Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Had google redirect virus, ran hitman, wont boot [Solved]


  • This topic is locked This topic is locked

#1
mhk44

mhk44

    Member

  • Member
  • PipPip
  • 12 posts
Had Google Redirect Virus.

Ran Hitman Pro 3.6.

Now laptop won't boot, even in safe mode.

Tried standard recovery but all attempts failed.

Tried following commands:
bootsect /nt60 SYS /mbr
bootrec /fixmbr
bootrec /fixboot

BSOD stopcode: 0x0000007b (0x80786b58, 0xc000000d, 0x00000000, 0x00000000)

Can't restore.... no existing restore points

Laptop came with Vista. Upgraded with Windows 7 Home Premium

Output from OTLEP (OTL.TXT) attached.

Attached Files

  • Attached File  OTL.Txt   118.78KB   74 downloads

  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Hi, mhk44! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.






What happened leading up to this when it was working? Had it been working fine until the recent attack or were there symptoms of malware earlier?

Do you have another computer we can use to download files? If so what is the operating system (i . e. XP, Vista, Windows 7)

Do you have a small USB flash drive to transfer files?

Do you have some blank CD's to make CD's on the good machine?

Do you have the Windows 7 Install disk we could use to boot up from the CD/DVD drive?
  • 0

#3
mhk44

mhk44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

What happened leading up to this when it was working? Had it been working fine until the recent attack or were there symptoms of malware earlier?


Got Google Redirect Virus - still able to reboot

Ran Hitman Pro 3.6 - no longer able to boot up

Do you have another computer we can use to download files? If so what is the operating system (i . e. XP, Vista, Windows 7)


Yes, an identical Toshiba laptop also running Windows 7 (Upgrade from Vista)

Do you have a small USB flash drive to transfer files?


Yes

Do you have some blank CD's to make CD's on the good machine?


Yes

Do you have the Windows 7 Install disk we could use to boot up from the CD/DVD drive?


Yes
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.


Use this if you can get to it..

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


Use this method if you cannot get to a command prompt in the steps for System Recovery Options from F8 above..

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
Posted Image
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Edited by CompCav, 28 February 2012 - 06:44 AM.

  • 0

#5
mhk44

mhk44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I apologize for jumping the gun, but when I was waiting for a reply I found an entry in this forum that was very similar to mine and decided to try its solution.

I rebooted my bad laptop and pressed F10 until I got the "Edit Boot Options" screen.
It showed "/NOEXECUTE=OPTIN /MININT"

So I rebooted my good identical laptop and did the same thing.
It showed only "/NOEXECUTE=OPTIN"

That's when I decided to erase the /MININT parameter on the bad laptop and see if it booted up.
It did!

I ran a virus scan (AVG) and it found 0 problems.

However, I looked in Device Manager for any "Hidden" drivers... there is one.
So I may still have some issues.

I need to use this laptop so I am anxious to prove my machine is clean.

What should I do next?
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Please run the step I had it finds things even on bootable computers!
  • 0

#7
mhk44

mhk44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
My version of FRST.EXE must be newer than the one shown in your reply.

My version includes a checkbox for files and is pre-checked.

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 27-02-2012
Ran by SYSTEM at 28-02-2012 07:25:01
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [184320 2008-02-14] (CyberLink)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [143360 2007-12-13] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe [807440 2006-10-09] (DigitalPersona, Inc.)
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [417792 2008-09-26] (Chicony)
HKLM\...\Run: [OWCWebCamDV] C:\Windows\system\wcdvtray.exe [1056768 2004-05-20] (OrangeWare, Inc.)
HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [TaskTray] [x]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [273544 2011-06-06] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [ScUninst] C:\Users\Mike\AppData\Local\Temp\ScUninst.exe -UC:\Users\Mike\AppData\Local\Temp\ScUninst.ini [216 2011-10-27] ()
HKU\Mike\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\Mike\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Mike\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [430080 2008-07-04] (TOSHIBA)
HKU\Mike\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4617600 2012-02-21] (SUPERAntiSpyware.com)
Winlogon\Notify\DPWLN : C:\Windows\system32\DPWLEvHd.dll (DigitalPersona, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
Lsa: [Notification Packages] scecli
DPPWDFLT

