0DBB8D1841C0}
2013-03-31 19:39 - 2013-03-31 19:40 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{3F8E057F-F2C4-4634-B3E0-14BFD2BC6750}
2013-03-31 19:39 - 2013-03-31 19:40 - 00000000 ____D C:\Users\Daphne\Local Settings\{3F8E057F-F2C4-4634-B3E0-14BFD2BC6750}
2013-03-31 19:39 - 2013-03-31 19:40 - 00000000 ____D C:\Users\Daphne\AppData\Local\{3F8E057F-F2C4-4634-B3E0-14BFD2BC6750}
2013-03-31 01:19 - 2013-03-31 01:19 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{32231024-0D43-4C4F-86C7-24AC961EBAD6}
2013-03-31 01:19 - 2013-03-31 01:19 - 00000000 ____D C:\Users\Daphne\Local Settings\{32231024-0D43-4C4F-86C7-24AC961EBAD6}
2013-03-31 01:19 - 2013-03-31 01:19 - 00000000 ____D C:\Users\Daphne\AppData\Local\{32231024-0D43-4C4F-86C7-24AC961EBAD6}
2013-03-30 13:18 - 2013-03-30 13:18 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{53B120F0-5CCB-4604-8B9A-0779F193166E}
2013-03-30 13:18 - 2013-03-30 13:18 - 00000000 ____D C:\Users\Daphne\Local Settings\{53B120F0-5CCB-4604-8B9A-0779F193166E}
2013-03-30 13:18 - 2013-03-30 13:18 - 00000000 ____D C:\Users\Daphne\AppData\Local\{53B120F0-5CCB-4604-8B9A-0779F193166E}
2013-03-30 01:18 - 2013-03-30 01:18 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{75997E08-6C18-49FC-AA12-2FB260F13D38}
2013-03-30 01:18 - 2013-03-30 01:18 - 00000000 ____D C:\Users\Daphne\Local Settings\{75997E08-6C18-49FC-AA12-2FB260F13D38}
2013-03-30 01:18 - 2013-03-30 01:18 - 00000000 ____D C:\Users\Daphne\AppData\Local\{75997E08-6C18-49FC-AA12-2FB260F13D38}
2013-03-29 13:17 - 2013-03-29 13:17 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{08857424-6C1F-4D9A-BEE9-BCB856942078}
2013-03-29 13:17 - 2013-03-29 13:17 - 00000000 ____D C:\Users\Daphne\Local Settings\{08857424-6C1F-4D9A-BEE9-BCB856942078}
2013-03-29 13:17 - 2013-03-29 13:17 - 00000000 ____D C:\Users\Daphne\AppData\Local\{08857424-6C1F-4D9A-BEE9-BCB856942078}
2013-03-29 00:59 - 2013-03-29 01:00 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{2C893DE3-8412-44D2-AE7F-65D86FEF1465}
2013-03-29 00:59 - 2013-03-29 01:00 - 00000000 ____D C:\Users\Daphne\Local Settings\{2C893DE3-8412-44D2-AE7F-65D86FEF1465}
2013-03-29 00:59 - 2013-03-29 01:00 - 00000000 ____D C:\Users\Daphne\AppData\Local\{2C893DE3-8412-44D2-AE7F-65D86FEF1465}
2013-03-28 12:59 - 2013-03-28 12:59 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{DDF82B5A-54D8-47BE-903E-34630C88A4F6}
2013-03-28 12:59 - 2013-03-28 12:59 - 00000000 ____D C:\Users\Daphne\Local Settings\{DDF82B5A-54D8-47BE-903E-34630C88A4F6}
2013-03-28 12:59 - 2013-03-28 12:59 - 00000000 ____D C:\Users\Daphne\AppData\Local\{DDF82B5A-54D8-47BE-903E-34630C88A4F6}