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-02-21] (SUPERAntiSpyware.com)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [595232 2009-09-04] (Broadcom Corporation.)
2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [40960 2007-12-25] (TOSHIBA CORPORATION)
2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHost.exe [230928 2006-10-09] (DigitalPersona, Inc.)
2 Eagletron TrackerPod Service; C:\Program Files\Common Files\Eagletron\TrackerPodSvcSvr.exe [137216 2010-04-15] (Eagletron Inc.)
2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation)
2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [135664 2010-01-05] (Google Inc.)
3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [135664 2010-01-05] (Google Inc.)
3 ITSQS; C:\Users\Mike\AppData\Local\Temp\ITSQS.exe [494464 2012-02-22] (Sysinternals - www.sysinternals.com)
3 LBTServ; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()
2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation)
2 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-01-21] (TOSHIBA Corporation)
2 TODDSrv; C:\Windows\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [464224 2009-08-21] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [128360 2007-09-28] (TOSHIBA CORPORATION)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
3 Avc; C:\Windows\System32\DRIVERS\avc.sys [40320 2009-07-13] (Microsoft Corporation)
3 AVC3310F; C:\Windows\System32\Drivers\avcuwfl2.sys [18048 2005-10-31] (Adaptec, Inc)
3 AvcUWil2; C:\Windows\System32\DRIVERS\avcuwil2.sys [1461376 2005-11-16] (Adaptec Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134736 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [23120 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24272 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [16720 2011-10-04] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [230608 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [40016 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [295248 2011-07-10] (AVG Technologies CZ, s.r.o.)
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [29472 2009-04-07] (Broadcom Corporation.)
1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions)
1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions)
3 dpK0Bx01; C:\Windows\System32\DRIVERS\dpK0Bx01.sys [35584 2006-09-16] (DigitalPersona®, Inc.)
2 DVDRIVER; C:\Windows\System32\DRIVERS\dvdriver.sys [35016 2009-11-18] (Eagletron Inc.)
3 FwLnk; C:\Windows\System32\DRIVERS\FwLnk.sys [7168 2006-11-20] (TOSHIBA Corporation)
3 hitmanpro35; \??\C:\Windows\system32\drivers\hitmanpro35.sys [23624 2012-02-27] ()
4 KR10I; C:\Windows\System32\drivers\kr10i.sys [219264 2006-11-08] (TOSHIBA CORPORATION)
4 KR10N; C:\Windows\System32\drivers\kr10n.sys [211072 2006-11-08] (TOSHIBA CORPORATION)
3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [35472 2009-06-17] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
3 MSDV; C:\Windows\System32\DRIVERS\msdv.sys [52608 2009-07-13] (Microsoft Corporation)
3 MSHUSBVideo; C:\Windows\System32\Drivers\nx6000.sys [30576 2010-05-20] (Microsoft Corporation)
3 netw5v32; C:\Windows\System32\DRIVERS\netw5v32.sys [4231168 2009-07-13] (Intel Corporation)
2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [39936 2007-02-24] (REDC)
2 rimsptsk; C:\Windows\System32\DRIVERS\rimsptsk.sys [42496 2007-01-23] (REDC)
2 rismxdp; C:\Windows\System32\DRIVERS\rixdptsk.sys [37376 2007-03-21] (REDC)
4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [234016 2009-12-20] (Realtek )
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2012-02-21] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 ser2plms; C:\Windows\System32\DRIVERS\ser2plms.sys [42240 2004-07-22] (Prolific Technology Inc.)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [16128 2006-10-18] (TOSHIBA Corporation.)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [9216 2006-10-23] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-07-14] (TOSHIBA Corporation)
3 ubloxusb; C:\Windows\System32\DRIVERS\ubloxusb.sys [75264 2009-11-27] (u-blox AG)
3 usbdpfp; C:\Windows\System32\DRIVERS\usbdpfp.sys [47360 2006-09-16] (DigitalPersona®, Inc.)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
3 WCDV_Aud; C:\Windows\System32\drivers\wcdvaud.sys [12672 2004-01-30] (OrangeWare, Inc.)
2 WebCamDV; C:\Windows\System32\DRIVERS\WebCamDV.sys [212608 2004-05-11] (OrangeWare, Inc.)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [60160 2009-08-13] (Microsoft Corporation)
3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]
3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]
3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]
3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]
3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]
1 SpNtDrv; [x]
1 SydexFDD; C:\Windows\System32\drives\sydexfdd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-28 03:58 - 2012-02-28 03:58 - 0000000 ____D C:\Users\Mike\AppData\Local\{E6B29566-F048-4668-AB78-3EB36D8EC9AE}
2012-02-28 03:58 - 2012-02-28 03:58 - 0000000 ____D C:\Users\Mike\AppData\Local\{743730CB-5FB0-4CAC-A606-ED10DB34AB7A}
2012-02-27 12:45 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-27 12:45 - 2012-01-04 00:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-27 12:45 - 2011-12-29 21:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-27 12:45 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-27 12:43 - 2012-02-27 12:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{DADC8D2D-9FCE-486F-8AF2-C7E93FC0E6BE}
2012-02-27 12:43 - 2012-02-27 12:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{2AAA5E14-16B0-4D79-9E05-9F9FD700988F}
2012-02-25 22:26 - 2012-02-25 22:26 - 0032768 ____A C:\BCD_Backup
2012-02-25 22:26 - 2012-02-25 22:26 - 0029696 __ASH C:\BCD_Backup.LOG
2012-02-25 22:26 - 2012-02-25 22:26 - 0000000 __ASH C:\BCD_Backup.LOG2
2012-02-25 22:26 - 2012-02-25 22:26 - 0000000 __ASH C:\BCD_Backup.LOG1
2012-02-25 15:00 - 2012-02-25 15:00 - 0121628 ____A C:\OTL.Txt
2012-02-24 08:41 - 2012-02-24 08:41 - 0003594 ____A C:\Windows\System32\.crusader
2012-02-24 08:31 - 2012-02-27 12:41 - 0023624 ____A C:\Windows\System32\Drivers\hitmanpro35.sys
2012-02-24 08:30 - 2012-02-24 08:41 - 0000000 ____D C:\Users\All Users\Hitman Pro
2012-02-24 08:30 - 2012-02-24 08:41 - 0000000 ____D C:\ProgramData\Hitman Pro
2012-02-24 08:29 - 2012-02-24 08:29 - 6480192 ____A (SurfRight B.V.) C:\Users\Mike\Downloads\HitmanPro35.exe
2012-02-23 20:49 - 2012-02-23 20:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{BF43E938-C045-4B1A-9537-AB6AFDFE0227}
2012-02-23 20:49 - 2012-02-23 20:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{985ABA6E-1CEB-4B56-A12B-A3691EA80FF4}
2012-02-23 14:05 - 2012-02-23 14:32 - 0000000 ____D C:\Users\All Users\PC Tools
2012-02-23 14:05 - 2012-02-23 14:32 - 0000000 ____D C:\ProgramData\PC Tools
2012-02-23 08:48 - 2012-02-23 08:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{67AC2953-C88A-46AD-AD4A-A4233584E396}
2012-02-23 08:48 - 2012-02-23 08:48 - 0000000 ____D C:\Users\Mike\AppData\Local\{5342F956-E7A4-4C48-9AFD-DB8465E4219D}
2012-02-22 10:29 - 2012-02-23 14:32 - 0254928 ____A C:\Windows\ntbtlog.txt
2012-02-22 02:51 - 2012-02-22 02:51 - 0000000 ____D C:\Users\Mike\AppData\Local\{35FB42A1-EFAE-43AC-AADA-C197D9BC9DC4}
2012-02-22 02:50 - 2012-02-22 02:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{CA9E22F8-418B-45D8-8F71-FFB68C51BA0F}
2012-02-21 19:39 - 2012-02-21 19:48 - 0000826 ____A C:\Users\Mike\Documents\hosts.txt
2012-02-21 17:09 - 2012-02-21 17:10 - 0001036 ____A C:\Users\All Users\hpzinstall.log
2012-02-21 17:09 - 2012-02-21 17:10 - 0001036 ____A C:\ProgramData\hpzinstall.log
2012-02-21 14:50 - 2012-02-21 14:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{B45C1F8A-4CF8-4707-BEFF-8B9652150FC5}
2012-02-21 14:49 - 2012-02-21 14:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{B535F8AB-88AC-437D-B68E-9670D9182259}
2012-02-21 12:43 - 2012-02-21 12:43 - 0000012 ____A C:\Windows\srun.log
2012-02-20 06:45 - 2012-02-20 06:45 - 0145224 ____A C:\Windows\Minidump\022012-72961-01.dmp
2012-02-20 03:34 - 2012-02-20 03:34 - 0000000 ____D C:\Users\Mike\AppData\Local\{78ACE10B-35E1-4724-960E-49C7C9C35FE3}
2012-02-20 03:34 - 2012-02-20 03:34 - 0000000 ____D C:\Users\Mike\AppData\Local\{65067E31-1D96-4194-AAB1-F9E0416AC465}
2012-02-19 23:43 - 2012-02-19 23:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{E2688B55-3941-4090-B3D5-EF1D9BE840A7}
2012-02-19 23:43 - 2012-02-19 23:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{AFA83908-C99E-408F-BBAE-C01EF153A702}
2012-02-19 23:42 - 2012-02-19 23:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{D031911A-0F1D-42E7-A26A-396063446F39}
2012-02-19 11:42 - 2012-02-19 11:42 - 0000000 ____D C:\Users\Mike\AppData\Local\{C89F1D6F-1EA8-479E-BFA0-BABA703FF92E}
2012-02-18 20:51 - 2012-02-18 20:51 - 0000000 ____D C:\Users\Mike\AppData\Local\{54FB8247-BAF9-4CA9-9D50-DDAD076216B4}
2012-02-18 20:50 - 2012-02-19 23:42 - 0000000 ____D C:\Users\Mike\AppData\Local\{D8E721A0-32CF-4575-9BE5-529BE43E4884}
2012-02-18 17:46 - 2012-02-20 03:26 - 0000000 ____D C:\32788R22FWJFW
2012-02-18 17:46 - 2012-02-18 17:46 - 0000000 ____D C:\Qoobox
2012-02-18 17:44 - 2012-02-18 17:44 - 0000169 ____A C:\Users\Mike\Downloads\cfscript.txt
2012-02-18 12:57 - 2012-02-18 12:57 - 0000000 ____D C:\Users\Mike\Documents\Ulead DVD MovieFactory
2012-02-18 12:57 - 2012-02-18 12:57 - 0000000 ____D C:\Users\Mike\AppData\Roaming\Ulead Systems
2012-02-18 11:53 - 2012-01-13 19:35 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-18 11:53 - 2011-12-13 19:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-18 11:53 - 2011-12-13 19:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-18 11:53 - 2011-12-13 19:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-18 11:53 - 2011-12-13 18:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-18 11:53 - 2011-12-13 18:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-18 11:53 - 2011-12-13 18:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-18 11:53 - 2011-12-13 18:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-18 11:53 - 2011-12-13 18:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-18 11:53 - 2011-12-13 18:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-18 11:53 - 2011-12-13 18:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-18 11:53 - 2011-12-13 18:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-18 11:53 - 2011-12-13 18:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-18 11:53 - 2011-12-13 18:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-18 10:42 - 2012-02-18 10:42 - 0000000 ____D C:\Intel
2012-02-18 09:28 - 2012-02-18 09:28 - 0001082 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-18 09:28 - 2011-12-10 12:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-02-18 08:50 - 2012-02-18 08:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{77E5FF78-B997-4622-B9BF-5B71A3F1376D}
2012-02-18 08:49 - 2012-02-18 08:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{DC26F4C1-8358-433E-8D7B-BA45A237F2A0}
2012-02-18 04:02 - 2012-02-18 04:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{B3ACDF28-3BD0-4C83-8733-A291F802EF96}
2012-02-17 16:01 - 2012-02-17 16:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{4941C780-618C-47FB-ADFE-1BEA2D151B55}
2012-02-17 04:01 - 2012-02-17 04:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{5CB61C05-9ABE-4211-B252-49E3747216A6}
2012-02-16 16:00 - 2012-02-18 04:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{C81D1AEC-EAF4-4B25-8734-9E84CAF3647E}
2012-02-16 16:00 - 2012-02-16 16:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{8E619F7A-C3AF-4A98-A96D-8F7FDF1BE158}
2012-02-16 08:12 - 2012-02-23 08:47 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-16 08:12 - 2012-02-23 08:47 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-16 08:12 - 2012-02-20 03:26 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-02-16 08:12 - 2012-02-16 08:12 - 0000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-02-16 04:00 - 2012-02-16 04:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{8900A161-8521-41E7-BF3F-43A3C6646271}
2012-02-16 04:00 - 2012-02-16 04:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{1545D97E-4FC1-4E70-89D9-679A414D6409}
2012-02-15 13:38 - 2012-02-15 13:39 - 0000000 ____D C:\Users\Mike\AppData\Local\{0E63733E-21CD-4264-9C0C-70EA737BA0F1}
2012-02-15 13:38 - 2012-02-15 13:38 - 0000000 ____D C:\Users\Mike\AppData\Local\{62EDBD9D-22C6-429D-B7FC-2603BEAE31A1}
2012-02-15 01:38 - 2012-02-15 01:38 - 0000000 ____D C:\Users\Mike\AppData\Local\{960A7B3E-E7B1-436B-B8FE-98640E76E9F4}
2012-02-14 13:37 - 2012-02-15 01:38 - 0000000 ____D C:\Users\Mike\AppData\Local\{B0EC813E-CFF4-46C7-A034-5671023B8408}
2012-02-14 13:37 - 2012-02-14 13:37 - 0000000 ____D C:\Users\Mike\AppData\Local\{C6944C6A-5D9F-4CBF-A9D1-C7B7F1F156AE}
2012-02-13 22:12 - 2012-02-13 22:13 - 0000000 ____D C:\Users\Mike\AppData\Local\{75F345C4-753B-46F4-ABE3-566955CB1AF4}
2012-02-13 10:12 - 2012-02-13 10:12 - 0000000 ____D C:\Users\Mike\AppData\Local\{223B71A0-02A7-4858-AFC1-A858B43F975F}
2012-02-12 22:11 - 2012-02-12 22:11 - 0000000 ____D C:\Users\Mike\AppData\Local\{D8DBDB79-ED04-45BC-B2C5-EA79E55B83F6}
2012-02-12 10:11 - 2012-02-12 10:11 - 0000000 ____D C:\Users\Mike\AppData\Local\{F173E388-0BC5-4B5B-B643-8B578C6E782A}
2012-02-11 22:10 - 2012-02-11 22:10 - 0000000 ____D C:\Users\Mike\AppData\Local\{20566B4D-CE62-4448-A46C-8E4C3F4EF9E7}
2012-02-11 10:10 - 2012-02-11 10:10 - 0000000 ____D C:\Users\Mike\AppData\Local\{B21D86A8-F6FB-46DB-8BD4-75E25CE7AB86}
2012-02-10 22:09 - 2012-02-10 22:09 - 0000000 ____D C:\Users\Mike\AppData\Local\{F963AB52-DB56-43B0-AEB2-E0EDE9E60C8D}
2012-02-10 10:09 - 2012-02-10 10:09 - 0000000 ____D C:\Users\Mike\AppData\Local\{45349407-4851-4A6B-B311-0ADB600D85AD}
2012-02-09 22:09 - 2012-02-09 22:09 - 0000000 ____D C:\Users\Mike\AppData\Local\{9E4EB32A-C404-44D5-8341-903E9EB20810}
2012-02-09 10:08 - 2012-02-09 10:08 - 0000000 ____D C:\Users\Mike\AppData\Local\{86B7BA6F-8396-41AA-97C5-0088F4A5DDD4}
2012-02-08 22:08 - 2012-02-08 22:08 - 0000000 ____D C:\Users\Mike\AppData\Local\{7D49DAA1-EAF6-4590-9C06-7D3D4354ABCD}
2012-02-08 10:07 - 2012-02-08 10:08 - 0000000 ____D C:\Users\Mike\AppData\Local\{13C14BFE-ED66-4598-B2FE-125F00387218}
2012-02-07 22:07 - 2012-02-07 22:07 - 0000000 ____D C:\Users\Mike\AppData\Local\{83C9F9DA-2088-4745-9643-950AC0C4092B}
2012-02-07 10:07 - 2012-02-07 10:07 - 0000000 ____D C:\Users\Mike\AppData\Local\{00A8C89B-1DAB-41AA-8622-4E3502ADE088}
2012-02-06 22:06 - 2012-02-06 22:07 - 0000000 ____D C:\Users\Mike\AppData\Local\{FD885E42-FE7B-4B9F-92DB-AB98AC55E31A}
2012-02-06 10:06 - 2012-02-06 10:06 - 0000000 ____D C:\Users\Mike\AppData\Local\{448C01D1-C7A7-4804-B8B1-9EF34E39A675}
2012-02-05 22:06 - 2012-02-05 22:06 - 0000000 ____D C:\Users\Mike\AppData\Local\{1933979C-F2F6-4691-B576-7D207A576728}
2012-02-05 10:05 - 2012-02-05 10:05 - 0000000 ____D C:\Users\Mike\AppData\Local\{080F944A-B97A-4BF9-A4A4-C08FFE90BA41}
2012-02-04 22:05 - 2012-02-04 22:05 - 0000000 ____D C:\Users\Mike\AppData\Local\{6EBC5230-5D47-42D5-956C-7A1B02A956CF}
2012-02-04 14:23 - 2012-02-20 03:26 - 0000000 ____D C:\Program Files\LastPass
2012-02-04 10:04 - 2012-02-04 10:05 - 0000000 ____D C:\Users\Mike\AppData\Local\{821BC5BC-1613-4104-8800-9CDDCB70319B}
2012-02-03 22:04 - 2012-02-03 22:04 - 0000000 ____D C:\Users\Mike\AppData\Local\{851B7486-A556-4F48-A9FF-6C0E6DA1EE59}
2012-02-03 10:04 - 2012-02-03 10:04 - 0000000 ____D C:\Users\Mike\AppData\Local\{79AF760F-E18E-4BE6-998B-1E129FCA0C29}
2012-02-02 22:03 - 2012-02-02 22:04 - 0000000 ____D C:\Users\Mike\AppData\Local\{0A90ECD8-62F9-44FF-B794-948607E229FA}
2012-02-02 10:03 - 2012-02-02 10:03 - 0000000 ____D C:\Users\Mike\AppData\Local\{828867CD-B98D-4694-960F-6B53474742B3}
2012-02-01 22:03 - 2012-02-01 22:03 - 0000000 ____D C:\Users\Mike\AppData\Local\{03013DBC-6FA8-48B7-9FC3-8989C3553C18}
2012-02-01 10:02 - 2012-02-01 10:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{E534C89B-4880-422B-AD96-A135789EDAD9}
2012-01-31 22:02 - 2012-01-31 22:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{67147821-375D-46E3-8FBF-097CA4EC1024}
2012-01-31 10:02 - 2012-01-31 10:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{4BE7FFC8-BA5A-435A-9437-88FADC49C978}
2012-01-30 22:01 - 2012-01-30 22:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{F750FD8C-211C-4226-A282-CF8DBEE0944D}
2012-01-30 10:01 - 2012-01-30 10:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{812ADAC0-AAA3-45E2-B59E-4AB384AD236E}
2012-01-29 22:00 - 2012-01-29 22:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{DF4BF218-1618-4506-B511-4568EEDD5ECF}
2012-01-29 10:00 - 2012-01-29 10:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{EA1826FB-D5F9-4247-B1A9-948746317C37}


============ 3 Months Modified Files and Folders ===============

2012-02-28 07:25 - 2012-02-28 07:24 - 0000000 ____D C:\FRST
2012-02-28 04:20 - 2010-04-30 07:59 - 1108449 ____A C:\Windows\WindowsUpdate.log
2012-02-28 04:04 - 2010-04-26 18:56 - 0009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-28 04:04 - 2010-04-26 18:56 - 0009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-28 03:59 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-02-28 03:58 - 2012-02-28 03:58 - 0000000 ____D C:\Users\Mike\AppData\Local\{E6B29566-F048-4668-AB78-3EB36D8EC9AE}
2012-02-28 03:58 - 2012-02-28 03:58 - 0000000 ____D C:\Users\Mike\AppData\Local\{743730CB-5FB0-4CAC-A606-ED10DB34AB7A}
2012-02-28 03:58 - 2010-10-26 08:20 - 0000000 ____D C:\Users\Mike\AppData\Local\Windows Live
2012-02-28 03:57 - 2010-02-06 08:05 - 0000000 ____D C:\Users\Mike\Tracing
2012-02-28 03:57 - 2008-04-19 11:31 - 0000174 ___SH C:\Users\Mike\Start Menu\Programs\Startup\desktop.ini
2012-02-28 03:57 - 2008-04-19 11:31 - 0000174 ___SH C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-28 03:56 - 2010-01-05 07:12 - 0000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-28 03:54 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-28 03:54 - 2009-07-13 20:39 - 0734227 ____A C:\Windows\setupact.log
2012-02-28 03:53 - 2010-04-30 08:01 - 2408017920 __ASH C:\hiberfil.sys
2012-02-28 00:16 - 2008-04-20 12:01 - 0006744 ____A C:\Users\Mike\Documents\MyPasswords.pwd
2012-02-27 23:27 - 2010-10-16 06:47 - 0000000 ____D C:\Users\All Users\MFAData
2012-02-27 23:27 - 2010-10-16 06:47 - 0000000 ____D C:\ProgramData\MFAData
2012-02-27 23:27 - 2008-10-31 17:44 - 0000000 ____D C:\Windows\System32\Drivers\Avg
2012-02-27 23:25 - 2010-01-05 07:12 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-27 16:41 - 2008-04-20 11:56 - 0000000 ____D C:\Users\Mike\Documents\MyToolbar
2012-02-27 12:43 - 2012-02-27 12:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{DADC8D2D-9FCE-486F-8AF2-C7E93FC0E6BE}
2012-02-27 12:43 - 2012-02-27 12:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{2AAA5E14-16B0-4D79-9E05-9F9FD700988F}
2012-02-27 12:41 - 2012-02-24 08:31 - 0023624 ____A C:\Windows\System32\Drivers\hitmanpro35.sys
2012-02-25 22:26 - 2012-02-25 22:26 - 0032768 ____A C:\BCD_Backup
2012-02-25 22:26 - 2012-02-25 22:26 - 0029696 __ASH C:\BCD_Backup.LOG
2012-02-25 22:26 - 2012-02-25 22:26 - 0000000 __ASH C:\BCD_Backup.LOG2
2012-02-25 22:26 - 2012-02-25 22:26 - 0000000 __ASH C:\BCD_Backup.LOG1
2012-02-25 15:00 - 2012-02-25 15:00 - 0121628 ____A C:\OTL.Txt
2012-02-25 14:34 - 2010-04-30 07:00 - 0000000 ____D C:\users\Mike
2012-02-24 08:41 - 2012-02-24 08:41 - 0003594 ____A C:\Windows\System32\.crusader
2012-02-24 08:41 - 2012-02-24 08:30 - 0000000 ____D C:\Users\All Users\Hitman Pro
2012-02-24 08:41 - 2012-02-24 08:30 - 0000000 ____D C:\ProgramData\Hitman Pro
2012-02-24 08:29 - 2012-02-24 08:29 - 6480192 ____A (SurfRight B.V.) C:\Users\Mike\Downloads\HitmanPro35.exe
2012-02-23 20:49 - 2012-02-23 20:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{BF43E938-C045-4B1A-9537-AB6AFDFE0227}
2012-02-23 20:49 - 2012-02-23 20:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{985ABA6E-1CEB-4B56-A12B-A3691EA80FF4}
2012-02-23 17:10 - 2009-07-13 20:53 - 0032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-23 14:33 - 2010-04-26 19:36 - 0118152 ____A C:\Windows\PFRO.log
2012-02-23 14:32 - 2012-02-23 14:05 - 0000000 ____D C:\Users\All Users\PC Tools
2012-02-23 14:32 - 2012-02-23 14:05 - 0000000 ____D C:\ProgramData\PC Tools
2012-02-23 14:32 - 2012-02-22 10:29 - 0254928 ____A C:\Windows\ntbtlog.txt
2012-02-23 08:52 - 2010-02-13 07:29 - 0000000 ___HD C:\Config.Msi
2012-02-23 08:49 - 2012-02-23 08:48 - 0000000 ____D C:\Users\Mike\AppData\Local\{67AC2953-C88A-46AD-AD4A-A4233584E396}
2012-02-23 08:48 - 2012-02-23 08:48 - 0000000 ____D C:\Users\Mike\AppData\Local\{5342F956-E7A4-4C48-9AFD-DB8465E4219D}
2012-02-23 08:47 - 2012-02-16 08:12 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-23 08:47 - 2012-02-16 08:12 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-22 02:51 - 2012-02-22 02:51 - 0000000 ____D C:\Users\Mike\AppData\Local\{35FB42A1-EFAE-43AC-AADA-C197D9BC9DC4}
2012-02-22 02:50 - 2012-02-22 02:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{CA9E22F8-418B-45D8-8F71-FFB68C51BA0F}
2012-02-21 19:52 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-02-21 19:50 - 2006-11-02 02:23 - 0000824 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-21 19:48 - 2012-02-21 19:39 - 0000826 ____A C:\Users\Mike\Documents\hosts.txt
2012-02-21 18:16 - 2010-04-30 08:10 - 0172208 ____A C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-21 18:13 - 2009-07-13 20:33 - 0567336 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-21 17:45 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-02-21 17:42 - 2010-09-09 05:57 - 0000000 ____D C:\Users\All Users\Sun
2012-02-21 17:42 - 2010-09-09 05:57 - 0000000 ____D C:\ProgramData\Sun
2012-02-21 17:35 - 2008-02-12 18:36 - 0000000 ____D C:\Program Files\Java
2012-02-21 17:35 - 2008-02-12 18:36 - 0000000 ____D C:\Program Files\Common Files\Java
2012-02-21 17:31 - 2008-02-12 18:06 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-02-21 17:25 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Microsoft Games
2012-02-21 17:10 - 2012-02-21 17:09 - 0001036 ____A C:\Users\All Users\hpzinstall.log
2012-02-21 17:10 - 2012-02-21 17:09 - 0001036 ____A C:\ProgramData\hpzinstall.log
2012-02-21 17:09 - 2008-02-12 18:51 - 0000000 ____D C:\Program Files\Google
2012-02-21 16:52 - 2008-04-19 11:31 - 0000000 ____D C:\Users\Mike\AppData\Local\Google
2012-02-21 16:51 - 2008-02-12 18:53 - 0000000 ____D C:\Users\All Users\Google
2012-02-21 16:51 - 2008-02-12 18:53 - 0000000 ____D C:\ProgramData\Google
2012-02-21 16:11 - 2008-03-19 21:40 - 0000000 ____D C:\Program Files\Microsoft Visual Studio
2012-02-21 14:57 - 2008-04-19 18:09 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-02-21 14:50 - 2012-02-21 14:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{B45C1F8A-4CF8-4707-BEFF-8B9652150FC5}
2012-02-21 14:50 - 2012-02-21 14:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{B535F8AB-88AC-437D-B68E-9670D9182259}
2012-02-21 12:43 - 2012-02-21 12:43 - 0000012 ____A C:\Windows\srun.log
2012-02-20 06:45 - 2012-02-20 06:45 - 0145224 ____A C:\Windows\Minidump\022012-72961-01.dmp
2012-02-20 06:45 - 2010-06-06 00:46 - 0000000 ____D C:\Windows\Minidump
2012-02-20 06:44 - 2010-06-06 00:46 - 482110895 ____A C:\Windows\MEMORY.DMP
2012-02-20 03:35 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-20 03:34 - 2012-02-20 03:34 - 0000000 ____D C:\Users\Mike\AppData\Local\{78ACE10B-35E1-4724-960E-49C7C9C35FE3}
2012-02-20 03:34 - 2012-02-20 03:34 - 0000000 ____D C:\Users\Mike\AppData\Local\{65067E31-1D96-4194-AAB1-F9E0416AC465}
2012-02-20 03:27 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\wfp
2012-02-20 03:27 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-02-20 03:26 - 2012-02-18 17:46 - 0000000 ____D C:\32788R22FWJFW
2012-02-20 03:26 - 2012-02-16 08:12 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-02-20 03:26 - 2012-02-04 14:23 - 0000000 ____D C:\Program Files\LastPass
2012-02-20 03:26 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\registration
2012-02-20 03:26 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\AppCompat
2012-02-20 03:26 - 2008-04-19 11:31 - 0000000 ____D C:\Users\Mike\AppData\Local\PowerCinema
2012-02-20 03:25 - 2011-04-29 11:19 - 0000000 ____D C:\Program Files\Sierra
2012-02-20 03:25 - 2009-11-22 16:53 - 0000000 ____D C:\Users\All Users\Real