==================== One Month Modified Files and Folders =======

2013-04-27 21:18 - 2013-04-27 21:18 - 00000000 ____D C:\FRST
2013-04-25 21:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-04-25 21:23 - 2010-08-25 21:23 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-04-25 21:23 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-25 21:22 - 2009-07-13 23:51 - 00144463 ____A C:\Windows\setupact.log
2013-04-25 21:05 - 2010-08-25 22:45 - 00101480 ____A C:\Windows\PFRO.log
2013-04-25 20:20 - 2011-04-13 15:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-25 19:55 - 2010-09-06 09:37 - 48603988 ____A C:\dlcc.log
2013-04-25 19:54 - 2010-11-20 17:50 - 00000000 ____D C:\Users\Daphne\Application Data\Skype
2013-04-25 19:54 - 2010-11-20 17:50 - 00000000 ____D C:\Users\Daphne\AppData\Roaming\Skype
2013-04-25 19:53 - 2010-10-14 18:56 - 00000000 ____D C:\Users\Daphne\Tracing
2013-04-25 19:52 - 2009-07-14 00:08 - 00032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-25 19:51 - 2010-09-04 08:56 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-04-25 19:51 - 2010-09-04 08:56 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-04-25 19:51 - 2010-09-04 08:56 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-04-25 19:51 - 2010-09-04 08:56 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-04-25 19:51 - 2010-09-04 08:56 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-04-25 19:51 - 2010-09-04 08:56 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-04-25 19:25 - 2010-09-04 08:56 - 00000000 ____D C:\Users\Daphne\Local Settings\SoftThinks
2013-04-25 19:25 - 2010-09-04 08:56 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\SoftThinks
2013-04-25 19:25 - 2010-09-04 08:56 - 00000000 ____D C:\Users\Daphne\AppData\Local\SoftThinks
2013-04-25 19:20 - 2013-04-25 19:20 - 00003224 ____N C:\bootsqm.dat
2013-04-25 18:00 - 2009-07-14 00:10 - 01281509 ____A C:\Windows\WindowsUpdate.log
2013-04-25 17:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-04-25 17:27 - 2012-12-25 08:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-25 17:15 - 2011-04-13 15:00 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-25 12:03 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-25 12:03 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-25 11:54 - 2013-04-25 11:54 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{EBD6B1B6-A50B-4DF2-AFC8-1CB8DE86729C}
2013-04-25 11:54 - 2013-04-25 11:54 - 00000000 ____D C:\Users\Daphne\Local Settings\{EBD6B1B6-A50B-4DF2-AFC8-1CB8DE86729C}
2013-04-25 11:54 - 2013-04-25 11:54 - 00000000 ____D C:\Users\Daphne\AppData\Local\{EBD6B1B6-A50B-4DF2-AFC8-1CB8DE86729C}
2013-04-25 11:54 - 2011-07-05 17:09 - 00000000 ____D C:\Users\Daphne\Local Settings\Windows Live
2013-04-25 11:54 - 2011-07-05 17:09 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\Windows Live
2013-04-25 11:54 - 2011-07-05 17:09 - 00000000 ____D C:\Users\Daphne\AppData\Local\Windows Live
2013-04-24 21:00 - 2010-09-06 10:03 - 00000000 ____D C:\Program Files\Dl_cats
2013-04-24 11:53 - 2013-04-24 11:53 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{9AF388F5-039A-4EA3-95A8-106B2CEC77EA}
2013-04-24 11:53 - 2013-04-24 11:53 - 00000000 ____D C:\Users\Daphne\Local Settings\{9AF388F5-039A-4EA3-95A8-106B2CEC77EA}
2013-04-24 11:53 - 2013-04-24 11:53 - 00000000 ____D C:\Users\Daphne\AppData\Local\{9AF388F5-039A-4EA3-95A8-106B2CEC77EA}
2013-04-23 23:53 - 2013-04-23 23:53 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{20770BB6-9A14-4075-BAC5-996FDEF71A94}