2012-02-20 03:25 - 2009-11-22 16:53 - 0000000 ____D C:\ProgramData\Real
2012-02-19 23:43 - 2012-02-19 23:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{E2688B55-3941-4090-B3D5-EF1D9BE840A7}
2012-02-19 23:43 - 2012-02-19 23:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{AFA83908-C99E-408F-BBAE-C01EF153A702}
2012-02-19 23:43 - 2012-02-19 23:42 - 0000000 ____D C:\Users\Mike\AppData\Local\{D031911A-0F1D-42E7-A26A-396063446F39}
2012-02-19 23:42 - 2012-02-18 20:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{D8E721A0-32CF-4575-9BE5-529BE43E4884}
2012-02-19 11:42 - 2012-02-19 11:42 - 0000000 ____D C:\Users\Mike\AppData\Local\{C89F1D6F-1EA8-479E-BFA0-BABA703FF92E}
2012-02-18 20:51 - 2012-02-18 20:51 - 0000000 ____D C:\Users\Mike\AppData\Local\{54FB8247-BAF9-4CA9-9D50-DDAD076216B4}
2012-02-18 17:46 - 2012-02-18 17:46 - 0000000 ____D C:\Qoobox
2012-02-18 17:44 - 2012-02-18 17:44 - 0000169 ____A C:\Users\Mike\Downloads\cfscript.txt
2012-02-18 12:57 - 2012-02-18 12:57 - 0000000 ____D C:\Users\Mike\Documents\Ulead DVD MovieFactory
2012-02-18 12:57 - 2012-02-18 12:57 - 0000000 ____D C:\Users\Mike\AppData\Roaming\Ulead Systems
2012-02-18 12:49 - 2011-06-28 06:04 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-02-18 12:49 - 2010-04-30 08:09 - 0818152 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-18 12:43 - 2008-05-27 10:48 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-18 12:01 - 2008-03-19 21:37 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-18 12:01 - 2008-03-19 21:37 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-18 11:58 - 2010-06-02 06:08 - 52550552 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-18 11:01 - 2011-07-12 04:24 - 0000000 ____D C:\Program Files\Motorola
2012-02-18 11:01 - 2011-04-29 11:17 - 0000000 ____D C:\Users\All Users\Sierra
2012-02-18 11:01 - 2011-04-29 11:17 - 0000000 ____D C:\ProgramData\Sierra
2012-02-18 11:01 - 2010-12-17 06:04 - 0000000 ____D C:\Program Files\Common Files\Eagletron
2012-02-18 10:57 - 2008-04-19 11:31 - 0000000 ____D C:\Users\Mike\AppData\LocalLow
2012-02-18 10:56 - 2011-10-12 03:53 - 0000000 ____D C:\Users\All Users\AVG2012
2012-02-18 10:56 - 2011-10-12 03:53 - 0000000 ____D C:\ProgramData\AVG2012
2012-02-18 10:54 - 2011-07-12 04:24 - 0000000 ____D C:\Program Files\Common Files\Motorola Shared
2012-02-18 10:54 - 2011-04-29 11:18 - 0000000 ____D C:\Program Files\Common Files\Sierra
2012-02-18 10:42 - 2012-02-18 10:42 - 0000000 ____D C:\Intel
2012-02-18 10:28 - 2011-12-16 12:51 - 0000000 ____D C:\Users\Mike\AppData\Roaming\BitZipper
2012-02-18 09:28 - 2012-02-18 09:28 - 0001082 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-18 08:58 - 2011-12-16 12:51 - 0000000 ____D C:\Users\All Users\WeCareReminder
2012-02-18 08:58 - 2011-12-16 12:51 - 0000000 ____D C:\ProgramData\WeCareReminder
2012-02-18 08:50 - 2012-02-18 08:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{77E5FF78-B997-4622-B9BF-5B71A3F1376D}
2012-02-18 08:50 - 2012-02-18 08:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{DC26F4C1-8358-433E-8D7B-BA45A237F2A0}
2012-02-18 04:02 - 2012-02-18 04:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{B3ACDF28-3BD0-4C83-8733-A291F802EF96}
2012-02-18 04:02 - 2012-02-16 16:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{C81D1AEC-EAF4-4B25-8734-9E84CAF3647E}
2012-02-17 16:54 - 2008-04-20 11:58 - 0033792 ____A C:\Users\Mike\Documents\CircuitBreakers.xls
2012-02-17 16:02 - 2012-02-17 16:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{4941C780-618C-47FB-ADFE-1BEA2D151B55}
2012-02-17 04:01 - 2012-02-17 04:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{5CB61C05-9ABE-4211-B252-49E3747216A6}
2012-02-16 16:01 - 2012-02-16 16:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{8E619F7A-C3AF-4A98-A96D-8F7FDF1BE158}
2012-02-16 08:12 - 2012-02-16 08:12 - 0000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-02-16 04:00 - 2012-02-16 04:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{8900A161-8521-41E7-BF3F-43A3C6646271}
2012-02-16 04:00 - 2012-02-16 04:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{1545D97E-4FC1-4E70-89D9-679A414D6409}
2012-02-15 13:39 - 2012-02-15 13:38 - 0000000 ____D C:\Users\Mike\AppData\Local\{0E63733E-21CD-4264-9C0C-70EA737BA0F1}
2012-02-15 13:38 - 2012-02-15 13:38 - 0000000 ____D C:\Users\Mike\AppData\Local\{62EDBD9D-22C6-429D-B7FC-2603BEAE31A1}
2012-02-15 01:38 - 2012-02-15 01:38 - 0000000 ____D C:\Users\Mike\AppData\Local\{960A7B3E-E7B1-436B-B8FE-98640E76E9F4}
2012-02-15 01:38 - 2012-02-14 13:37 - 0000000 ____D C:\Users\Mike\AppData\Local\{B0EC813E-CFF4-46C7-A034-5671023B8408}
2012-02-14 13:37 - 2012-02-14 13:37 - 0000000 ____D C:\Users\Mike\AppData\Local\{C6944C6A-5D9F-4CBF-A9D1-C7B7F1F156AE}
2012-02-13 22:13 - 2012-02-13 22:12 - 0000000 ____D C:\Users\Mike\AppData\Local\{75F345C4-753B-46F4-ABE3-566955CB1AF4}
2012-02-13 22:12 - 2012-01-26 09:58 - 0000000 ____D C:\Users\Mike\AppData\Local\{1BA8542A-D559-4F06-90F1-60C1A97514AB}
2012-02-13 10:12 - 2012-02-13 10:12 - 0000000 ____D C:\Users\Mike\AppData\Local\{223B71A0-02A7-4858-AFC1-A858B43F975F}
2012-02-12 22:11 - 2012-02-12 22:11 - 0000000 ____D C:\Users\Mike\AppData\Local\{D8DBDB79-ED04-45BC-B2C5-EA79E55B83F6}
2012-02-12 10:11 - 2012-02-12 10:11 - 0000000 ____D C:\Users\Mike\AppData\Local\{F173E388-0BC5-4B5B-B643-8B578C6E782A}
2012-02-11 22:10 - 2012-02-11 22:10 - 0000000 ____D C:\Users\Mike\AppData\Local\{20566B4D-CE62-4448-A46C-8E4C3F4EF9E7}
2012-02-11 10:10 - 2012-02-11 10:10 - 0000000 ____D C:\Users\Mike\AppData\Local\{B21D86A8-F6FB-46DB-8BD4-75E25CE7AB86}
2012-02-10 22:09 - 2012-02-10 22:09 - 0000000 ____D C:\Users\Mike\AppData\Local\{F963AB52-DB56-43B0-AEB2-E0EDE9E60C8D}
2012-02-10 10:09 - 2012-02-10 10:09 - 0000000 ____D C:\Users\Mike\AppData\Local\{45349407-4851-4A6B-B311-0ADB600D85AD}
2012-02-09 22:09 - 2012-02-09 22:09 - 0000000 ____D C:\Users\Mike\AppData\Local\{9E4EB32A-C404-44D5-8341-903E9EB20810}
2012-02-09 10:08 - 2012-02-09 10:08 - 0000000 ____D C:\Users\Mike\AppData\Local\{86B7BA6F-8396-41AA-97C5-0088F4A5DDD4}
2012-02-08 22:08 - 2012-02-08 22:08 - 0000000 ____D C:\Users\Mike\AppData\Local\{7D49DAA1-EAF6-4590-9C06-7D3D4354ABCD}
2012-02-08 10:08 - 2012-02-08 10:07 - 0000000 ____D C:\Users\Mike\AppData\Local\{13C14BFE-ED66-4598-B2FE-125F00387218}
2012-02-07 22:07 - 2012-02-07 22:07 - 0000000 ____D C:\Users\Mike\AppData\Local\{83C9F9DA-2088-4745-9643-950AC0C4092B}
2012-02-07 10:07 - 2012-02-07 10:07 - 0000000 ____D C:\Users\Mike\AppData\Local\{00A8C89B-1DAB-41AA-8622-4E3502ADE088}
2012-02-06 22:07 - 2012-02-06 22:06 - 0000000 ____D C:\Users\Mike\AppData\Local\{FD885E42-FE7B-4B9F-92DB-AB98AC55E31A}
2012-02-06 10:06 - 2012-02-06 10:06 - 0000000 ____D C:\Users\Mike\AppData\Local\{448C01D1-C7A7-4804-B8B1-9EF34E39A675}
2012-02-05 22:06 - 2012-02-05 22:06 - 0000000 ____D C:\Users\Mike\AppData\Local\{1933979C-F2F6-4691-B576-7D207A576728}
2012-02-05 10:05 - 2012-02-05 10:05 - 0000000 ____D C:\Users\Mike\AppData\Local\{080F944A-B97A-4BF9-A4A4-C08FFE90BA41}
2012-02-04 22:05 - 2012-02-04 22:05 - 0000000 ____D C:\Users\Mike\AppData\Local\{6EBC5230-5D47-42D5-956C-7A1B02A956CF}
2012-02-04 10:05 - 2012-02-04 10:04 - 0000000 ____D C:\Users\Mike\AppData\Local\{821BC5BC-1613-4104-8800-9CDDCB70319B}
2012-02-03 22:04 - 2012-02-03 22:04 - 0000000 ____D C:\Users\Mike\AppData\Local\{851B7486-A556-4F48-A9FF-6C0E6DA1EE59}
2012-02-03 10:04 - 2012-02-03 10:04 - 0000000 ____D C:\Users\Mike\AppData\Local\{79AF760F-E18E-4BE6-998B-1E129FCA0C29}
2012-02-02 22:04 - 2012-02-02 22:03 - 0000000 ____D C:\Users\Mike\AppData\Local\{0A90ECD8-62F9-44FF-B794-948607E229FA}
2012-02-02 10:03 - 2012-02-02 10:03 - 0000000 ____D C:\Users\Mike\AppData\Local\{828867CD-B98D-4694-960F-6B53474742B3}