2013-04-23 23:53 - 2013-04-23 23:53 - 00000000 ____D C:\Users\Daphne\Local Settings\{20770BB6-9A14-4075-BAC5-996FDEF71A94}
2013-04-23 23:53 - 2013-04-23 23:53 - 00000000 ____D C:\Users\Daphne\AppData\Local\{20770BB6-9A14-4075-BAC5-996FDEF71A94}
2013-04-23 11:52 - 2013-04-23 11:52 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{2D9CD8D6-24BE-436E-8B0B-38F1C6AFFB98}
2013-04-23 11:52 - 2013-04-23 11:52 - 00000000 ____D C:\Users\Daphne\Local Settings\{2D9CD8D6-24BE-436E-8B0B-38F1C6AFFB98}
2013-04-23 11:52 - 2013-04-23 11:52 - 00000000 ____D C:\Users\Daphne\AppData\Local\{2D9CD8D6-24BE-436E-8B0B-38F1C6AFFB98}
2013-04-22 23:51 - 2013-04-22 23:51 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{B41DD0CE-2B63-4EAA-B379-E4CCB1789A8A}
2013-04-22 23:51 - 2013-04-22 23:51 - 00000000 ____D C:\Users\Daphne\Local Settings\{B41DD0CE-2B63-4EAA-B379-E4CCB1789A8A}
2013-04-22 23:51 - 2013-04-22 23:51 - 00000000 ____D C:\Users\Daphne\AppData\Local\{B41DD0CE-2B63-4EAA-B379-E4CCB1789A8A}
2013-04-22 11:51 - 2013-04-22 11:51 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{5787283F-3B77-4159-9AA9-0DB8AC0BAD65}
2013-04-22 11:51 - 2013-04-22 11:51 - 00000000 ____D C:\Users\Daphne\Local Settings\{5787283F-3B77-4159-9AA9-0DB8AC0BAD65}
2013-04-22 11:51 - 2013-04-22 11:51 - 00000000 ____D C:\Users\Daphne\AppData\Local\{5787283F-3B77-4159-9AA9-0DB8AC0BAD65}
2013-04-21 23:50 - 2013-04-21 23:50 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{AF1ED946-525F-4207-ADD9-2B769A1DB637}
2013-04-21 23:50 - 2013-04-21 23:50 - 00000000 ____D C:\Users\Daphne\Local Settings\{AF1ED946-525F-4207-ADD9-2B769A1DB637}
2013-04-21 23:50 - 2013-04-21 23:50 - 00000000 ____D C:\Users\Daphne\AppData\Local\{AF1ED946-525F-4207-ADD9-2B769A1DB637}
2013-04-21 11:49 - 2013-04-21 11:49 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{EFA3D221-3328-474E-8DD4-670CEA8ED62D}
2013-04-21 11:49 - 2013-04-21 11:49 - 00000000 ____D C:\Users\Daphne\Local Settings\{EFA3D221-3328-474E-8DD4-670CEA8ED62D}
2013-04-21 11:49 - 2013-04-21 11:49 - 00000000 ____D C:\Users\Daphne\AppData\Local\{EFA3D221-3328-474E-8DD4-670CEA8ED62D}
2013-04-20 14:31 - 2012-07-20 20:44 - 00000000 ___AD C:ProgramData\TEMP
2013-04-20 14:31 - 2012-07-20 20:44 - 00000000 ___AD C:ProgramData\Application Data\TEMP
2013-04-20 13:31 - 2013-04-20 13:31 - 00000000 ____D C:\Users\Daphne\My Documents\LDW
2013-04-20 13:31 - 2013-04-20 13:31 - 00000000 ____D C:\Users\Daphne\Documents\LDW
2013-04-20 13:30 - 2013-04-20 13:30 - 00002223 ____A C:ProgramData\Desktop\Jugar a Virtual Villagers 4 - The Tree of Life.lnk
2013-04-20 13:30 - 2013-04-20 13:30 - 00002223 ____A C:\Users\Public\Desktop\Jugar a Virtual Villagers 4 - The Tree of Life.lnk
2013-04-20 13:30 - 2013-04-20 13:30 - 00001306 ____A C:ProgramData\Desktop\Más Fántasticos Juegos.lnk
2013-04-20 13:30 - 2013-04-20 13:30 - 00001306 ____A C:\Users\Public\Desktop\Más Fántasticos Juegos.lnk
2013-04-20 13:30 - 2013-04-20 13:30 - 00000000 ____D C:\Program Files (x86)\Virtual Villagers 4 - The Tree of Life
2013-04-20 13:29 - 2012-07-20 20:38 - 00000000 ____D C:\BigFishGamesCache
2013-04-20 11:05 - 2013-04-20 11:05 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{1AB9B9C1-F593-4E62-8766-45A5059797EF}
2013-04-20 11:05 - 2013-04-20 11:05 - 00000000 ____D C:\Users\Daphne\Local Settings\{1AB9B9C1-F593-4E62-8766-45A5059797EF}
2013-04-20 11:05 - 2013-04-20 11:05 - 00000000 ____D C:\Users\Daphne\AppData\Local\{1AB9B9C1-F593-4E62-8766-45A5059797EF}
2013-04-19 23:04 - 2013-04-19 23:04 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{6FCD260E-32D0-4AB0-A450-985A68A93077}
2013-04-19 23:04 - 2013-04-19 23:04 - 00000000 ____D C:\Users\Daphne\Local Settings\{6FCD260E-32D0-4AB0-A450-985A68A93077}
2013-04-19 23:04 - 2013-04-19 23:04 - 00000000 ____D C:\Users\Daphne\AppData\Local\{6FCD260E-32D0-4AB0-A450-985A68A93077}
2013-04-19 11:04 - 2013-04-19 11:03 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{AE610187-EEB0-4D77-BAC2-9F4C81EC5DF1}
2013-04-19 11:04 - 2013-04-19 11:03 - 00000000 ____D C:\Users\Daphne\Local Settings\{AE610187-EEB0-4D77-BAC2-9F4C81EC5DF1}
2013-04-19 11:04 - 2013-04-19 11:03 - 00000000 ____D C:\Users\Daphne\AppData\Local\{AE610187-EEB0-4D77-BAC2-9F4C81EC5DF1}
2013-04-18 12:08 - 2013-04-18 12:08 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{F21D85BD-5635-4ECD-86DA-2B7B2DF7C9DE}
2013-04-18 12:08 - 2013-04-18 12:08 - 00000000 ____D C:\Users\Daphne\Local Settings\{F21D85BD-5635-4ECD-86DA-2B7B2DF7C9DE}
2013-04-18 12:08 - 2013-04-18 12:08 - 00000000 ____D C:\Users\Daphne\AppData\Local\{F21D85BD-5635-4ECD-86DA-2B7B2DF7C9DE}
2013-04-18 00:08 - 2013-04-18 00:08 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{458C31D7-A5AB-4BA1-BE91-DBCE86D2C005}
2013-04-18 00:08 - 2013-04-18 00:08 - 00000000 ____D C:\Users\Daphne\Local Settings\{458C31D7-A5AB-4BA1-BE91-DBCE86D2C005}
2013-04-18 00:08 - 2013-04-18 00:08 - 00000000 ____D C:\Users\Daphne\AppData\Local\{458C31D7-A5AB-4BA1-BE91-DBCE86D2C005}
2013-04-17 20:23 - 2013-04-17 20:22 - 00000000 ____D C:\Users\Daphne\AppData\OICE_15_974FA576_32C1D314_2742
2013-04-17 12:07 - 2013-04-17 12:07 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{044B688A-8789-42D9-B9CD-83FE558D349F}
2013-04-17 12:07 - 2013-04-17 12:07 - 00000000 ____D C:\Users\Daphne\Local Settings\{044B688A-8789-42D9-B9CD-83FE558D349F}
2013-04-17 12:07 - 2013-04-17 12:07 - 00000000 ____D C:\Users\Daphne\AppData\Local\{044B688A-8789-42D9-B9CD-83FE558D349F}
2013-04-17 12:07 - 2010-09-04 08:54 - 00114680 ____A C:\Users\Daphne\Local Settings\GDIPFONTCACHEV1.DAT
2013-04-17 12:07 - 2010-09-04 08:54 - 00114680 ____A C:\Users\Daphne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-04-17 12:07 - 2010-09-04 08:54 - 00114680 ____A C:\Users\Daphne\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-16 22:06 - 2011-01-14 22:22 - 00000000 ____D C:\Users\Daphne\Application Data\SoftGrid Client
2013-04-16 22:06 - 2011-01-14 22:22 - 00000000 ____D C:\Users\Daphne\AppData\Roaming\SoftGrid Client
2013-04-16 12:49 - 2013-04-16 12:49 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{97D69056-2C30-4994-8A8A-2BA8B29D31D8}
2013-04-16 12:49 - 2013-04-16 12:49 - 00000000 ____D C:\Users\Daphne\Local Settings\{97D69056-2C30-4994-8A8A-2BA8B29D31D8}
2013-04-16 12:49 - 2013-04-16 12:49 - 00000000 ____D C:\Users\Daphne\AppData\Local\{97D69056-2C30-4994-8A8A-2BA8B29D31D8}
2013-04-16 00:48 - 2013-04-16 00:48 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{5C86387D-DBD7-41C8-A555-C2AA27658D54}
2013-04-16 00:48 - 2013-04-16 00:48 - 00000000 ____D C:\Users\Daphne\Local Settings\{5C86387D-DBD7-41C8-A555-C2AA27658D54}
2013-04-16 00:48 - 2013-04-16 00:48 - 00000000 ____D C:\Users\Daphne\AppData\Local\{5C86387D-DBD7-41C8-A555-C2AA27658D54}
2013-04-15 12:48 - 2013-04-15 12:47 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{9E781D9B-1DEA-4FC6-ADAC-D6015C217C34}
2013-04-15 12:48 - 2013-04-15 12:47 - 00000000 ____D C:\Users\Daphne\Local Settings\{9E781D9B-1DEA-4FC6-ADAC-D6015C217C34}