2012-02-01 22:03 - 2012-02-01 22:03 - 0000000 ____D C:\Users\Mike\AppData\Local\{03013DBC-6FA8-48B7-9FC3-8989C3553C18}
2012-02-01 10:02 - 2012-02-01 10:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{E534C89B-4880-422B-AD96-A135789EDAD9}
2012-02-01 05:14 - 2011-10-12 03:55 - 0000946 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-01-31 22:02 - 2012-01-31 22:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{67147821-375D-46E3-8FBF-097CA4EC1024}
2012-01-31 10:02 - 2012-01-31 10:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{4BE7FFC8-BA5A-435A-9437-88FADC49C978}
2012-01-30 22:01 - 2012-01-30 22:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{F750FD8C-211C-4226-A282-CF8DBEE0944D}
2012-01-30 10:01 - 2012-01-30 10:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{812ADAC0-AAA3-45E2-B59E-4AB384AD236E}
2012-01-29 22:01 - 2012-01-29 22:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{DF4BF218-1618-4506-B511-4568EEDD5ECF}
2012-01-29 10:00 - 2012-01-29 10:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{EA1826FB-D5F9-4247-B1A9-948746317C37}
2012-01-28 22:00 - 2012-01-28 22:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{D0DD3D62-D838-4A8B-AC2F-6CB9D65F9158}
2012-01-28 10:00 - 2012-01-28 09:59 - 0000000 ____D C:\Users\Mike\AppData\Local\{D299CE7A-112F-4932-8C2F-34591A6B1C43}
2012-01-27 21:59 - 2012-01-27 21:59 - 0000000 ____D C:\Users\Mike\AppData\Local\{35E19A0B-4FA1-4787-A092-0B436108EFC9}
2012-01-27 09:59 - 2012-01-27 09:59 - 0000000 ____D C:\Users\Mike\AppData\Local\{46E2FDAB-0F2D-4480-BAF2-CADBFDBF4D78}
2012-01-26 21:58 - 2012-01-26 21:58 - 0000000 ____D C:\Users\Mike\AppData\Local\{1440D0CF-C926-4A51-ABC7-1A4529042F65}
2012-01-26 09:58 - 2012-01-26 09:58 - 0000000 ____D C:\Users\Mike\AppData\Local\{64763448-359F-42F8-9057-2DFCB6C782CD}
2012-01-25 17:49 - 2012-01-25 17:48 - 0000000 ____D C:\Users\Mike\AppData\Local\{FF2D9029-4418-4E0C-BFBB-9F8EBC9807E4}
2012-01-25 17:48 - 2012-01-16 14:45 - 0000000 ____D C:\Users\Mike\AppData\Local\{0A1B302A-26E8-445C-A4A7-9632392342DD}
2012-01-25 05:48 - 2012-01-25 05:48 - 0000000 ____D C:\Users\Mike\AppData\Local\{5A766810-BA53-4308-9E78-CAA46C193785}
2012-01-24 17:48 - 2012-01-24 17:48 - 0000000 ____D C:\Users\Mike\AppData\Local\{14514BBC-C9D4-4C6E-8E5E-4F7B1DCAAD4E}
2012-01-24 05:47 - 2012-01-24 05:47 - 0000000 ____D C:\Users\Mike\AppData\Local\{786B3DD9-4D93-4205-8FE7-2DF304AEEAB4}
2012-01-23 17:47 - 2012-01-23 17:47 - 0000000 ____D C:\Users\Mike\AppData\Local\{8ECFA53B-35BB-4C8A-B77F-E3982C32BD12}
2012-01-23 05:47 - 2012-01-23 05:46 - 0000000 ____D C:\Users\Mike\AppData\Local\{5E4FCD05-97A4-43CB-AEA1-87BC36AD742E}
2012-01-22 17:46 - 2012-01-22 17:46 - 0000000 ____D C:\Users\Mike\AppData\Local\{5A1A9095-1C5C-4655-BD2E-C0047749109F}
2012-01-22 05:46 - 2012-01-22 05:46 - 0000000 ____D C:\Users\Mike\AppData\Local\{8E3E1A7F-2AAB-449D-8DB8-986B65EB5DBE}
2012-01-21 17:45 - 2012-01-21 17:45 - 0000000 ____D C:\Users\Mike\AppData\Local\{A2D6BF8C-619B-421F-9BED-789A58C9E89C}
2012-01-21 05:45 - 2012-01-21 05:45 - 0000000 ____D C:\Users\Mike\AppData\Local\{CE3630CC-2F7D-4537-A96F-3C23DEB5464D}
2012-01-20 14:48 - 2012-01-20 14:48 - 0000000 ____D C:\Users\Mike\AppData\Local\{F73DA047-314A-437D-B554-544282DBABBF}
2012-01-20 02:48 - 2012-01-20 02:48 - 0000000 ____D C:\Users\Mike\AppData\Local\{CDA4DD6C-F5D6-4438-8CD3-B5029044B835}
2012-01-19 14:47 - 2012-01-19 14:47 - 0000000 ____D C:\Users\Mike\AppData\Local\{912B41AD-80BC-40E8-A490-BE44F746BC40}
2012-01-19 02:47 - 2012-01-19 02:47 - 0000000 ____D C:\Users\Mike\AppData\Local\{1424BBB9-D7B6-4112-B0E8-EC8674974671}
2012-01-18 14:47 - 2012-01-18 14:46 - 0000000 ____D C:\Users\Mike\AppData\Local\{0E2051BD-B5D3-4AA0-A32E-46AF9A9DC3B0}
2012-01-18 02:46 - 2012-01-18 02:46 - 0000000 ____D C:\Users\Mike\AppData\Local\{3A0D283D-17A7-4255-B49A-1D815191E46F}
2012-01-17 14:46 - 2012-01-17 14:46 - 0000000 ____D C:\Users\Mike\AppData\Local\{8FAF7CD5-BA7F-4E81-AF43-0662960EDFF7}
2012-01-17 06:07 - 2012-01-17 06:07 - 0226440 ____A C:\Users\Mike\Downloads\FW_ HEART ATTACK SLIDE SHOW - WORTH 45 SECONDS OF YOUR LIFE.eml
2012-01-17 02:46 - 2012-01-17 02:45 - 0000000 ____D C:\Users\Mike\AppData\Local\{8FDE3D62-EDFE-4036-BBD6-774050C2ED76}
2012-01-16 14:45 - 2012-01-16 14:45 - 0000000 ____D C:\Users\Mike\AppData\Local\{7E060EBE-3FDA-4D03-83DB-C143D5322B50}
2012-01-16 10:37 - 2012-01-16 10:37 - 1215528 ____A C:\Windows\Minidump\011612-40419-01.dmp
2012-01-16 02:45 - 2012-01-16 02:44 - 0000000 ____D C:\Users\Mike\AppData\Local\{713F124E-AED6-4065-86A2-D237372FE3BF}
2012-01-16 02:44 - 2012-01-12 02:40 - 0000000 ____D C:\Users\Mike\AppData\Local\{01DBE906-C286-48AF-AC2F-EE40F27C9344}
2012-01-15 14:44 - 2012-01-15 14:44 - 0000000 ____D C:\Users\Mike\AppData\Local\{10984A7B-B1B9-4F43-A943-0936BD2ED1E8}
2012-01-15 02:44 - 2012-01-15 02:44 - 0000000 ____D C:\Users\Mike\AppData\Local\{DE5D396D-251A-46E1-AC22-8E1CBB2BA104}
2012-01-15 02:44 - 2012-01-15 02:44 - 0000000 ____D C:\Users\Mike\AppData\Local\{8D83CC9D-6F1F-4771-9C95-6B59204B1B97}
2012-01-15 02:43 - 2012-01-15 02:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{0AAFA041-7610-4452-95F0-C1AB52D6E974}
2012-01-14 14:43 - 2012-01-14 14:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{34C79E8C-1273-4412-91E3-E9799180FEFF}
2012-01-14 14:43 - 2012-01-14 14:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{2598D7FA-112A-4109-B829-4DB10A68E431}
2012-01-14 02:43 - 2012-01-14 02:42 - 0000000 ____D C:\Users\Mike\AppData\Local\{CBC5AD86-F1F0-4067-AB7A-46978BC3B3E1}
2012-01-13 19:35 - 2012-02-18 11:53 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-13 14:42 - 2012-01-13 14:42 - 0000000 ____D C:\Users\Mike\AppData\Local\{3CA28D3F-FC75-4EE3-8EBB-5EAED916C045}
2012-01-13 02:42 - 2012-01-13 02:41 - 0000000 ____D C:\Users\Mike\AppData\Local\{DE4987DF-FD2B-4CB8-97E9-A9C2A60AF2E6}
2012-01-12 14:41 - 2012-01-12 14:41 - 0000000 ____D C:\Users\Mike\AppData\Local\{46EEB60E-7937-4904-B690-2EBE1F8095AB}
2012-01-12 02:41 - 2012-01-12 02:41 - 0000000 ____D C:\Users\Mike\AppData\Local\{74C51DBE-1AB0-4A4F-A203-6BC591AECBB6}
2012-01-11 12:55 - 2012-01-11 12:55 - 0000000 ____D C:\Users\Mike\AppData\Local\{150E9429-A472-4964-81AA-0846B374EB67}
2012-01-11 12:54 - 2012-01-10 12:53 - 0000000 ____D C:\Users\Mike\AppData\Local\{FB50B271-860F-4B20-804E-407601A7CB56}
2012-01-11 00:54 - 2012-01-11 00:54 - 0000000 ____D C:\Users\Mike\AppData\Local\{397493B8-566E-40F5-86CE-B632E960B4A6}
2012-01-10 12:54 - 2012-01-10 12:53 - 0000000 ____D C:\Users\Mike\AppData\Local\{A1C4B497-FE45-4DA0-91A1-0E6B90D578AB}
2012-01-10 00:53 - 2012-01-10 00:53 - 0000000 ____D C:\Users\Mike\AppData\Local\{9F7C8B53-3BFA-4DF9-BCEF-A60D2E2D0A3F}
2012-01-10 00:53 - 2012-01-10 00:52 - 0000000 ____D C:\Users\Mike\AppData\Local\{C2A002A2-13CF-48FF-B628-D13C954F6A61}
2012-01-10 00:52 - 2012-01-09 12:52 - 0000000 ____D C:\Users\Mike\AppData\Local\{F2E097A3-9E80-47F5-A6D3-B27F068C3AC8}
2012-01-09 12:52 - 2012-01-09 12:52 - 0000000 ____D C:\Users\Mike\AppData\Local\{FC60220C-095D-4F2D-94F6-E7F377D77557}
2012-01-08 12:05 - 2012-01-08 12:05 - 0000000 ____D C:\Users\Mike\AppData\Local\{EEDCF5F5-B9FF-4034-BCDD-9923054E8A0C}
2012-01-08 12:05 - 2012-01-08 12:05 - 0000000 ____D C:\Users\Mike\AppData\Local\{A73101A8-A5AB-4F3E-8DF7-A656B31690C2}
2012-01-08 12:05 - 2012-01-08 12:05 - 0000000 ____D C:\Users\Mike\AppData\Local\{5E198B23-C866-4DCB-A375-D377FE323003}
2012-01-08 12:05 - 2012-01-05 00:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{B9FBCFCB-EDE7-4487-9A83-984FDF046EF6}
2012-01-08 00:05 - 2012-01-08 00:04 - 0000000 ____D C:\Users\Mike\AppData\Local\{541ACAAA-8518-43C5-B04E-782DEE581668}
2012-01-08 00:04 - 2012-01-08 00:04 - 0000000 ____D C:\Users\Mike\AppData\Local\{80669F2F-BAB6-401C-B559-1D8137D333BD}
2012-01-08 00:04 - 2012-01-08 00:04 - 0000000 ____D C:\Users\Mike\AppData\Local\{78617FFF-704C-4C00-88F7-8D5A4262015D}
2012-01-07 12:04 - 2012-01-07 12:04 - 0000000 ____D C:\Users\Mike\AppData\Local\{C9A4BD20-88C9-417C-A041-19265AC98990}
2012-01-07 12:04 - 2012-01-07 12:04 - 0000000 ____D C:\Users\Mike\AppData\Local\{C08C494B-D63B-40D7-A70B-ACE702E255C7}
2012-01-07 12:03 - 2012-01-07 12:03 - 0000000 ____D C:\Users\Mike\AppData\Local\{C5519044-708C-4754-8443-D16F4B8A1B70}
2012-01-07 00:03 - 2012-01-07 00:03 - 0000000 ____D C:\Users\Mike\AppData\Local\{B84CF42A-2281-42CB-8630-794ABC1BA7DC}
2012-01-07 00:03 - 2012-01-07 00:03 - 0000000 ____D C:\Users\Mike\AppData\Local\{3DD66826-DC0B-4399-B1A1-8A0F173F887E}
2012-01-07 00:03 - 2012-01-07 00:03 - 0000000 ____D C:\Users\Mike\AppData\Local\{126A0E8C-3664-4554-97FA-3BAAA27713A0}
2012-01-06 12:03 - 2012-01-06 12:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{8B078DBE-3443-447D-9893-73E3813DE2A1}
2012-01-06 12:02 - 2012-01-06 12:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{FEA7E3B2-91B3-4F0F-B152-29089E2D342B}
2012-01-06 12:02 - 2012-01-06 12:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{C4600025-2D5C-46C7-9174-01C9C7AF8B91}
2012-01-06 00:02 - 2012-01-06 00:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{6C0FEC27-7BC2-4EFF-A4A3-8C837F6946B5}
2012-01-06 00:02 - 2012-01-06 00:02 - 0000000 ____D C:\Users\Mike\AppData\Local\{2966A1D0-1873-4503-BB4E-B439C9099536}
2012-01-06 00:02 - 2012-01-06 00:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{0F92C73C-C2B2-4DBA-B456-FE993F607410}
2012-01-05 12:01 - 2012-01-05 12:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{DD529B45-EF6E-4D9F-B0BC-290391338E99}
2012-01-05 12:01 - 2012-01-05 12:01 - 0000000 ____D C:\Users\Mike\AppData\Local\{01F313DB-7187-4D8F-8C3E-C029B2E9DFFC}
2012-01-05 01:20 - 2009-11-05 08:32 - 0002052 ___AH C:\Users\Mike\Documents\Default.rdp
2012-01-05 00:01 - 2012-01-05 00:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{9122EE38-4654-4BC8-A297-CE9529A18683}
2012-01-04 12:00 - 2012-01-04 12:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{FAE6379C-57C5-4A2D-93F1-35E3FBB088AD}
2012-01-04 12:00 - 2012-01-04 12:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{7CD2ECFA-A982-4B68-896C-DBC66F644B11}
2012-01-04 07:32 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\rescache
2012-01-04 02:18 - 2011-05-11 05:05 - 0006898 ____A C:\Windows\IE9_main.log
2012-01-04 02:17 - 2012-01-04 02:17 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-01-04 02:17 - 2012-01-04 02:17 - 0580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-01-04 02:17 - 2012-01-04 02:17 - 0353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-01-04 02:17 - 2012-01-04 02:17 - 0150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-01-04 02:17 - 2012-01-04 02:17 - 0142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-01-04 02:17 - 2012-01-04 02:17 - 0130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-01-04 02:17 - 2012-01-04 02:17 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-01-04 02:17 - 2012-01-04 02:17 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-01-04 02:17 - 2012-01-04 02:17 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-01-04 02:17 - 2012-01-04 02:17 - 0066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-01-04 02:17 - 2012-01-04 02:17 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-01-04 02:17 - 2012-01-04 02:17 - 0011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-01-04 02:17 - 2012-01-04 02:17 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-01-04 01:07 - 2008-03-19 21:39 - 0000000 ____D C:\Program Files\Microsoft.NET
2012-01-04 01:03 - 2008-07-01 12:30 - 0000000 ____D C:\Program Files\Microsoft SQL Server
2012-01-04 00:59 - 2012-02-27 12:45 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 00:58 - 2012-02-27 12:45 - 0442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-03 23:59 - 2012-01-03 23:59 - 0000000 ____D C:\Users\Mike\AppData\Local\{8E3D5AA7-2E87-48D4-BDEF-9BC58925161A}
2012-01-03 23:59 - 2011-12-31 11:55 - 0000000 ____D C:\Users\Mike\AppData\Local\{75F14B3F-8782-4514-998A-8E0D8751AEE7}
2012-01-03 11:59 - 2012-01-03 11:59 - 0000000 ____D C:\Users\Mike\AppData\Local\{4F168E41-8499-4C8E-8F1C-521E4E97275B}
2012-01-02 23:58 - 2012-01-02 23:58 - 0000000 ____D C:\Users\Mike\AppData\Local\{C4002AA6-92AD-4D9A-93EC-5A1D9E7FFB83}
2012-01-02 11:58 - 2012-01-02 11:57 - 0000000 ____D C:\Users\Mike\AppData\Local\{8422CA9D-1E9C-4156-A8BA-8DD89D7C4406}
2012-01-01 23:57 - 2012-01-01 23:57 - 0000000 ____D C:\Users\Mike\AppData\Local\{1A397BAF-51D6-44FE-B18B-F8B4F0C85526}
2012-01-01 11:57 - 2012-01-01 11:56 - 0000000 ____D C:\Users\Mike\AppData\Local\{6926551A-D644-49CF-8678-39D68C163A76}
2012-01-01 04:24 - 2012-01-01 04:24 - 0001352 __ASH C:\Users\Mike\AppData\Local\xpk64vn22kq6ilhpiwrg703053i2qqf716s20byhjg2
2012-01-01 04:24 - 2012-01-01 04:24 - 0001352 __ASH C:\Users\All Users\xpk64vn22kq6ilhpiwrg703053i2qqf716s20byhjg2
2012-01-01 04:24 - 2012-01-01 04:24 - 0001352 __ASH C:\ProgramData\xpk64vn22kq6ilhpiwrg703053i2qqf716s20byhjg2
2011-12-31 23:56 - 2011-12-31 23:56 - 0000000 ____D C:\Users\Mike\AppData\Local\{83E3FB8B-0398-4DF5-995C-AB3E97F6CC35}
2011-12-31 11:55 - 2011-12-31 11:55 - 0000000 ____D C:\Users\Mike\AppData\Local\{56D5E1FD-2F41-44DC-92BE-0DAAEDFD7557}
2011-12-30 23:54 - 2011-12-30 23:54 - 0000000 ____D C:\Users\Mike\AppData\Local\{DE3A0FEF-CE65-41C8-A0F4-DD042052FC19}
2011-12-30 23:54 - 2011-12-24 23:48 - 0000000 ____D C:\Users\Mike\AppData\Local\{69A15CE2-9B1C-4556-97AC-AC83AC204A27}
2011-12-30 11:54 - 2011-12-30 11:54 - 0000000 ____D C:\Users\Mike\AppData\Local\{33AFCDC1-B84F-4B94-A173-BDEB4F7BC4F7}
2011-12-29 23:53 - 2011-12-29 23:53 - 0000000 ____D C:\Users\Mike\AppData\Local\{CF6BA2A3-A87C-4922-B1B0-355AC48D8012}
2011-12-29 21:27 - 2012-02-27 12:45 - 0478720 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-29 11:52 - 2011-12-29 11:52 - 0000000 ____D C:\Users\Mike\AppData\Local\{0352654E-9907-4187-AE91-B71001613524}
2011-12-28 23:52 - 2011-12-28 23:52 - 0000000 ____D C:\Users\Mike\AppData\Local\{56CCE2A0-8130-447B-BA94-EF55D056175B}
2011-12-28 11:51 - 2011-12-28 11:51 - 0000000 ____D C:\Users\Mike\AppData\Local\{34F37E5D-360A-4A50-BF87-B874E10CC7B7}
2011-12-27 23:51 - 2011-12-27 23:51 - 0000000 ____D C:\Users\Mike\AppData\Local\{313CA412-6CA5-425D-B64D-261FC71BA34D}
2011-12-27 11:51 - 2011-12-27 11:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{6F45C340-2F8C-465E-B6E0-99580DF79D66}
2011-12-26 23:50 - 2011-12-26 23:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{F6A3F5B4-0B86-463C-8D2B-40A62C7B9DDD}
2011-12-26 11:50 - 2011-12-26 11:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{91681137-7188-4B32-A92D-E4910E381B3F}
2011-12-25 23:49 - 2011-12-25 23:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{88281653-DDBF-4FD6-9E38-613C21162A9F}
2011-12-25 11:49 - 2011-12-25 11:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{E58A7679-57D2-4C33-8FFD-998C83DDB2CF}
2011-12-24 23:49 - 2011-12-24 23:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{7D496AB7-72AC-40AF-9488-56BB4E5B46C8}
2011-12-24 23:48 - 2011-05-14 14:13 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2011-12-23 12:00 - 2011-12-23 12:00 - 0000000 ____D C:\Users\Mike\AppData\Local\{6CD35A13-83A6-4C79-9D8D-B8667BEB17E3}
2011-12-23 12:00 - 2011-12-17 11:55 - 0000000 ____D C:\Users\Mike\AppData\Local\{822E1BDB-82AB-4AD3-86E6-714C2568E32B}