2013-04-15 12:48 - 2013-04-15 12:47 - 00000000 ____D C:\Users\Daphne\AppData\Local\{9E781D9B-1DEA-4FC6-ADAC-D6015C217C34}
2013-04-14 19:24 - 2013-04-14 19:24 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{C193BB88-4949-4252-A63C-80E778CA95B0}
2013-04-14 19:24 - 2013-04-14 19:24 - 00000000 ____D C:\Users\Daphne\Local Settings\{C193BB88-4949-4252-A63C-80E778CA95B0}
2013-04-14 19:24 - 2013-04-14 19:24 - 00000000 ____D C:\Users\Daphne\AppData\Local\{C193BB88-4949-4252-A63C-80E778CA95B0}
2013-04-13 19:18 - 2013-04-13 19:18 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{603B48D2-498F-480E-B519-3BC9EB329C80}
2013-04-13 19:18 - 2013-04-13 19:18 - 00000000 ____D C:\Users\Daphne\Local Settings\{603B48D2-498F-480E-B519-3BC9EB329C80}
2013-04-13 19:18 - 2013-04-13 19:18 - 00000000 ____D C:\Users\Daphne\AppData\Local\{603B48D2-498F-480E-B519-3BC9EB329C80}
2013-04-12 23:20 - 2013-04-12 23:20 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{4C5EBFB1-76D5-46B2-A54B-41C6A2DB79A7}
2013-04-12 23:20 - 2013-04-12 23:20 - 00000000 ____D C:\Users\Daphne\Local Settings\{4C5EBFB1-76D5-46B2-A54B-41C6A2DB79A7}
2013-04-12 23:20 - 2013-04-12 23:20 - 00000000 ____D C:\Users\Daphne\AppData\Local\{4C5EBFB1-76D5-46B2-A54B-41C6A2DB79A7}
2013-04-12 11:19 - 2013-04-12 11:19 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{BFB4C44B-1999-4109-8393-901D1EC7FA44}
2013-04-12 11:19 - 2013-04-12 11:19 - 00000000 ____D C:\Users\Daphne\Local Settings\{BFB4C44B-1999-4109-8393-901D1EC7FA44}
2013-04-12 11:19 - 2013-04-12 11:19 - 00000000 ____D C:\Users\Daphne\AppData\Local\{BFB4C44B-1999-4109-8393-901D1EC7FA44}
2013-04-12 09:36 - 2013-04-24 11:31 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 20:18 - 2013-04-11 20:18 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{72EF94E2-9811-48E8-B53D-FEE1EEDF07A7}
2013-04-11 20:18 - 2013-04-11 20:18 - 00000000 ____D C:\Users\Daphne\Local Settings\{72EF94E2-9811-48E8-B53D-FEE1EEDF07A7}
2013-04-11 20:18 - 2013-04-11 20:18 - 00000000 ____D C:\Users\Daphne\AppData\Local\{72EF94E2-9811-48E8-B53D-FEE1EEDF07A7}
2013-04-10 23:34 - 2013-04-10 23:34 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{CD9728C9-06CE-43A8-9DDF-2D25C6106660}
2013-04-10 23:34 - 2013-04-10 23:34 - 00000000 ____D C:\Users\Daphne\Local Settings\{CD9728C9-06CE-43A8-9DDF-2D25C6106660}
2013-04-10 23:34 - 2013-04-10 23:34 - 00000000 ____D C:\Users\Daphne\AppData\Local\{CD9728C9-06CE-43A8-9DDF-2D25C6106660}
2013-04-10 19:43 - 2009-07-13 23:45 - 00444360 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-10 19:36 - 2011-07-06 16:59 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-10 10:18 - 2013-04-10 10:18 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{E1F9F0BC-0E44-4353-B72B-04CDA8C6B4CC}
2013-04-10 10:18 - 2013-04-10 10:18 - 00000000 ____D C:\Users\Daphne\Local Settings\{E1F9F0BC-0E44-4353-B72B-04CDA8C6B4CC}
2013-04-10 10:18 - 2013-04-10 10:18 - 00000000 ____D C:\Users\Daphne\AppData\Local\{E1F9F0BC-0E44-4353-B72B-04CDA8C6B4CC}
2013-04-09 12:01 - 2013-04-09 12:01 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{88B50AFC-EBE4-463A-B367-37B81B412446}
2013-04-09 12:01 - 2013-04-09 12:01 - 00000000 ____D C:\Users\Daphne\Local Settings\{88B50AFC-EBE4-463A-B367-37B81B412446}
2013-04-09 12:01 - 2013-04-09 12:01 - 00000000 ____D C:\Users\Daphne\AppData\Local\{88B50AFC-EBE4-463A-B367-37B81B412446}
2013-04-08 16:08 - 2013-04-08 16:08 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{AE08C08B-8756-41C3-BA89-C823B2764344}
2013-04-08 16:08 - 2013-04-08 16:08 - 00000000 ____D C:\Users\Daphne\Local Settings\{AE08C08B-8756-41C3-BA89-C823B2764344}
2013-04-08 16:08 - 2013-04-08 16:08 - 00000000 ____D C:\Users\Daphne\AppData\Local\{AE08C08B-8756-41C3-BA89-C823B2764344}
2013-04-07 14:42 - 2013-04-07 14:42 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{68D9B8ED-BAB3-40E4-AA5C-5A7AFFF8A936}
2013-04-07 14:42 - 2013-04-07 14:42 - 00000000 ____D C:\Users\Daphne\Local Settings\{68D9B8ED-BAB3-40E4-AA5C-5A7AFFF8A936}
2013-04-07 14:42 - 2013-04-07 14:42 - 00000000 ____D C:\Users\Daphne\AppData\Local\{68D9B8ED-BAB3-40E4-AA5C-5A7AFFF8A936}
2013-04-06 18:38 - 2013-04-06 18:37 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{610A13FB-428E-483F-816F-C6191C15BCB2}
2013-04-06 18:38 - 2013-04-06 18:37 - 00000000 ____D C:\Users\Daphne\Local Settings\{610A13FB-428E-483F-816F-C6191C15BCB2}
2013-04-06 18:38 - 2013-04-06 18:37 - 00000000 ____D C:\Users\Daphne\AppData\Local\{610A13FB-428E-483F-816F-C6191C15BCB2}
2013-04-05 21:06 - 2013-04-05 21:06 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{258A87A5-8FE3-4B6D-BA5F-58724FF4284A}
2013-04-05 21:06 - 2013-04-05 21:06 - 00000000 ____D C:\Users\Daphne\Local Settings\{258A87A5-8FE3-4B6D-BA5F-58724FF4284A}
2013-04-05 21:06 - 2013-04-05 21:06 - 00000000 ____D C:\Users\Daphne\AppData\Local\{258A87A5-8FE3-4B6D-BA5F-58724FF4284A}
2013-04-05 00:06 - 2013-04-05 00:06 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{440C337B-AE81-4D89-8F5A-B66962658B46}
2013-04-05 00:06 - 2013-04-05 00:06 - 00000000 ____D C:\Users\Daphne\Local Settings\{440C337B-AE81-4D89-8F5A-B66962658B46}
2013-04-05 00:06 - 2013-04-05 00:06 - 00000000 ____D C:\Users\Daphne\AppData\Local\{440C337B-AE81-4D89-8F5A-B66962658B46}
2013-04-04 12:23 - 2013-01-31 20:37 - 00000000 ____D C:ProgramData\regid.1991-06.com.microsoft
2013-04-04 12:23 - 2013-01-31 20:37 - 00000000 ____D C:ProgramData\Application Data\regid.1991-06.com.microsoft
2013-04-04 12:22 - 2013-01-31 20:35 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-04-04 12:05 - 2013-04-04 12:05 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{AA5157C7-6E5B-4069-AD87-962A3113C3DC}
2013-04-04 12:05 - 2013-04-04 12:05 - 00000000 ____D C:\Users\Daphne\Local Settings\{AA5157C7-6E5B-4069-AD87-962A3113C3DC}
2013-04-04 12:05 - 2013-04-04 12:05 - 00000000 ____D C:\Users\Daphne\AppData\Local\{AA5157C7-6E5B-4069-AD87-962A3113C3DC}
2013-04-03 11:19 - 2013-04-03 11:19 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{0C129B2D-0599-4B08-A80C-EDBD75EDF2CF}
2013-04-03 11:19 - 2013-04-03 11:19 - 00000000 ____D C:\Users\Daphne\Local Settings\{0C129B2D-0599-4B08-A80C-EDBD75EDF2CF}
2013-04-03 11:19 - 2013-04-03 11:19 - 00000000 ____D C:\Users\Daphne\AppData\Local\{0C129B2D-0599-4B08-A80C-EDBD75EDF2CF}
2013-04-02 23:09 - 2013-04-02 23:09 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{028CC37C-5B3B-4B6C-9D48-C77AE61A4270}
2013-04-02 23:09 - 2013-04-02 23:09 - 00000000 ____D C:\Users\Daphne\Local Settings\{028CC37C-5B3B-4B6C-9D48-C77AE61A4270}
2013-04-02 23:09 - 2013-04-02 23:09 - 00000000 ____D C:\Users\Daphne\AppData\Local\{028CC37C-5B3B-4B6C-9D48-C77AE61A4270}
2013-04-02 10:46 - 2013-04-02 10:46 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{959C1E84-31FD-44BC-8A8B-F7271BA76100}
2013-04-02 10:46 - 2013-04-02 10:46 - 00000000 ____D C:\Users\Daphne\Local Settings\{959C1E84-31FD-44BC-8A8B-F7271BA76100}