2011-12-23 00:00 - 2011-12-22 23:59 - 0000000 ____D C:\Users\Mike\AppData\Local\{BE6D1A91-1CB1-40D7-98A3-19C3DA7CDC6A}
2011-12-22 11:59 - 2011-12-22 11:59 - 0000000 ____D C:\Users\Mike\AppData\Local\{84B65EE9-A935-4C38-93F4-DDD05456FBCA}
2011-12-21 23:59 - 2011-12-21 23:59 - 0000000 ____D C:\Users\Mike\AppData\Local\{B4BD7BA1-7475-4672-A817-B4B7CA9117B1}
2011-12-21 11:58 - 2011-12-21 11:58 - 0000000 ____D C:\Users\Mike\AppData\Local\{36C500D9-9AD7-460B-A9A0-0F8EA787D13C}
2011-12-20 23:58 - 2011-12-20 23:58 - 0000000 ____D C:\Users\Mike\AppData\Local\{B9154053-EBF5-4A06-85E5-E9A457AB5B76}
2011-12-20 11:58 - 2011-12-20 11:57 - 0000000 ____D C:\Users\Mike\AppData\Local\{AE4A8A72-0CD3-4480-87EA-7F3795256834}
2011-12-19 23:57 - 2011-12-19 23:57 - 0000000 ____D C:\Users\Mike\AppData\Local\{D0E6F0F2-B30C-483C-AD9F-D80648D5513E}
2011-12-19 11:57 - 2011-12-19 11:57 - 0000000 ____D C:\Users\Mike\AppData\Local\{EC9D7681-BF7F-4BD0-BA8B-529A7B9124B1}
2011-12-18 23:56 - 2011-12-18 23:56 - 0000000 ____D C:\Users\Mike\AppData\Local\{EBD9DA86-0215-45F5-B3A0-73729DFD275F}
2011-12-18 11:56 - 2011-12-18 11:56 - 0000000 ____D C:\Users\Mike\AppData\Local\{E77F1D8C-347C-4822-A84D-8DC34018E24D}
2011-12-17 23:56 - 2011-12-17 23:55 - 0000000 ____D C:\Users\Mike\AppData\Local\{16D7EA74-50F3-4DE1-AF98-5F0B62F24592}
2011-12-17 11:55 - 2011-12-17 11:55 - 0000000 ____D C:\Users\Mike\AppData\Local\{6B50DB87-55A3-4FBC-9296-C9822D841F13}
2011-12-16 23:55 - 2011-12-16 23:55 - 0000000 ____D C:\Users\Mike\AppData\Local\{74AD91B0-4369-4733-BE4A-249605757052}
2011-12-16 23:54 - 2011-12-15 11:53 - 0000000 ____D C:\Users\Mike\AppData\Local\{B4FA389C-4662-48ED-88C4-606351828F8A}
2011-12-16 12:45 - 2011-12-16 12:45 - 1547561 ____A C:\Users\Mike\Downloads\Stratego_src.rar
2011-12-16 11:54 - 2011-12-16 11:54 - 0000000 ____D C:\Users\Mike\AppData\Local\{09A84AA8-50EC-411F-A53D-0A2DB653D5EC}
2011-12-15 23:54 - 2011-12-15 23:54 - 0000000 ____D C:\Users\Mike\AppData\Local\{32253469-3A21-4759-B465-4ACC9B0B12BE}
2011-12-15 23:52 - 2012-02-27 12:45 - 0690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-15 11:54 - 2011-12-15 11:53 - 0000000 ____D C:\Users\Mike\AppData\Local\{912B2BC3-A755-4F00-8F31-DB75E3311E84}
2011-12-14 23:53 - 2011-12-14 23:53 - 0000000 ____D C:\Users\Mike\AppData\Local\{67E6DC70-D6CE-4CA4-9691-0E07E868F591}
2011-12-14 23:53 - 2011-12-11 23:52 - 0000000 ____D C:\Users\Mike\AppData\Local\{300EC5A1-B3AC-47F4-83F7-11CDF1320F90}
2011-12-14 11:52 - 2011-12-14 11:52 - 0000000 ____D C:\Users\Mike\AppData\Local\{989CFE24-AA69-411B-9814-18CA695BF972}
2011-12-13 19:30 - 2012-02-18 11:53 - 12282368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-13 19:10 - 2012-02-18 11:53 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-13 19:04 - 2012-02-18 11:53 - 1798656 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-13 18:57 - 2012-02-18 11:53 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-13 18:57 - 2012-02-18 11:53 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-13 18:56 - 2012-02-18 11:53 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-13 18:55 - 2012-02-18 11:53 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-13 18:54 - 2012-02-18 11:53 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-13 18:53 - 2012-02-18 11:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-13 18:52 - 2012-02-18 11:53 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-13 18:50 - 2012-02-18 11:53 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-13 18:50 - 2012-02-18 11:53 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-13 18:47 - 2012-02-18 11:53 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-13 11:54 - 2011-12-13 11:53 - 0000000 ____D C:\Users\Mike\AppData\Local\{CC2236F8-44B0-40E1-B926-2BBC1B654D0E}
2011-12-12 23:53 - 2011-12-12 23:53 - 0000000 ____D C:\Users\Mike\AppData\Local\{2504BF09-25C6-415B-B36B-B7A60B6E1BF9}
2011-12-12 11:53 - 2011-12-12 11:53 - 0000000 ____D C:\Users\Mike\AppData\Local\{06186628-A569-4CC2-9BA2-75112381D6D8}
2011-12-11 23:52 - 2011-12-11 23:52 - 0000000 ____D C:\Users\Mike\AppData\Local\{7CA478D3-DB29-40B9-BDB5-4816C6B9AB1A}
2011-12-11 14:40 - 2011-12-11 06:29 - 0000000 ____D C:\Users\Mike\AppData\Roaming\flightgear.org
2011-12-11 13:45 - 2008-03-19 22:23 - 0224068 ____A C:\Windows\DirectX.log
2011-12-11 11:53 - 2011-12-11 11:52 - 837056344 ____A C:\Users\Mike\Downloads\FSXDemo.exe
2011-12-11 11:51 - 2011-12-11 11:51 - 0000000 ____D C:\Users\Mike\AppData\Local\{6410CEFD-00BB-4BD6-8A1D-3503389EDC64}
2011-12-11 11:50 - 2011-11-14 19:53 - 0000000 ____D C:\Users\Mike\AppData\Local\{D67ED024-ECB1-43E7-94A4-0E2CE79996E7}
2011-12-11 06:36 - 2011-12-11 06:36 - 0000000 ____D C:\Users\Mike\AppData\Roaming\Subversion
2011-12-11 06:34 - 2011-12-11 06:34 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2011-12-11 01:38 - 2011-12-11 01:37 - 430701662 ____A (The FlightGear Team ) C:\Users\Mike\Downloads\Setup FlightGear 2.4.0.exe
2011-12-10 23:50 - 2011-12-10 23:50 - 0000000 ____D C:\Users\Mike\AppData\Local\{E83666FB-DCBE-4555-9886-E0DD8154B28F}
2011-12-10 12:24 - 2012-02-18 09:28 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-10 11:50 - 2011-12-10 11:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{25F18AE2-6153-4326-8ED1-156764E65EA5}
2011-12-09 23:49 - 2011-12-09 23:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{6AA6C602-1F6C-4EAD-8221-ECF23AC193C2}
2011-12-09 11:49 - 2011-12-09 11:49 - 0000000 ____D C:\Users\Mike\AppData\Local\{86E532AF-A302-44E0-95A0-3FB0FD2A6DDE}
2011-12-08 23:48 - 2011-12-08 23:48 - 0000000 ____D C:\Users\Mike\AppData\Local\{DCFD3541-D900-41DE-A114-8DF1017EB536}
2011-12-08 11:48 - 2011-12-08 11:48 - 0000000 ____D C:\Users\Mike\AppData\Local\{B283FCBD-7214-4AFA-9C55-8CDA26BAD706}
2011-12-07 23:48 - 2011-12-07 23:47 - 0000000 ____D C:\Users\Mike\AppData\Local\{3D175EA4-9F06-4C85-8A5F-035BD10C622F}
2011-12-07 11:47 - 2011-12-07 11:47 - 0000000 ____D C:\Users\Mike\AppData\Local\{5B390408-E4A9-4304-833D-B0F267970BC1}
2011-12-06 23:47 - 2011-12-06 23:47 - 0000000 ____D C:\Users\Mike\AppData\Local\{0FBCA85D-35F6-442A-9CAC-6D9375C87301}
2011-12-06 11:46 - 2011-12-06 11:46 - 0000000 ____D C:\Users\Mike\AppData\Local\{B33591BA-21FC-40B4-9BAE-4EC5580EC735}
2011-12-05 23:46 - 2011-12-05 23:46 - 0000000 ____D C:\Users\Mike\AppData\Local\{BB4E71E4-9701-4259-B743-0AC8037D64F4}
2011-12-05 11:46 - 2011-12-05 11:45 - 0000000 ____D C:\Users\Mike\AppData\Local\{1EAC095D-BBF2-42B9-9EF5-71C3DE3C622F}
2011-12-04 23:45 - 2011-12-04 23:45 - 0000000 ____D C:\Users\Mike\AppData\Local\{11F3A963-F39E-4DDA-9A90-B76EF66111B5}
2011-12-04 11:45 - 2011-12-04 11:44 - 0000000 ____D C:\Users\Mike\AppData\Local\{413AA13A-B13B-40F1-BE34-ABF3B72F0757}
2011-12-03 23:44 - 2011-12-03 23:44 - 0000000 ____D C:\Users\Mike\AppData\Local\{DE5B158C-B900-47B3-BC37-54B63C14BBFD}
2011-12-03 11:44 - 2011-12-03 11:44 - 0000000 ____D C:\Users\Mike\AppData\Local\{BFE09A62-D4F6-4F6A-9A69-133DB9D3B3C8}
2011-12-02 23:43 - 2011-12-02 23:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{13B9D15C-B7A2-43BA-B6C8-57699C9F13CD}
2011-12-02 11:43 - 2011-12-02 11:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{903E12C2-E154-4493-9045-26F21C984583}
2011-12-01 23:43 - 2011-12-01 23:43 - 0000000 ____D C:\Users\Mike\AppData\Local\{EC3A79DE-3B96-47AD-A164-F3056E47BB24}
2011-12-01 11:42 - 2011-12-01 11:42 - 0000000 ____D C:\Users\Mike\AppData\Local\{85AA90A3-0A64-4294-8497-0932EF166408}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3061.96 MB
Available physical RAM: 2609.23 MB
Total Pagefile: 3060.23 MB
Available Pagefile: 2610.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.31 MB