2013-04-02 10:46 - 2013-04-02 10:46 - 00000000 ____D C:\Users\Daphne\AppData\Local\{959C1E84-31FD-44BC-8A8B-F7271BA76100}
2013-04-01 17:52 - 2013-04-01 17:52 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{90437158-BCC7-4DD7-8196-03A1BFB49A4D}
2013-04-01 17:52 - 2013-04-01 17:52 - 00000000 ____D C:\Users\Daphne\Local Settings\{90437158-BCC7-4DD7-8196-03A1BFB49A4D}
2013-04-01 17:52 - 2013-04-01 17:52 - 00000000 ____D C:\Users\Daphne\AppData\Local\{90437158-BCC7-4DD7-8196-03A1BFB49A4D}
2013-04-01 11:06 - 2013-04-01 11:06 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{5D334A2F-14A5-48D1-907E-0DBB8D1841C0}
2013-04-01 11:06 - 2013-04-01 11:06 - 00000000 ____D C:\Users\Daphne\Local Settings\{5D334A2F-14A5-48D1-907E-0DBB8D1841C0}
2013-04-01 11:06 - 2013-04-01 11:06 - 00000000 ____D C:\Users\Daphne\AppData\Local\{5D334A2F-14A5-48D1-907E-0DBB8D1841C0}
2013-03-31 19:40 - 2013-03-31 19:39 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{3F8E057F-F2C4-4634-B3E0-14BFD2BC6750}
2013-03-31 19:40 - 2013-03-31 19:39 - 00000000 ____D C:\Users\Daphne\Local Settings\{3F8E057F-F2C4-4634-B3E0-14BFD2BC6750}
2013-03-31 19:40 - 2013-03-31 19:39 - 00000000 ____D C:\Users\Daphne\AppData\Local\{3F8E057F-F2C4-4634-B3E0-14BFD2BC6750}
2013-03-31 01:19 - 2013-03-31 01:19 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{32231024-0D43-4C4F-86C7-24AC961EBAD6}
2013-03-31 01:19 - 2013-03-31 01:19 - 00000000 ____D C:\Users\Daphne\Local Settings\{32231024-0D43-4C4F-86C7-24AC961EBAD6}
2013-03-31 01:19 - 2013-03-31 01:19 - 00000000 ____D C:\Users\Daphne\AppData\Local\{32231024-0D43-4C4F-86C7-24AC961EBAD6}
2013-03-30 13:18 - 2013-03-30 13:18 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{53B120F0-5CCB-4604-8B9A-0779F193166E}
2013-03-30 13:18 - 2013-03-30 13:18 - 00000000 ____D C:\Users\Daphne\Local Settings\{53B120F0-5CCB-4604-8B9A-0779F193166E}
2013-03-30 13:18 - 2013-03-30 13:18 - 00000000 ____D C:\Users\Daphne\AppData\Local\{53B120F0-5CCB-4604-8B9A-0779F193166E}
2013-03-30 01:18 - 2013-03-30 01:18 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{75997E08-6C18-49FC-AA12-2FB260F13D38}
2013-03-30 01:18 - 2013-03-30 01:18 - 00000000 ____D C:\Users\Daphne\Local Settings\{75997E08-6C18-49FC-AA12-2FB260F13D38}
2013-03-30 01:18 - 2013-03-30 01:18 - 00000000 ____D C:\Users\Daphne\AppData\Local\{75997E08-6C18-49FC-AA12-2FB260F13D38}
2013-03-29 13:17 - 2013-03-29 13:17 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{08857424-6C1F-4D9A-BEE9-BCB856942078}
2013-03-29 13:17 - 2013-03-29 13:17 - 00000000 ____D C:\Users\Daphne\Local Settings\{08857424-6C1F-4D9A-BEE9-BCB856942078}
2013-03-29 13:17 - 2013-03-29 13:17 - 00000000 ____D C:\Users\Daphne\AppData\Local\{08857424-6C1F-4D9A-BEE9-BCB856942078}
2013-03-29 01:00 - 2013-03-29 00:59 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{2C893DE3-8412-44D2-AE7F-65D86FEF1465}
2013-03-29 01:00 - 2013-03-29 00:59 - 00000000 ____D C:\Users\Daphne\Local Settings\{2C893DE3-8412-44D2-AE7F-65D86FEF1465}
2013-03-29 01:00 - 2013-03-29 00:59 - 00000000 ____D C:\Users\Daphne\AppData\Local\{2C893DE3-8412-44D2-AE7F-65D86FEF1465}
2013-03-28 12:59 - 2013-03-28 12:59 - 00000000 ____D C:\Users\Daphne\Local Settings\Application Data\{DDF82B5A-54D8-47BE-903E-34630C88A4F6}
2013-03-28 12:59 - 2013-03-28 12:59 - 00000000 ____D C:\Users\Daphne\Local Settings\{DDF82B5A-54D8-47BE-903E-34630C88A4F6}
2013-03-28 12:59 - 2013-03-28 12:59 - 00000000 ____D C:\Users\Daphne\AppData\Local\{DDF82B5A-54D8-47BE-903E-34630C88A4F6}

ZeroAccess:
C:\Users\Daphne\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Users\Daphne\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
C:\Users\Daphne\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-03-29 13:22:15
Restore point made on: 2013-04-02 13:37:33
Restore point made on: 2013-04-05 21:11:43
Restore point made on: 2013-04-10 16:27:19
Restore point made on: 2013-04-10 19:33:18
Restore point made on: 2013-04-16 10:39:23
Restore point made on: 2013-04-19 11:08:40
Restore point made on: 2013-04-23 11:23:48
Restore point made on: 2013-04-24 22:02:29

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 2932.51 MB
Available physical RAM: 2360.7 MB
Total Pagefile: 2930.66 MB
Available Pagefile: 2369.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:214.15 GB) NTFS (Disk=0 Partition=3)
Drive d: (TurboTax 2012) (CDROM) (Total:0.36 GB) (Free:0 GB) CDFS
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:4.27 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:1.97 GB) (Free:1.97 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B        
  Disk 1    No Media           0 B      0 B        
  Disk 2    Online         2019 MB      0 B        

Partitions of Disk 0:
===============

Disk ID: F6996217

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                100 MB  1024 KB
  Partition 2    Primary             14 GB   101 MB
  Partition 3    Primary            283 GB    14 GB

==================================================================================

Disk: 0
Partition 1
Type  : DE
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5                      FAT    Partition    100 MB  Healthy    Hidden 

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     E   RECOVERY     NTFS   Partition     14 GB  Healthy           

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    283 GB  Healthy           

=========================================================

Partitions of Disk 2:
===============

Disk ID: 00238591

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           2019 MB    16 KB

==================================================================================

Disk: 2
Partition 1
Type  : 06
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G                FAT    Removable   2019 MB  Healthy           

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (Size: 298 GB) (Disk ID: F6996217)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07) (NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07) (NTFS)

====================================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00238591)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

Last Boot: 2013-04-24 19:20

==================== End Of Log ============================



#11 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:00 PM

Posted 27 April 2013 - 10:12 PM

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

Please download the following: Attached File  fixlist.txt   330bytes   5 downloads

 

Save this file to your flash drive.in the same directory where FRST64.exe resides.

 

Now please enter System Recovery Options as you did before.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.



#12 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 27 April 2013 - 10:29 PM

Thank you  - I appreciate your quick follow up!  Here is fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2013 07
Ran by SYSTEM at 2013-04-27 23:26:52 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore value deleted successfully.
0264381366908775mcinstcleanup service deleted successfully.

====== End of Folder: ======
C:\Users\Daphne\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} moved successfully.

==== End of Fixlog ====



#13 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:00 PM

Posted 27 April 2013 - 11:06 PM

Try to reboot normally. Give me detail on what happens.



#14 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 27 April 2013 - 11:23 PM

OK...normal boot.

 

1 - I get Windows Error Recovery screen; I selected "start Windows normally"

2 - Dark screen with "starting windows" for 3-4 minutes

3 - Dark screen for 30-45 seconds

4 - Pop up - LogonUI.exe - System Error

The program can't start because COMCTL32.dll is missing from your computer.  Try reinstalling the program o fix this problem.

5 - I clicked "ok", but message re-appears and system fails to progress beyond this point

 

Thanks for your help!



#15 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:00 PM

Posted 28 April 2013 - 04:32 PM

Return to System Recovery Options

 

Figure out which drive letter belongs to your Operating System (OS) partition. In your logs, it was C:

Remember you can use Notepad to figure it out again.

 

Once you have figured that out, type in the following: chkdsk /r c:

 

Note: Replace c: with the letter of your OS partition.

 

This should start a check disk on the OS partition. This process can take a while (couple of hours and it should be done) so be patient.

 

__

 

Once chkdsk completes its stage 5 of 5.

 

Run this command next:  sfc /SCANNOW /OFFBOOTDIR=c:\ /OFFWINDIR=c:\windows

 

Note: Replace c: with the letter of your OS partition.

 

If done successfully, a message like the below should appear:

 

sfcofflinefinish.png

 

 

 

Let me know how you progress through the above steps and the messages given to you.


Edited by thisisu, 28 April 2013 - 04:33 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users