======================= Partitions =========================

1 Drive c: (SQ004661V06) (Fixed) (Total:231.42 GB) (Free:169.24 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS
4 Drive f: () (Removable) (Total:7.59 GB) (Free:7.59 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 7776 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 231 GB 1501 MB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SQ004661V06 NTFS Partition 231 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7776 MB 0 B

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-02-23 09:58

======================= End Of Log ==========================
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
I have reviewed your OTLPE log and your Farbar log.

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


P2P Warning!:

IMPORTANT I have noticed that there are signs of Limewire P2P (Peer to Peer) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Limewire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use Limewire until your computer is cleaned.


Step 1.

I see you have run ComboFix. Please post a copy of the log it produced. It is located at C:\ComboFix.txt. Please post this before going on to step 2. After posting continue with step 2 you do not need to wait on a response.


Step 2.

Download the enclosed file. Attached File fixlist.txt
Attached File  fixlist.txt   334bytes   115 downloads

Save it in the USB drive.

Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.

The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.


Step 3.

Boot into Normal Mode. Delete your current copy of ComboFix.

Download and Install a fresh copy of Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


Step 4.

Please post:

Old Combofix.txt (in first reply)
Fixlog.txt
New ComboFix.txt


Describe how the computer is running now.
  • 0

#9
mhk44

mhk44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The infected computer is no longer connected to the internet.

Limewire was uninstalled before.

Neither Combofix.exe nor Combofix.txt is on the infected laptop.

Ran FRST the fixlog follows:

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 27-02-2012
Ran by SYSTEM at 2012-02-28 22:29:12 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ScUninst Value deleted successfully.

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

I am running Combofix now, but it has been running for a very long time.
I will include its output in a later reply.
  • 0

#10
mhk44

mhk44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Combofix has not ended yet.

I received a windows popup message about XCACLS.

Task manager shows that the sw.xcacls.3xe is using cpu but no i/o... seems to be in a loop or hung up on something.

How should i terminate it?

What next?
  • 0

Advertisements


#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Just let it run. Please be patient. But if it stops progressing use task manager to stop it.

Then reboot the computer into safe mode and try to run ComboFix again.

Edited by CompCav, 29 February 2012 - 09:35 AM.

  • 0

#12
mhk44

mhk44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I went ahead and ended the swxcacls.3xe process and immediately received a rootkit warning.
You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult (Popop disappeared before I could type it all in).

Then another popup from Combofix:
Rootkit is detected
Be patient as this may take some moments (I pressed OK )

Another popup msg:
ComboFix has detected the presence of rootkit activity and needs to reboot the machine (I pressed OK)

Rebooted normally.

ComboFix was still running.
Received a popup message:
The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive?
I pressed yes.
ComboFix continued on for over an hour.

I had a totally black screen except for the ComboFix window.
There was i/o activity according to my laptop led, but no more info reporting in the ComboFix window.
ComboFix had last reported completing phases 1-50 and deleting some files and folders.

It was obviously hung, so I hit CTRL-ALT-DEL to get the Task Manager.
It showed that some AVG processes were running (Even though I had disabled AVG virus scanning.)

There were 2 CF8961.3XE and 1 REGT.3XE processes running but no activity. (Not sure of the names)
I terminated one of the CF8961 processes and my desktop returned to normal and AVG had intercepted a REGT virus.
I pressed ignore, but it was too late... ComboFix was gone and no logfile.

Apparently there is an advanced option to temporarily disable AVG, but only for a max of 15 minutes.

I had stopped the AVG antivirus by unchecking the box, but that apparently hadn't fully done the job.

Should I rerun ComboFix?
  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Step 1.

AVG Removal Tool

Go here

Download the removal tool for you system. 32 bit or 64 bit.

Run it to remove AVG. After this, please restart your computer.

We will reinstall it or an AV of your choice after we finish with ComboFix.

Step 2.

Delete your current copy of ComboFix on your desktop and download a fresh copy but save it as George.exe not Combofix.exe.

Then boot into safe mode and run "George.exe"

It will want to reboot again so be ready!

IMPORTANT!!
When it reboots please start tapping F8 to make it go back into safe mode to finish.

Once it finishes it will produce a txt file.

Reboot into normal mode and post the Combofix.txt file it produces.


As long as you see the hard drive light flickering it is running. Do not give up on it too soon this is a very difficult infection.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#14
mhk44

mhk44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 12-02-29.01 - Mike 02/29/2012 17:22:02.2.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3062.2215 [GMT -5:00]
Running from: c:\users\Mike\Desktop\George.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Mike\gamecopysoftwarev23.exe
c:\windows\$NtUninstallKB19770$
c:\windows\$NtUninstallKB19770$\601440171
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SydexFDD
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 22:36 . 2012-02-29 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-29 15:03 . 2012-02-29 22:39 -------- d-----w- c:\users\Mike\AppData\Local\temp
2012-02-28 15:24 . 2012-02-28 15:26 -------- d-----w- C:\FRST
2012-02-27 20:45 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-27 20:45 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-27 20:45 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-24 16:31 . 2012-02-27 20:41 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-02-24 16:30 . 2012-02-24 16:41 -------- d-----w- c:\programdata\Hitman Pro
2012-02-23 22:05 . 2012-02-23 22:32 -------- d-----w- c:\programdata\PC Tools
2012-02-18 20:57 . 2012-02-18 20:57 -------- d-----w- c:\users\Mike\AppData\Roaming\Ulead Systems
2012-02-18 18:42 . 2012-02-18 18:42 -------- d-----w- C:\Intel
2012-02-18 17:28 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 16:12 . 2012-02-16 16:12 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2012-02-16 16:12 . 2012-02-23 16:47 -------- d-----w- c:\programdata\Malwarebytes
2012-02-16 16:12 . 2012-02-20 11:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-04 22:23 . 2012-02-20 11:26 -------- d-----w- c:\program files\LastPass
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 10:17 . 2012-01-04 10:17 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-04 10:17 . 2012-01-04 10:17 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-04 10:17 . 2012-01-04 10:17 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-04 10:17 . 2012-01-04 10:17 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-04 10:17 . 2012-01-04 10:17 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-04 10:17 . 2012-01-04 10:17 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-04 10:17 . 2012-01-04 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-04 10:17 . 2012-01-04 10:17 367104 ----a-w- c:\windows\system32\html.iec
2012-01-04 10:17 . 2012-01-04 10:17 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-04 10:17 . 2012-01-04 10:17 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-04 10:17 . 2012-01-04 10:17 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-04 10:17 . 2012-01-04 10:17 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-04 10:17 . 2012-01-04 10:17 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-04 10:17 . 2012-01-04 10:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-04 10:17 . 2012-01-04 10:17 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-04 10:17 . 2012-01-04 10:17 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-04 10:17 . 2012-01-04 10:17 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-12-25 07:48 . 2011-05-14 22:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-07-04 430080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-21 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 807440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"OWCWebCamDV"="c:\windows\system\wcdvtray.exe" [2004-05-20 1056768]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-06-06 273544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-5-6 813584]
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2005-10-14 3719168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-02-21 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
2006-10-09 20:27 99856 ----a-w- c:\windows\System32\DPWLEvHd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2012-02-21 67664]
R1 SpNtDrv;SpNtDrv; [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 DVDRIVER;DVDRIVER;c:\windows\system32\DRIVERS\dvdriver.sys [2009-11-19 35016]
R2 Eagletron TrackerPod Service;Eagletron TrackerPod Service;c:\program files\Common Files\Eagletron\TrackerPodSvcSvr.exe [2010-04-16 137216]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 135664]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys [2004-05-11 212608]
R3 AVC3310F;AVC-3310/AVC-3610 USB Loader;c:\windows\system32\Drivers\avcuwfl2.sys [2005-10-31 18048]
R3 AvcUWil2;Adaptec AVC-3210/3310/3610 USB Device;c:\windows\system32\DRIVERS\avcuwil2.sys [2005-11-16 1461376]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\DRIVERS\dpK0Bx01.sys [2006-09-16 35584]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 135664]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2012-02-27 23624]
R3 ITSQS;ITSQS;c:\users\Mike\AppData\Local\Temp\ITSQS.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 ubloxusb;ubloxusb;c:\windows\system32\DRIVERS\ubloxusb.sys [2009-11-27 75264]
R3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [2006-09-16 47360]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-01 1343400]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-01-30 12672]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-02-21 116608]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgtdix
*Deregistered* - SASENUM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 15:12]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 15:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://ryansmarine.viewnetcam.com:50000/SysCamInst.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://68.15.12.110:8086/activex/AMC.cab
DPF: {FDAC3966-5DDA-4DE8-B936-14714E467426} - hxxp://173.164.248.35/viewer/common/audio.cab
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://68.15.12.110:8012/user/TSBnwCam.CAB
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
HKLM-Run-TaskTray - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(488)
c:\windows\DPPWDFLT.DLL
.
- - - - - - - > 'Explorer.exe'(660)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-02-29 17:45:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 22:45
.
Pre-Run: 185,676,406,784 bytes free
Post-Run: 184,959,549,440 bytes free
.
- - End Of File - - FBAA337303F0B92B0A22D43898070C57
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
How is the computer performing now?

Is your copy of AVG something you purchased or the free version?

CompCav
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP