Solved Help to remove trojan:win64/sirefef.y

[jack wetherill]

my computer has become infected with the trojan win64/sirefef.y from tumblr, I believe. I have a dell laptop running windows 7. mse finds a severe threat and a popup tells me that the computer will restart in 1 minute so this leaves me little time to try to solve the problem.

I managed to run a quick scan with malwarebytes and it removd one trojan but not the one causing the problems.

mse seems to tell me the problem file is windows/system32/services.exe

I have no idea how to solve this, so any help would be much appreciated.

thanks.

(I am currently on my ipad so any more posts from me will be made tomorrow when I have access to the main house computer)

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[jack wetherill]

thanks

Scan result of Farbar Recovery Scan Tool Version: 14-06-2012
Ran by SYSTEM at 15-06-2012 10:55:38
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-06-15] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3236432 2009-04-23] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1779952 2009-07-07] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2009-07-31] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2069344 2010-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Jack\...\Run: [EPSON SX130 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\Windows\TEMP\E_SA1BD.tmp" /EF "HKCU" [232448 2010-12-07] (SEIKO EPSON CORPORATION)
HKU\Jack\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-09] (Microsoft Corporation)
HKU\Mum\...\Run: [Google Update] "C:\Users\Mum\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-02] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: avgrssta.dll
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jack\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Jack\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Mum\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Other\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2010-10-13] (Adobe Systems)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 avg9emc; "C:\Program Files (x86)\AVG\AVG9\avgemc.exe" [921952 2010-07-23] (AVG Technologies CZ, s.r.o.)
2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2010-12-06] (AVG Technologies CZ, s.r.o.)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2009-09-21] (Macrovision Europe Ltd.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
2 yksvc; C:\Windows\System32\ykx64mpcoinst.dll [382464 2009-05-12] (Marvell)

========================== Drivers (Whitelisted) =============

1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2010-12-06] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35536 2010-06-02] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2010-07-15] (AVG Technologies CZ, s.r.o.)
3 ManyCam; C:\Windows\System32\DRIVERS\ManyCam_x64.sys [27136 2008-03-12] (ManyCam LLC.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 OA013Ufd; C:\Windows\System32\Drivers\OA013Ufd.sys [159840 2009-03-05] (Creative Technology Ltd.)
3 OA013Vid; C:\Windows\System32\Drivers\OA013Vid.sys [311456 2009-03-09] (Creative Technology Ltd.)
3 WsAudio_DeviceS(1); C:\Windows\System32\Drivers\WsAudio_DeviceS(1).sys [29288 2010-12-24] (Wondershare)
3 WsAudio_DeviceS(2); C:\Windows\System32\Drivers\WsAudio_DeviceS(2).sys [29288 2010-12-24] (Wondershare)
3 WsAudio_DeviceS(3); C:\Windows\System32\Drivers\WsAudio_DeviceS(3).sys [29288 2010-12-24] (Wondershare)
3 WsAudio_DeviceS(4); C:\Windows\System32\Drivers\WsAudio_DeviceS(4).sys [29288 2010-12-24] (Wondershare)
3 WsAudio_DeviceS(5); C:\Windows\System32\Drivers\WsAudio_DeviceS(5).sys [29288 2010-12-24] (Wondershare)
2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-06-24] (CyberLink Corp.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-15 10:55 - 2012-06-15 10:56 - 00000000 ____D C:\FRST
2012-06-14 10:14 - 2012-06-14 10:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{00BC807D-CAFE-49B7-A436-E86174847ED0}
2012-06-14 10:10 - 2012-06-14 10:10 - 00000000 ____D C:\Users\Jack\AppData\Local\{534C618D-2A61-467B-82B7-640EA71F162E}
2012-06-14 08:29 - 2012-06-14 08:29 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-14 08:29 - 2012-06-14 08:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{DEB70F73-3F2B-44BB-AA54-B8F85B643B00}
2012-06-14 08:29 - 2012-04-04 06:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-14 08:28 - 2012-06-14 08:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{A759F1A1-E3E7-4C1F-BD63-F67FD7D97683}
2012-06-14 08:03 - 2012-06-14 08:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{ECD864F4-CCCF-4CD5-BA36-42DAED119A97}
2012-06-14 07:59 - 2012-06-14 07:59 - 00000000 ____D C:\Users\Jack\AppData\Local\{A7B0610F-02F9-42F6-9689-36F095B3A951}
2012-06-14 03:38 - 2012-06-14 03:38 - 00000000 ____D C:\Users\Jack\AppData\Local\{B1B765EA-4771-42D3-A2DE-82E6902A236A}
2012-06-14 03:37 - 2012-06-14 03:38 - 00001272 ____A C:\Users\Jack\Desktop\shutdown.exe.lnk
2012-06-14 03:37 - 2012-06-14 03:37 - 00000000 ____D C:\Users\Jack\Desktop\New folder
2012-06-14 03:25 - 2012-06-14 03:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{0ABD97A0-84F9-4938-AD06-80650983A8CF}
2012-06-13 14:29 - 2012-06-13 14:29 - 00077593 ____A C:\PE-Files.txt
2012-06-13 14:28 - 2012-06-13 14:29 - 00077593 ____A C:\Win-Files.txt
2012-06-13 14:27 - 2012-06-13 14:27 - 00000000 ____D C:\Windows\Temporary Internet Files
2012-06-13 14:27 - 2012-06-13 14:27 - 00000000 ____D C:\Windows\History
2012-06-13 02:46 - 2012-06-13 02:46 - 00270936 ____A C:\Windows\Minidump\061312-25740-01.dmp
2012-06-13 02:42 - 2012-06-14 10:06 - 01368638 ____A C:\Windows\ntbtlog.txt
2012-06-13 02:12 - 2012-06-13 02:13 - 00000000 ____D C:\Users\Jack\AppData\Local\{0E83771D-B942-4A49-9904-7D5C31523A27}
2012-06-13 02:12 - 2012-06-13 02:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{5ECF4A85-FBC2-441D-BD48-3A8EE7B0FE47}
2012-06-13 01:57 - 2012-06-13 01:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{5DF70F82-BD01-47AF-833E-44575F52EFC1}
2012-06-13 01:57 - 2012-06-13 01:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{533A1839-9746-47EA-AE59-EB6DD2B86F63}
2012-06-13 01:19 - 2012-06-13 01:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-13 01:13 - 2012-06-13 01:13 - 12621696 ____A (Microsoft Corporation) C:\Users\Jack\Downloads\mseinstall(1).exe
2012-06-13 01:07 - 2012-04-19 22:22 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 01:07 - 2012-04-19 22:22 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-13 01:07 - 2012-04-19 22:21 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 01:07 - 2012-04-19 21:06 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 01:07 - 2012-04-19 21:06 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-13 01:07 - 2012-04-19 21:05 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 01:07 - 2012-04-16 21:38 - 00851968 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 01:07 - 2012-04-16 20:45 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 01:06 - 2012-05-14 19:56 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 01:06 - 2012-05-14 19:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 01:06 - 2012-05-14 19:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 01:06 - 2012-05-14 19:06 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 01:06 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 01:06 - 2012-05-01 21:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 01:06 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 01:06 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 01:06 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 01:06 - 2012-04-19 22:25 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 01:06 - 2012-04-19 22:25 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 01:06 - 2012-04-19 22:23 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-06-13 01:06 - 2012-04-19 22:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 01:06 - 2012-04-19 22:22 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-13 01:06 - 2012-04-19 22:22 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-13 01:06 - 2012-04-19 22:21 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 01:06 - 2012-04-19 22:21 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-13 01:06 - 2012-04-19 22:21 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-13 01:06 - 2012-04-19 22:21 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 01:06 - 2012-04-19 22:18 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-13 01:06 - 2012-04-19 21:07 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 01:06 - 2012-04-19 21:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 01:06 - 2012-04-19 21:06 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-06-13 01:06 - 2012-04-19 21:06 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 01:06 - 2012-04-19 21:06 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-06-13 01:06 - 2012-04-19 21:05 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 01:06 - 2012-04-19 21:05 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-06-13 01:06 - 2012-04-19 21:05 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-06-13 01:06 - 2012-04-19 21:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 01:06 - 2012-04-19 21:05 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-06-13 01:06 - 2012-04-19 21:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-06-13 01:06 - 2012-04-19 21:00 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-13 01:06 - 2012-04-19 20:15 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 01:06 - 2012-04-19 19:58 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-06-13 01:06 - 2012-04-19 19:24 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 01:05 - 2012-05-14 17:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 01:05 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 01:05 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 01:05 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 01:05 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 01:05 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 01:05 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 01:05 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 01:05 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 01:05 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 01:05 - 2012-04-07 04:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 01:05 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 00:50 - 2012-06-13 00:50 - 00000000 ____D C:\Users\Jack\AppData\Local\{99A897C3-69FA-4E08-9CCF-DA854FF5310A}
2012-06-13 00:50 - 2012-06-13 00:50 - 00000000 ____D C:\Users\Jack\AppData\Local\{594280D2-C354-47B5-A1D7-90B614669B32}
2012-06-12 14:01 - 2012-06-12 14:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{8CF1DCE0-2591-45EF-948D-8E88DC976824}
2012-06-12 14:00 - 2012-06-12 14:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{18367588-3635-4923-9767-AA926F01CE50}
2012-06-12 12:27 - 2012-06-12 12:27 - 00000000 ____D C:\Users\Jack\AppData\Local\{F572E958-301F-4AC8-AB50-29166173C5E0}
2012-06-12 12:27 - 2012-06-12 12:27 - 00000000 ____D C:\Users\Jack\AppData\Local\{CC215D5E-58D1-4F32-80FB-27D9A4F69DD6}
2012-06-12 03:58 - 2012-06-12 03:58 - 00000000 ____D C:\Users\Jack\AppData\Local\{E1C793A6-0912-4D82-80FE-07084A2DD228}
2012-06-12 03:58 - 2012-06-12 03:58 - 00000000 ____D C:\Users\Jack\AppData\Local\{9A2AA4CA-08FD-4AA1-AC5B-7C7296E87776}
2012-06-12 03:55 - 2012-06-13 02:45 - 343175767 ____A C:\Windows\MEMORY.DMP
2012-06-12 03:55 - 2012-06-12 03:56 - 00277600 ____A C:\Windows\Minidump\061212-31527-01.dmp
2012-06-12 03:07 - 2012-06-12 03:07 - 00000000 ____D C:\Users\Jack\AppData\Local\{B93FB8A8-AF3D-4FB8-94D8-AAD26CE46648}
2012-06-12 03:07 - 2012-06-12 03:07 - 00000000 ____D C:\Users\Jack\AppData\Local\{102D6629-6381-48E7-A96F-117C62EB5B90}
2012-06-12 02:31 - 2012-06-12 02:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{E2D866C8-E5F7-4555-B648-ED553A8E36D7}
2012-06-12 02:31 - 2012-06-12 02:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{187FF342-5E0B-426A-B433-FD3376A83895}
2012-06-11 01:48 - 2012-06-11 01:48 - 00000000 ____D C:\Users\Jack\AppData\Local\{CDA99E22-4A13-470D-ADD4-378FED60EF3E}
2012-06-11 01:47 - 2012-06-11 01:48 - 00000000 ____D C:\Users\Jack\AppData\Local\{B5DCCC88-A4E4-4CDF-AE22-553667C0BE18}
2012-06-11 00:34 - 2012-06-11 00:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{360348E3-3132-45FD-B826-ABF982E243E6}
2012-06-11 00:33 - 2012-06-11 00:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{BC79EFAC-C748-4BD3-9E99-5B11B0431F91}
2012-06-11 00:31 - 2012-06-11 00:31 - 00001024 ____A C:\Windows\PFRO.log
2012-06-10 04:19 - 2012-06-10 04:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{228EDDBC-61A4-40FF-9351-DF3CB96F05FB}
2012-06-10 04:18 - 2012-06-10 04:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{E64451C9-9492-4A32-BC10-8322BE5E8879}
2012-06-10 03:03 - 2012-06-10 03:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{70BBC7B5-F900-4FF7-8946-AC1D71B96FCC}
2012-06-10 03:03 - 2012-06-10 03:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{2EC7AFBC-D11A-4D18-94B9-21A2AC698A8C}
2012-06-09 09:13 - 2012-06-09 09:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{4B7E01C6-692F-4874-873A-E25F8E69BF52}
2012-06-09 09:12 - 2012-06-09 09:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{4B7DF642-5AF5-405A-8D3B-7DD7337238AD}
2012-06-09 09:05 - 2012-06-09 09:05 - 00000000 ____D C:\Users\Jack\AppData\Local\{EA51F30F-0096-4420-BA0A-A69D3916C885}
2012-06-09 09:04 - 2012-06-09 09:05 - 00000000 ____D C:\Users\Jack\AppData\Local\{DE132581-001A-4D75-95AE-E3616900836A}
2012-06-08 11:06 - 2012-06-08 11:06 - 00000000 ____D C:\Users\Jack\AppData\Local\{BDD35117-5F0F-45F9-A29D-DCA1F33FD717}
2012-06-08 11:06 - 2012-06-08 11:06 - 00000000 ____D C:\Users\Jack\AppData\Local\{8F64FC30-5F34-4B48-9A28-60449F0C222D}
2012-06-08 10:25 - 2012-06-08 10:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{F0386CE9-4888-434E-9783-0DAE8BBA60F9}
2012-06-08 10:24 - 2012-06-08 10:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{AA3F8317-E56F-4246-BAEC-3FF9ACEDC9CC}
2012-06-07 09:28 - 2012-06-07 09:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{054618AF-B62A-48EA-A7C9-77CB6C5C1F20}
2012-06-07 09:27 - 2012-06-07 09:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{934C2C06-BBB1-46BA-8CD3-052B3C978C77}
2012-06-07 05:16 - 2012-06-07 05:16 - 00000000 ____D C:\Users\Jack\AppData\Local\{DFA6B0E7-E637-4D9D-B807-ECDF4B7135FA}
2012-06-07 05:16 - 2012-06-07 05:16 - 00000000 ____D C:\Users\Jack\AppData\Local\{4C8D1CD4-061E-4093-BDFC-1436D0CEAB83}
2012-06-07 03:21 - 2012-06-07 03:21 - 00000000 ____D C:\Users\Jack\AppData\Local\{26AC9BA0-1C68-447C-A86E-421F5682C9FF}
2012-06-07 03:20 - 2012-06-07 03:20 - 00000000 ____D C:\Users\Jack\AppData\Local\{4E25D94A-66C9-4E77-969A-ADBB718859C5}
2012-06-07 03:08 - 2012-06-07 03:09 - 00000000 ____D C:\Users\Jack\AppData\Local\{34C05481-4664-4D1B-908E-0243A1C11652}
2012-06-07 03:08 - 2012-06-07 03:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{345A3137-E8E0-4935-9CD2-350E290DF4D1}
2012-06-06 03:15 - 2012-06-06 03:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{E343F509-3E61-40D5-B555-D002F75B93EC}
2012-06-06 03:14 - 2012-06-06 03:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{EA15BFBC-1CF4-4BA9-ACDD-F9D8F63E9FBD}
2012-06-06 03:04 - 2012-06-06 03:05 - 00000000 ____D C:\Users\Jack\AppData\Local\{A736C0D6-DFCD-401F-9C24-68E5D3CC8330}
2012-06-06 03:04 - 2012-06-06 03:04 - 00000000 ____D C:\Users\Jack\AppData\Local\{3928B458-2723-45FA-8B8F-42B546B30A9F}
2012-06-05 02:24 - 2012-06-05 02:24 - 00000000 ____D C:\Users\Jack\AppData\Local\{EB8DBCA2-F903-4D89-BF5D-361B484761AE}
2012-06-05 02:24 - 2012-06-05 02:24 - 00000000 ____D C:\Users\Jack\AppData\Local\{5527E846-E7FE-45A8-BADE-8C8DE1CE9CB8}
2012-06-05 02:19 - 2012-06-05 02:20 - 00000000 ____D C:\Users\Jack\AppData\Local\{9F9F4AD6-3BDF-42C4-99DF-EA254867F31E}
2012-06-05 02:19 - 2012-06-05 02:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{2708BE1B-E7A0-46FA-B34F-262BD5D580A4}
2012-06-04 07:10 - 2008-02-03 12:57 - 05423104 ____A C:\Windows\System32\tlpsplib10.dll
2012-06-04 07:08 - 2012-06-04 07:08 - 00000000 ____D C:\Program Files (x86)\Topaz Labs LLC
2012-06-04 05:33 - 2012-06-04 05:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{51F05BC1-2A99-494A-9F6A-DC786024FAD3}
2012-06-04 05:32 - 2012-06-04 05:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{FA803603-43D4-40F6-967B-3A922A8E30BF}
2012-06-04 05:29 - 2012-06-04 05:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{FD13F54B-7644-4372-AFD7-7F6585BE7F6B}
2012-06-04 05:29 - 2012-06-04 05:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{21F44884-E80B-4654-B7BD-1697CE4A4262}
2012-06-02 03:17 - 2012-06-02 03:17 - 00000000 ____D C:\Users\Jack\AppData\Local\{D4EF6367-D239-480E-AE77-F1B4A679D55D}
2012-06-02 03:17 - 2012-06-02 03:17 - 00000000 ____D C:\Users\Jack\AppData\Local\{59FE6A5D-2545-48F0-93E1-0B136723ED2F}
2012-06-02 02:40 - 2012-06-02 02:40 - 00000000 ____D C:\Users\Jack\AppData\Local\{C9B6731C-CE2E-49C2-9890-EBD922555D4A}
2012-06-02 02:39 - 2012-06-02 02:40 - 00000000 ____D C:\Users\Jack\AppData\Local\{FB6F08C6-7661-4FC1-9ED9-99BAE90CCC32}
2012-06-01 03:32 - 2012-06-01 03:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{652DBDA2-52BB-428B-B460-19BDC8823CB5}
2012-06-01 03:32 - 2012-06-01 03:32 - 00000000 ____D C:\Users\Jack\AppData\Local\{194A79A3-EBF2-45D0-A2EA-CDF127F9549C}
2012-06-01 02:50 - 2012-06-01 02:50 - 00000000 ____D C:\Users\Jack\AppData\Local\{D471582B-E4AE-4FF0-A442-E3316A637A23}
2012-06-01 02:49 - 2012-06-01 02:50 - 00000000 ____D C:\Users\Jack\AppData\Local\{6823CBD8-86DB-4C8A-85A4-E2FAAC0E17CC}
2012-06-01 02:46 - 2012-06-01 02:47 - 00000000 ____D C:\Users\Jack\AppData\Local\{6048D5DA-D752-4967-8386-B0DF724D4CF5}
2012-06-01 02:46 - 2012-06-01 02:46 - 00000000 ____D C:\Users\Jack\AppData\Local\{5B31B7F1-476C-4668-A512-2133D0516763}
2012-05-31 06:01 - 2012-05-31 06:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{5E413BC9-F17E-4C6B-84F5-9CB52A326F31}
2012-05-31 06:00 - 2012-05-31 06:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{419347AB-ADCD-4914-AF5F-3A98C658427C}
2012-05-31 01:25 - 2012-05-31 01:26 - 00000000 ____D C:\Users\Jack\AppData\Local\{0F51B525-D9EB-4F28-B717-C08399059EA8}
2012-05-31 01:25 - 2012-05-31 01:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{D624A29E-35E1-481B-AFF7-B7CF4C96A0B2}
2012-05-31 01:22 - 2012-05-31 01:22 - 00000000 ____D C:\Users\Jack\AppData\Local\{0EB14429-4E29-4048-9B63-E51B706187E6}
2012-05-30 03:27 - 2012-05-30 03:27 - 00000000 ____D C:\Users\Jack\AppData\Local\{0F7A5495-0397-48C2-94C0-117299DC36FF}
2012-05-30 03:27 - 2012-05-30 03:27 - 00000000 ____D C:\Users\Jack\AppData\Local\{038A9DFB-2FDD-495B-982B-05C048FB686B}
2012-05-30 02:11 - 2012-05-30 02:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{1BEF25E3-E9E6-43D4-8160-441277037CB0}
2012-05-30 02:11 - 2012-05-30 02:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{15842B3E-F474-4559-956C-93B032A72B3F}
2012-05-29 10:59 - 2012-05-29 11:00 - 00000000 ____D C:\Users\Jack\Documents\FORUMS
2012-05-29 01:55 - 2012-05-29 01:56 - 00000000 ____D C:\Users\Jack\AppData\Local\{63926CBB-0360-4FBE-A744-A6CDE4778F07}
2012-05-29 01:55 - 2012-05-29 01:55 - 00000000 ____D C:\Users\Jack\AppData\Local\{7FFCA015-DC74-4651-B6AE-3B977A81C140}
2012-05-29 01:33 - 2012-05-29 01:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{FE30BA98-2FA0-4A64-BBFA-9C2E32AAE64F}
2012-05-28 01:31 - 2012-05-28 01:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{98B3A6E4-F5AE-4ADA-A4A2-953D6BB0F2D1}
2012-05-28 01:31 - 2012-05-28 01:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{141822BB-D552-4E06-8862-CD39E1C2A62A}
2012-05-27 07:57 - 2012-05-27 07:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{99C0A456-86AE-44B2-9F1A-B795436AB3F0}
2012-05-27 07:56 - 2012-05-27 07:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{1E62CB97-B772-478F-8C10-13DDCE27D8B8}
2012-05-27 04:09 - 2012-05-27 04:09 - 00000000 ____D C:\Users\Jack\AppData\Local\{66E1F754-448F-4EA1-862A-FB84BC6BC70B}
2012-05-27 04:09 - 2012-05-27 04:09 - 00000000 ____D C:\Users\Jack\AppData\Local\{25F8A6F6-07EF-40A4-B7BA-75191C8C37E4}
2012-05-26 11:21 - 2012-05-26 11:21 - 00000000 ____D C:\Users\Jack\AppData\Local\{F2EBF340-2E33-4849-B5B8-4D853FF3FDB6}
2012-05-26 11:21 - 2012-05-26 11:21 - 00000000 ____D C:\Users\Jack\AppData\Local\{74F851A2-8099-48DE-8BA5-364C0EB0C4D5}
2012-05-26 03:08 - 2012-05-26 03:09 - 00000000 ____D C:\Users\Jack\AppData\Local\{181E7B4D-2CF9-4582-8979-A47336851586}
2012-05-26 03:08 - 2012-05-26 03:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{EB4CFDCC-B8D3-4392-B086-EDE7FF6C7655}
2012-05-26 02:14 - 2012-05-26 02:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{ADE87D5F-1FA3-4BD9-B5C6-72E6BF668C61}
2012-05-26 02:14 - 2012-05-26 02:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{9B68C50A-B9DB-41DF-A90B-B1B5E4591643}
2012-05-26 02:12 - 2012-06-14 10:12 - 00328666 ____A C:\Windows\setupact.log
2012-05-26 02:12 - 2012-05-26 02:12 - 00000000 ____A C:\Windows\setuperr.log
2012-05-25 05:19 - 2012-05-25 05:19 - 00001023 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-25 00:44 - 2012-05-25 00:45 - 00000000 ____D C:\Users\Jack\AppData\Local\{4375246A-59B3-4F33-AB0C-F6624A6007E3}
2012-05-25 00:44 - 2012-05-25 00:44 - 00000000 ____D C:\Users\Jack\AppData\Local\{0B53004A-3A82-444C-AF6B-B103767C4353}
2012-05-25 00:42 - 2012-05-25 00:42 - 00000000 ____D C:\Users\Jack\AppData\Local\{C2DCAE39-5BCD-4618-B124-47C778394A49}
2012-05-24 06:14 - 2012-05-24 06:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{F680F03C-97D4-4630-8175-C98462D990AF}
2012-05-24 06:14 - 2012-05-24 06:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{0D0ED071-DA00-4A72-A3A0-180AF96566D8}
2012-05-24 01:19 - 2012-05-24 01:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{CDA8CE12-5011-4FF6-80A8-F9ED4519B94E}
2012-05-24 01:19 - 2012-05-24 01:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{8BDC9D3B-C86D-485C-ABBB-F07430C9BDAC}
2012-05-24 01:11 - 2012-05-24 01:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{716EBF87-4865-4FB8-B175-F8CBFEF6D98D}
2012-05-24 01:11 - 2012-05-24 01:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{EF2541CF-B89B-4880-A4F6-D12CCFAFE13F}
2012-05-23 12:02 - 2012-05-23 12:02 - 00000000 ____D C:\Users\Jack\AppData\Local\{47F3D9FE-EF6C-45EB-8355-6EE884E98CDB}
2012-05-23 12:01 - 2012-05-23 12:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{54905808-61DA-4D44-8E84-5BB32EC2C787}
2012-05-23 03:33 - 2012-05-23 03:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{0DF3EB57-6C58-4222-BA79-F79E656908F9}
2012-05-23 03:32 - 2012-05-23 03:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{3639598E-8820-410F-B291-5DDF48EBA5E6}
2012-05-23 03:28 - 2012-05-23 03:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{519DF9F3-05C6-4030-B5A0-E108D8911931}
2012-05-23 03:27 - 2012-05-23 03:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{8F65CB25-92D6-4DC9-A905-6006D3C06332}
2012-05-22 00:03 - 2012-05-22 00:04 - 00000000 ____D C:\Users\Jack\AppData\Local\{2409FE97-88A1-4D95-BFDB-D61DCB1F482C}
2012-05-22 00:03 - 2012-05-22 00:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{50A1DD04-17D9-43DE-BD97-30CD2B9BB6AD}
2012-05-22 00:01 - 2012-05-22 00:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{E8B71A2B-0B2E-4A76-901E-E6DE02066F0E}
2012-05-22 00:01 - 2012-05-22 00:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{26778133-586F-47C1-A231-3950E077F6CD}
2012-05-21 10:25 - 2012-05-21 10:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{CD43AE50-EE05-4A7D-B79E-841502FD841E}
2012-05-21 04:34 - 2012-05-21 04:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{81466FA7-780A-4A1B-A069-3FD5E86B3320}
2012-05-21 04:34 - 2012-05-21 04:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{6EB0FD2E-C4E4-4DF0-9A56-3DF785320488}
2012-05-21 04:30 - 2012-05-21 04:30 - 00000000 ____D C:\Users\Jack\AppData\Local\{CBAF0C31-41AC-4C79-AC90-B1D2A5982E40}
2012-05-21 04:30 - 2012-05-21 04:30 - 00000000 ____D C:\Users\Jack\AppData\Local\{274F8154-732F-4E78-AE8F-1D13A5E843AF}
2012-05-20 08:48 - 2010-07-15 00:09 - 00000000 ____D C:\Users\Jack\Downloads\neoclassical
2012-05-20 06:23 - 2012-05-20 06:23 - 00000000 ____D C:\Users\Jack\AppData\Local\{82397CBB-6B6F-4AA1-81B5-E9056616D919}
2012-05-20 06:23 - 2012-05-20 06:23 - 00000000 ____D C:\Users\Jack\AppData\Local\{3FAD4CA0-1AE6-408B-9EE4-40863E4F190E}
2012-05-20 05:52 - 2012-05-20 05:52 - 00000000 ____D C:\Users\Jack\AppData\Local\{BC393EE9-0946-4DDA-B08E-0922367EEC2F}
2012-05-20 05:51 - 2012-05-20 05:52 - 00000000 ____D C:\Users\Jack\AppData\Local\{9E0A30BC-0159-4333-9FB9-1EB9DC2B6499}
2012-05-20 02:55 - 2012-05-20 02:55 - 00000000 ____D C:\Users\Jack\AppData\Local\{92902A1E-9C87-4021-BD0D-C6B856383DBE}
2012-05-20 02:54 - 2012-05-20 02:55 - 00000000 ____D C:\Users\Jack\AppData\Local\{E7EAC416-ACB9-40C4-890F-CE4B422A4641}
2012-05-19 05:59 - 2012-05-19 05:59 - 00000000 ____D C:\Users\Jack\AppData\Local\{EB2BD1B9-BC72-4151-8EC3-DACCCE3FB5EA}
2012-05-19 05:59 - 2012-05-19 05:59 - 00000000 ____D C:\Users\Jack\AppData\Local\{1BA08688-9FA2-412C-9420-0906384D073D}
2012-05-19 03:05 - 2012-05-19 03:05 - 00000000 ____D C:\Users\Jack\AppData\Local\{52D235FA-A8DF-4057-BF50-4E7EBBEC33B0}
2012-05-19 03:04 - 2012-05-19 03:04 - 00000000 ____D C:\Users\Jack\AppData\Local\{B79D15E7-2400-492B-AD98-C4EA1B3ECD4B}
2012-05-18 08:19 - 2012-05-18 08:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{B92F609D-3284-4446-9188-E4A2BA3047D3}
2012-05-18 08:18 - 2012-05-18 08:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{653B07EA-C450-47BA-9442-5066B8D09A8F}
2012-05-17 04:57 - 2012-05-17 04:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{C54F47EE-D662-4454-82C4-18ADD78E7A04}
2012-05-17 04:57 - 2012-05-17 04:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{ACA18F3B-68D8-40F1-9880-14C403A6DE27}
2012-05-17 04:56 - 2012-05-17 04:56 - 00000000 ____D C:\Users\Jack\AppData\Local\{C02BB7CD-9280-4353-A529-3D34B60F2039}
2012-05-17 04:55 - 2012-05-17 04:56 - 00000000 ____D C:\Users\Jack\AppData\Local\{B1EECAEF-1F8C-4B8D-92DC-108AE4A5BA4C}
2012-05-16 03:11 - 2012-05-16 03:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{99E02B08-B5AB-4E7A-8F92-76C25072B485}
2012-05-16 03:11 - 2012-05-16 03:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{615FC0C3-C0D2-4ABF-BDC9-6C0C3E2C37D1}
2012-05-16 02:34 - 2012-05-16 02:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{44FC259A-C545-4EF1-9E21-225258F85C0A}
2012-05-16 02:33 - 2012-05-16 02:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{BFF1479F-9CF5-44C3-8475-1DE394E04925}

============ 3 Months Modified Files and Folders =============

2012-06-15 10:56 - 2012-06-15 10:55 - 00000000 ____D C:\FRST
2012-06-14 10:15 - 2012-04-18 06:16 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-06-14 10:15 - 2011-03-27 08:55 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000UA.job
2012-06-14 10:15 - 2011-03-27 08:55 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000Core.job
2012-06-14 10:14 - 2012-06-14 10:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{00BC807D-CAFE-49B7-A436-E86174847ED0}
2012-06-14 10:13 - 2012-05-02 06:27 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Dropbox
2012-06-14 10:12 - 2012-05-26 02:12 - 00328666 ____A C:\Windows\setupact.log
2012-06-14 10:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-14 10:10 - 2012-06-14 10:10 - 00000000 ____D C:\Users\Jack\AppData\Local\{534C618D-2A61-467B-82B7-640EA71F162E}
2012-06-14 10:09 - 2012-05-02 06:31 - 00000000 ___RD C:\Users\Jack\Dropbox
2012-06-14 10:06 - 2012-06-13 02:42 - 01368638 ____A C:\Windows\ntbtlog.txt
2012-06-14 08:56 - 2009-07-13 20:45 - 02359272 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 08:44 - 2010-09-29 13:27 - 01898347 ____A C:\Windows\WindowsUpdate.log
2012-06-14 08:44 - 2009-07-13 21:13 - 00742140 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-14 08:29 - 2012-06-14 08:29 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-14 08:29 - 2012-06-14 08:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{DEB70F73-3F2B-44BB-AA54-B8F85B643B00}
2012-06-14 08:29 - 2012-06-14 08:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{A759F1A1-E3E7-4C1F-BD63-F67FD7D97683}
2012-06-14 08:29 - 2010-12-25 09:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-14 08:17 - 2012-04-02 02:12 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1004UA.job
2012-06-14 08:03 - 2012-06-14 08:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{ECD864F4-CCCF-4CD5-BA36-42DAED119A97}
2012-06-14 08:03 - 2012-04-13 01:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-14 07:59 - 2012-06-14 07:59 - 00000000 ____D C:\Users\Jack\AppData\Local\{A7B0610F-02F9-42F6-9689-36F095B3A951}
2012-06-14 05:06 - 2011-03-17 09:32 - 00000000 __SHD C:\found.001
2012-06-14 03:38 - 2012-06-14 03:38 - 00000000 ____D C:\Users\Jack\AppData\Local\{B1B765EA-4771-42D3-A2DE-82E6902A236A}
2012-06-14 03:38 - 2012-06-14 03:37 - 00001272 ____A C:\Users\Jack\Desktop\shutdown.exe.lnk
2012-06-14 03:37 - 2012-06-14 03:37 - 00000000 ____D C:\Users\Jack\Desktop\New folder
2012-06-14 03:25 - 2012-06-14 03:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{0ABD97A0-84F9-4938-AD06-80650983A8CF}
2012-06-14 03:25 - 2012-01-11 01:59 - 00000000 __SHD C:\Users\Jack\AppData\Local\{c791174a-e567-f19e-9677-adf66795fa27}
2012-06-13 14:33 - 2011-03-19 12:01 - 00000000 ____D C:\users\Administrator
2012-06-13 14:33 - 2010-10-12 10:12 - 00000000 ____D C:\users\Mum
2012-06-13 14:33 - 2010-01-17 11:16 - 00000000 ____D C:\users\Other
2012-06-13 14:33 - 2009-11-11 12:37 - 00000000 ____D C:\users\Jack
2012-06-13 14:29 - 2012-06-13 14:29 - 00077593 ____A C:\PE-Files.txt
2012-06-13 14:29 - 2012-06-13 14:28 - 00077593 ____A C:\Win-Files.txt
2012-06-13 14:27 - 2012-06-13 14:27 - 00000000 ____D C:\Windows\Temporary Internet Files
2012-06-13 14:27 - 2012-06-13 14:27 - 00000000 ____D C:\Windows\History
2012-06-13 03:25 - 2010-01-17 11:17 - 00117424 ____A C:\Users\Other\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-13 03:24 - 2010-07-02 07:02 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Skype
2012-06-13 02:46 - 2012-06-13 02:46 - 00270936 ____A C:\Windows\Minidump\061312-25740-01.dmp
2012-06-13 02:46 - 2010-07-16 09:20 - 00000000 ____D C:\Windows\Minidump
2012-06-13 02:45 - 2012-06-12 03:55 - 343175767 ____A C:\Windows\MEMORY.DMP
2012-06-13 02:13 - 2012-06-13 02:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{0E83771D-B942-4A49-9904-7D5C31523A27}
2012-06-13 02:12 - 2012-06-13 02:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{5ECF4A85-FBC2-441D-BD48-3A8EE7B0FE47}
2012-06-13 01:57 - 2012-06-13 01:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{5DF70F82-BD01-47AF-833E-44575F52EFC1}
2012-06-13 01:57 - 2012-06-13 01:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{533A1839-9746-47EA-AE59-EB6DD2B86F63}
2012-06-13 01:22 - 2010-12-28 04:16 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-13 01:20 - 2012-06-13 01:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-13 01:20 - 2010-12-28 04:16 - 00741920 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-13 01:19 - 2010-12-25 09:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-13 01:13 - 2012-06-13 01:13 - 12621696 ____A (Microsoft Corporation) C:\Users\Jack\Downloads\mseinstall(1).exe
2012-06-13 01:05 - 2010-03-30 11:15 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-13 00:51 - 2009-11-11 12:35 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-13 00:51 - 2009-11-11 12:35 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-13 00:50 - 2012-06-13 00:50 - 00000000 ____D C:\Users\Jack\AppData\Local\{99A897C3-69FA-4E08-9CCF-DA854FF5310A}
2012-06-13 00:50 - 2012-06-13 00:50 - 00000000 ____D C:\Users\Jack\AppData\Local\{594280D2-C354-47B5-A1D7-90B614669B32}
2012-06-12 15:43 - 2011-10-04 09:38 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000UA.job
2012-06-12 14:01 - 2012-06-12 14:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{8CF1DCE0-2591-45EF-948D-8E88DC976824}
2012-06-12 14:01 - 2012-06-12 14:00 - 00000000 ____D C:\Users\Jack\AppData\Local\{18367588-3635-4923-9767-AA926F01CE50}
2012-06-12 12:27 - 2012-06-12 12:27 - 00000000 ____D C:\Users\Jack\AppData\Local\{F572E958-301F-4AC8-AB50-29166173C5E0}
2012-06-12 12:27 - 2012-06-12 12:27 - 00000000 ____D C:\Users\Jack\AppData\Local\{CC215D5E-58D1-4F32-80FB-27D9A4F69DD6}
2012-06-12 12:10 - 2009-10-13 10:04 - 00000000 ____D C:\Users\Jack\AppData\Roaming\FileZilla
2012-06-12 09:43 - 2011-10-04 09:38 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000Core.job
2012-06-12 03:58 - 2012-06-12 03:58 - 00000000 ____D C:\Users\Jack\AppData\Local\{E1C793A6-0912-4D82-80FE-07084A2DD228}
2012-06-12 03:58 - 2012-06-12 03:58 - 00000000 ____D C:\Users\Jack\AppData\Local\{9A2AA4CA-08FD-4AA1-AC5B-7C7296E87776}
2012-06-12 03:56 - 2012-06-12 03:55 - 00277600 ____A C:\Windows\Minidump\061212-31527-01.dmp
2012-06-12 03:18 - 2011-03-27 08:57 - 00002404 ____A C:\Users\Jack\Desktop\Google Chrome.lnk
2012-06-12 03:07 - 2012-06-12 03:07 - 00000000 ____D C:\Users\Jack\AppData\Local\{B93FB8A8-AF3D-4FB8-94D8-AAD26CE46648}
2012-06-12 03:07 - 2012-06-12 03:07 - 00000000 ____D C:\Users\Jack\AppData\Local\{102D6629-6381-48E7-A96F-117C62EB5B90}
2012-06-12 02:31 - 2012-06-12 02:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{E2D866C8-E5F7-4555-B648-ED553A8E36D7}
2012-06-12 02:31 - 2012-06-12 02:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{187FF342-5E0B-426A-B433-FD3376A83895}
2012-06-11 08:47 - 2012-04-13 01:37 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-11 08:47 - 2011-05-17 09:07 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-11 05:21 - 2010-05-28 06:17 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Audacity
2012-06-11 02:17 - 2012-04-02 02:12 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1004Core.job
2012-06-11 01:48 - 2012-06-11 01:48 - 00000000 ____D C:\Users\Jack\AppData\Local\{CDA99E22-4A13-470D-ADD4-378FED60EF3E}
2012-06-11 01:48 - 2012-06-11 01:47 - 00000000 ____D C:\Users\Jack\AppData\Local\{B5DCCC88-A4E4-4CDF-AE22-553667C0BE18}
2012-06-11 00:34 - 2012-06-11 00:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{360348E3-3132-45FD-B826-ABF982E243E6}
2012-06-11 00:34 - 2012-06-11 00:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{BC79EFAC-C748-4BD3-9E99-5B11B0431F91}
2012-06-11 00:31 - 2012-06-11 00:31 - 00001024 ____A C:\Windows\PFRO.log
2012-06-10 13:50 - 2009-09-16 01:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-10 13:49 - 2009-11-11 13:43 - 00000000 ____D C:\Program Files (x86)\CyberLink
2012-06-10 13:49 - 2009-09-21 08:48 - 00000000 ____D C:\Users\All Users\CyberLink
2012-06-10 04:19 - 2012-06-10 04:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{228EDDBC-61A4-40FF-9351-DF3CB96F05FB}
2012-06-10 04:19 - 2012-06-10 04:18 - 00000000 ____D C:\Users\Jack\AppData\Local\{E64451C9-9492-4A32-BC10-8322BE5E8879}
2012-06-10 03:03 - 2012-06-10 03:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{70BBC7B5-F900-4FF7-8946-AC1D71B96FCC}
2012-06-10 03:03 - 2012-06-10 03:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{2EC7AFBC-D11A-4D18-94B9-21A2AC698A8C}
2012-06-09 09:14 - 2012-06-09 09:13 - 00000000 ____D C:\Users\Jack\AppData\Local\{4B7E01C6-692F-4874-873A-E25F8E69BF52}
2012-06-09 09:12 - 2012-06-09 09:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{4B7DF642-5AF5-405A-8D3B-7DD7337238AD}
2012-06-09 09:05 - 2012-06-09 09:05 - 00000000 ____D C:\Users\Jack\AppData\Local\{EA51F30F-0096-4420-BA0A-A69D3916C885}
2012-06-09 09:05 - 2012-06-09 09:04 - 00000000 ____D C:\Users\Jack\AppData\Local\{DE132581-001A-4D75-95AE-E3616900836A}
2012-06-08 11:06 - 2012-06-08 11:06 - 00000000 ____D C:\Users\Jack\AppData\Local\{BDD35117-5F0F-45F9-A29D-DCA1F33FD717}
2012-06-08 11:06 - 2012-06-08 11:06 - 00000000 ____D C:\Users\Jack\AppData\Local\{8F64FC30-5F34-4B48-9A28-60449F0C222D}
2012-06-08 10:25 - 2012-06-08 10:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{F0386CE9-4888-434E-9783-0DAE8BBA60F9}
2012-06-08 10:25 - 2012-06-08 10:24 - 00000000 ____D C:\Users\Jack\AppData\Local\{AA3F8317-E56F-4246-BAEC-3FF9ACEDC9CC}
2012-06-07 09:28 - 2012-06-07 09:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{054618AF-B62A-48EA-A7C9-77CB6C5C1F20}
2012-06-07 09:28 - 2012-06-07 09:27 - 00000000 ____D C:\Users\Jack\AppData\Local\{934C2C06-BBB1-46BA-8CD3-052B3C978C77}
2012-06-07 05:16 - 2012-06-07 05:16 - 00000000 ____D C:\Users\Jack\AppData\Local\{DFA6B0E7-E637-4D9D-B807-ECDF4B7135FA}
2012-06-07 05:16 - 2012-06-07 05:16 - 00000000 ____D C:\Users\Jack\AppData\Local\{4C8D1CD4-061E-4093-BDFC-1436D0CEAB83}
2012-06-07 03:21 - 2012-06-07 03:21 - 00000000 ____D C:\Users\Jack\AppData\Local\{26AC9BA0-1C68-447C-A86E-421F5682C9FF}
2012-06-07 03:20 - 2012-06-07 03:20 - 00000000 ____D C:\Users\Jack\AppData\Local\{4E25D94A-66C9-4E77-969A-ADBB718859C5}
2012-06-07 03:09 - 2012-06-07 03:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{34C05481-4664-4D1B-908E-0243A1C11652}
2012-06-07 03:08 - 2012-06-07 03:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{345A3137-E8E0-4935-9CD2-350E290DF4D1}
2012-06-06 03:15 - 2012-06-06 03:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{E343F509-3E61-40D5-B555-D002F75B93EC}
2012-06-06 03:15 - 2012-06-06 03:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{EA15BFBC-1CF4-4BA9-ACDD-F9D8F63E9FBD}
2012-06-06 03:05 - 2012-06-06 03:04 - 00000000 ____D C:\Users\Jack\AppData\Local\{A736C0D6-DFCD-401F-9C24-68E5D3CC8330}
2012-06-06 03:04 - 2012-06-06 03:04 - 00000000 ____D C:\Users\Jack\AppData\Local\{3928B458-2723-45FA-8B8F-42B546B30A9F}
2012-06-05 02:24 - 2012-06-05 02:24 - 00000000 ____D C:\Users\Jack\AppData\Local\{EB8DBCA2-F903-4D89-BF5D-361B484761AE}
2012-06-05 02:24 - 2012-06-05 02:24 - 00000000 ____D C:\Users\Jack\AppData\Local\{5527E846-E7FE-45A8-BADE-8C8DE1CE9CB8}
2012-06-05 02:20 - 2012-06-05 02:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{9F9F4AD6-3BDF-42C4-99DF-EA254867F31E}
2012-06-05 02:19 - 2012-06-05 02:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{2708BE1B-E7A0-46FA-B34F-262BD5D580A4}
2012-06-04 07:08 - 2012-06-04 07:08 - 00000000 ____D C:\Program Files (x86)\Topaz Labs LLC

 

[jack wetherill]

2012-06-04 05:34 - 2012-06-04 05:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{51F05BC1-2A99-494A-9F6A-DC786024FAD3}
2012-06-04 05:33 - 2012-06-04 05:32 - 00000000 ____D C:\Users\Jack\AppData\Local\{FA803603-43D4-40F6-967B-3A922A8E30BF}
2012-06-04 05:29 - 2012-06-04 05:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{FD13F54B-7644-4372-AFD7-7F6585BE7F6B}
2012-06-04 05:29 - 2012-06-04 05:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{21F44884-E80B-4654-B7BD-1697CE4A4262}
2012-06-02 07:15 - 2010-12-23 04:10 - 00000000 ____D C:\Users\Jack\Documents\WEBSITES
2012-06-02 03:17 - 2012-06-02 03:17 - 00000000 ____D C:\Users\Jack\AppData\Local\{D4EF6367-D239-480E-AE77-F1B4A679D55D}
2012-06-02 03:17 - 2012-06-02 03:17 - 00000000 ____D C:\Users\Jack\AppData\Local\{59FE6A5D-2545-48F0-93E1-0B136723ED2F}
2012-06-02 02:40 - 2012-06-02 02:40 - 00000000 ____D C:\Users\Jack\AppData\Local\{C9B6731C-CE2E-49C2-9890-EBD922555D4A}
2012-06-02 02:40 - 2012-06-02 02:39 - 00000000 ____D C:\Users\Jack\AppData\Local\{FB6F08C6-7661-4FC1-9ED9-99BAE90CCC32}
2012-06-01 03:33 - 2012-06-01 03:32 - 00000000 ____D C:\Users\Jack\AppData\Local\{652DBDA2-52BB-428B-B460-19BDC8823CB5}
2012-06-01 03:32 - 2012-06-01 03:32 - 00000000 ____D C:\Users\Jack\AppData\Local\{194A79A3-EBF2-45D0-A2EA-CDF127F9549C}
2012-06-01 02:50 - 2012-06-01 02:50 - 00000000 ____D C:\Users\Jack\AppData\Local\{D471582B-E4AE-4FF0-A442-E3316A637A23}
2012-06-01 02:50 - 2012-06-01 02:49 - 00000000 ____D C:\Users\Jack\AppData\Local\{6823CBD8-86DB-4C8A-85A4-E2FAAC0E17CC}
2012-06-01 02:47 - 2012-06-01 02:46 - 00000000 ____D C:\Users\Jack\AppData\Local\{6048D5DA-D752-4967-8386-B0DF724D4CF5}
2012-06-01 02:46 - 2012-06-01 02:46 - 00000000 ____D C:\Users\Jack\AppData\Local\{5B31B7F1-476C-4668-A512-2133D0516763}
2012-05-31 06:01 - 2012-05-31 06:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{5E413BC9-F17E-4C6B-84F5-9CB52A326F31}
2012-05-31 06:01 - 2012-05-31 06:00 - 00000000 ____D C:\Users\Jack\AppData\Local\{419347AB-ADCD-4914-AF5F-3A98C658427C}
2012-05-31 03:41 - 2011-02-11 12:15 - 00000000 ____D C:\Users\Jack\AppData\Roaming\vlc
2012-05-31 01:26 - 2012-05-31 01:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{0F51B525-D9EB-4F28-B717-C08399059EA8}
2012-05-31 01:25 - 2012-05-31 01:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{D624A29E-35E1-481B-AFF7-B7CF4C96A0B2}
2012-05-31 01:22 - 2012-05-31 01:22 - 00000000 ____D C:\Users\Jack\AppData\Local\{0EB14429-4E29-4048-9B63-E51B706187E6}
2012-05-30 03:27 - 2012-05-30 03:27 - 00000000 ____D C:\Users\Jack\AppData\Local\{0F7A5495-0397-48C2-94C0-117299DC36FF}
2012-05-30 03:27 - 2012-05-30 03:27 - 00000000 ____D C:\Users\Jack\AppData\Local\{038A9DFB-2FDD-495B-982B-05C048FB686B}
2012-05-30 02:11 - 2012-05-30 02:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{1BEF25E3-E9E6-43D4-8160-441277037CB0}
2012-05-30 02:11 - 2012-05-30 02:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{15842B3E-F474-4559-956C-93B032A72B3F}
2012-05-29 11:00 - 2012-05-29 10:59 - 00000000 ____D C:\Users\Jack\Documents\FORUMS
2012-05-29 01:56 - 2012-05-29 01:55 - 00000000 ____D C:\Users\Jack\AppData\Local\{63926CBB-0360-4FBE-A744-A6CDE4778F07}
2012-05-29 01:55 - 2012-05-29 01:55 - 00000000 ____D C:\Users\Jack\AppData\Local\{7FFCA015-DC74-4651-B6AE-3B977A81C140}
2012-05-29 01:33 - 2012-05-29 01:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{FE30BA98-2FA0-4A64-BBFA-9C2E32AAE64F}
2012-05-28 01:31 - 2012-05-28 01:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{98B3A6E4-F5AE-4ADA-A4A2-953D6BB0F2D1}
2012-05-28 01:31 - 2012-05-28 01:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{141822BB-D552-4E06-8862-CD39E1C2A62A}
2012-05-27 07:57 - 2012-05-27 07:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{99C0A456-86AE-44B2-9F1A-B795436AB3F0}
2012-05-27 07:57 - 2012-05-27 07:56 - 00000000 ____D C:\Users\Jack\AppData\Local\{1E62CB97-B772-478F-8C10-13DDCE27D8B8}
2012-05-27 04:09 - 2012-05-27 04:09 - 00000000 ____D C:\Users\Jack\AppData\Local\{66E1F754-448F-4EA1-862A-FB84BC6BC70B}
2012-05-27 04:09 - 2012-05-27 04:09 - 00000000 ____D C:\Users\Jack\AppData\Local\{25F8A6F6-07EF-40A4-B7BA-75191C8C37E4}
2012-05-26 11:21 - 2012-05-26 11:21 - 00000000 ____D C:\Users\Jack\AppData\Local\{F2EBF340-2E33-4849-B5B8-4D853FF3FDB6}
2012-05-26 11:21 - 2012-05-26 11:21 - 00000000 ____D C:\Users\Jack\AppData\Local\{74F851A2-8099-48DE-8BA5-364C0EB0C4D5}
2012-05-26 03:09 - 2012-05-26 03:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{181E7B4D-2CF9-4582-8979-A47336851586}
2012-05-26 03:08 - 2012-05-26 03:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{EB4CFDCC-B8D3-4392-B086-EDE7FF6C7655}
2012-05-26 02:16 - 2012-05-02 06:31 - 00001022 ____A C:\Users\Jack\Desktop\Dropbox.lnk
2012-05-26 02:14 - 2012-05-26 02:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{ADE87D5F-1FA3-4BD9-B5C6-72E6BF668C61}
2012-05-26 02:14 - 2012-05-26 02:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{9B68C50A-B9DB-41DF-A90B-B1B5E4591643}
2012-05-26 02:12 - 2012-05-26 02:12 - 00000000 ____A C:\Windows\setuperr.log
2012-05-25 05:38 - 2011-07-19 05:37 - 00000000 ____D C:\Users\Jack\AppData\Roaming\uTorrent
2012-05-25 05:32 - 2009-11-11 20:32 - 00000000 ____D C:\Windows\Panther
2012-05-25 05:19 - 2012-05-25 05:19 - 00001023 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-25 05:19 - 2010-09-15 08:39 - 00000000 ____D C:\Program Files (x86)\CCleaner
2012-05-25 05:04 - 2009-11-11 13:12 - 00117424 ____A C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-25 00:45 - 2012-05-25 00:44 - 00000000 ____D C:\Users\Jack\AppData\Local\{4375246A-59B3-4F33-AB0C-F6624A6007E3}
2012-05-25 00:44 - 2012-05-25 00:44 - 00000000 ____D C:\Users\Jack\AppData\Local\{0B53004A-3A82-444C-AF6B-B103767C4353}
2012-05-25 00:42 - 2012-05-25 00:42 - 00000000 ____D C:\Users\Jack\AppData\Local\{C2DCAE39-5BCD-4618-B124-47C778394A49}
2012-05-24 06:14 - 2012-05-24 06:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{F680F03C-97D4-4630-8175-C98462D990AF}
2012-05-24 06:14 - 2012-05-24 06:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{0D0ED071-DA00-4A72-A3A0-180AF96566D8}
2012-05-24 03:54 - 2011-07-18 04:02 - 00000000 ____D C:\Users\Jack\Downloads\REQUESTS
2012-05-24 01:19 - 2012-05-24 01:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{CDA8CE12-5011-4FF6-80A8-F9ED4519B94E}
2012-05-24 01:19 - 2012-05-24 01:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{8BDC9D3B-C86D-485C-ABBB-F07430C9BDAC}
2012-05-24 01:12 - 2012-05-24 01:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{716EBF87-4865-4FB8-B175-F8CBFEF6D98D}
2012-05-24 01:11 - 2012-05-24 01:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{EF2541CF-B89B-4880-A4F6-D12CCFAFE13F}
2012-05-23 12:02 - 2012-05-23 12:02 - 00000000 ____D C:\Users\Jack\AppData\Local\{47F3D9FE-EF6C-45EB-8355-6EE884E98CDB}
2012-05-23 12:01 - 2012-05-23 12:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{54905808-61DA-4D44-8E84-5BB32EC2C787}
2012-05-23 12:00 - 2012-04-18 06:16 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-05-23 03:33 - 2012-05-23 03:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{0DF3EB57-6C58-4222-BA79-F79E656908F9}
2012-05-23 03:33 - 2012-05-23 03:32 - 00000000 ____D C:\Users\Jack\AppData\Local\{3639598E-8820-410F-B291-5DDF48EBA5E6}
2012-05-23 03:28 - 2012-05-23 03:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{519DF9F3-05C6-4030-B5A0-E108D8911931}
2012-05-23 03:28 - 2012-05-23 03:27 - 00000000 ____D C:\Users\Jack\AppData\Local\{8F65CB25-92D6-4DC9-A905-6006D3C06332}
2012-05-22 00:04 - 2012-05-22 00:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{2409FE97-88A1-4D95-BFDB-D61DCB1F482C}
2012-05-22 00:03 - 2012-05-22 00:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{50A1DD04-17D9-43DE-BD97-30CD2B9BB6AD}
2012-05-22 00:01 - 2012-05-22 00:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{E8B71A2B-0B2E-4A76-901E-E6DE02066F0E}
2012-05-22 00:01 - 2012-05-22 00:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{26778133-586F-47C1-A231-3950E077F6CD}
2012-05-21 10:25 - 2012-05-21 10:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{CD43AE50-EE05-4A7D-B79E-841502FD841E}
2012-05-21 04:34 - 2012-05-21 04:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{81466FA7-780A-4A1B-A069-3FD5E86B3320}
2012-05-21 04:34 - 2012-05-21 04:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{6EB0FD2E-C4E4-4DF0-9A56-3DF785320488}
2012-05-21 04:30 - 2012-05-21 04:30 - 00000000 ____D C:\Users\Jack\AppData\Local\{CBAF0C31-41AC-4C79-AC90-B1D2A5982E40}
2012-05-21 04:30 - 2012-05-21 04:30 - 00000000 ____D C:\Users\Jack\AppData\Local\{274F8154-732F-4E78-AE8F-1D13A5E843AF}
2012-05-20 06:23 - 2012-05-20 06:23 - 00000000 ____D C:\Users\Jack\AppData\Local\{82397CBB-6B6F-4AA1-81B5-E9056616D919}
2012-05-20 06:23 - 2012-05-20 06:23 - 00000000 ____D C:\Users\Jack\AppData\Local\{3FAD4CA0-1AE6-408B-9EE4-40863E4F190E}
2012-05-20 05:52 - 2012-05-20 05:52 - 00000000 ____D C:\Users\Jack\AppData\Local\{BC393EE9-0946-4DDA-B08E-0922367EEC2F}
2012-05-20 05:52 - 2012-05-20 05:51 - 00000000 ____D C:\Users\Jack\AppData\Local\{9E0A30BC-0159-4333-9FB9-1EB9DC2B6499}
2012-05-20 02:55 - 2012-05-20 02:55 - 00000000 ____D C:\Users\Jack\AppData\Local\{92902A1E-9C87-4021-BD0D-C6B856383DBE}
2012-05-20 02:55 - 2012-05-20 02:54 - 00000000 ____D C:\Users\Jack\AppData\Local\{E7EAC416-ACB9-40C4-890F-CE4B422A4641}
2012-05-19 05:59 - 2012-05-19 05:59 - 00000000 ____D C:\Users\Jack\AppData\Local\{EB2BD1B9-BC72-4151-8EC3-DACCCE3FB5EA}
2012-05-19 05:59 - 2012-05-19 05:59 - 00000000 ____D C:\Users\Jack\AppData\Local\{1BA08688-9FA2-412C-9420-0906384D073D}
2012-05-19 03:05 - 2012-05-19 03:05 - 00000000 ____D C:\Users\Jack\AppData\Local\{52D235FA-A8DF-4057-BF50-4E7EBBEC33B0}
2012-05-19 03:04 - 2012-05-19 03:04 - 00000000 ____D C:\Users\Jack\AppData\Local\{B79D15E7-2400-492B-AD98-C4EA1B3ECD4B}
2012-05-18 08:19 - 2012-05-18 08:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{B92F609D-3284-4446-9188-E4A2BA3047D3}
2012-05-18 08:19 - 2012-05-18 08:18 - 00000000 ____D C:\Users\Jack\AppData\Local\{653B07EA-C450-47BA-9442-5066B8D09A8F}
2012-05-17 11:34 - 2009-09-21 09:07 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Adobe
2012-05-17 04:57 - 2012-05-17 04:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{C54F47EE-D662-4454-82C4-18ADD78E7A04}
2012-05-17 04:57 - 2012-05-17 04:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{ACA18F3B-68D8-40F1-9880-14C403A6DE27}
2012-05-17 04:56 - 2012-05-17 04:56 - 00000000 ____D C:\Users\Jack\AppData\Local\{C02BB7CD-9280-4353-A529-3D34B60F2039}
2012-05-17 04:56 - 2012-05-17 04:55 - 00000000 ____D C:\Users\Jack\AppData\Local\{B1EECAEF-1F8C-4B8D-92DC-108AE4A5BA4C}
2012-05-16 03:11 - 2012-05-16 03:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{99E02B08-B5AB-4E7A-8F92-76C25072B485}
2012-05-16 03:11 - 2012-05-16 03:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{615FC0C3-C0D2-4ABF-BDC9-6C0C3E2C37D1}
2012-05-16 02:34 - 2012-05-16 02:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{44FC259A-C545-4EF1-9E21-225258F85C0A}
2012-05-16 02:34 - 2012-05-16 02:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{BFF1479F-9CF5-44C3-8475-1DE394E04925}
2012-05-15 01:44 - 2012-05-15 01:43 - 00000000 ____D C:\Users\Jack\AppData\Local\{FD3D2324-94AE-4716-8FC1-A1FBDB151D24}
2012-05-15 01:43 - 2012-05-15 01:43 - 00000000 ____D C:\Users\Jack\AppData\Local\{ED356464-4828-4D3B-88B0-87959B575BFB}
2012-05-15 01:40 - 2012-05-15 01:40 - 00000000 ____D C:\Users\Jack\AppData\Local\{0B49462C-9676-4BEA-A211-384BC2A1CE3F}
2012-05-14 19:56 - 2012-06-13 01:06 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:52 - 2012-06-13 01:06 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:08 - 2012-06-13 01:06 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:06 - 2012-06-13 01:06 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-06-13 01:05 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 03:32 - 2012-05-14 03:32 - 00000000 ____D C:\Users\Jack\AppData\Local\{4A33CAC2-F4B3-4DBD-B71A-0BF18C485D50}
2012-05-14 03:31 - 2012-05-14 03:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{82921F41-D1C2-461A-8CF2-986EDACF904D}
2012-05-14 03:31 - 2012-05-14 03:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{0B89B55F-AF7C-4BC9-B4F3-DC6E901DA7AC}
2012-05-14 03:31 - 2012-05-14 03:30 - 00000000 ____D C:\Users\Jack\AppData\Local\{7674B135-C6C0-4E52-8D02-F89CEF94EB6D}
2012-05-14 03:29 - 2012-05-14 03:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{8F825210-B160-474C-85B0-BBA02BBC45C8}
2012-05-14 03:29 - 2012-05-14 03:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{7D193B50-D91C-4E19-907B-F8BD4B889C54}
2012-05-13 05:33 - 2012-05-13 05:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{3C2B8BB9-2637-42D5-852C-38C8845BF89A}
2012-05-13 05:33 - 2012-05-13 05:32 - 00000000 ____D C:\Users\Jack\AppData\Local\{D64B9D18-6A04-487C-90BD-3C3E56522799}
2012-05-13 05:07 - 2012-05-13 05:06 - 00000000 ____D C:\Users\Jack\AppData\Local\{474F6A52-0C46-4036-8122-76FC7722EB8F}
2012-05-13 05:06 - 2012-05-13 05:06 - 00000000 ____D C:\Users\Jack\AppData\Local\{34142ED3-5248-4467-BD88-B1DC6366DFE4}
2012-05-11 03:01 - 2012-05-11 03:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{AC52D0E1-F1BD-4EB3-84FC-A30B1A732FDE}
2012-05-11 03:01 - 2012-05-11 03:01 - 00000000 ____D C:\Users\Jack\AppData\Local\{3289AA24-6E4A-4F5F-9871-C8F9670A8E7A}
2012-05-11 02:53 - 2012-05-11 02:53 - 00000000 ____D C:\Users\Jack\AppData\Local\{A68472A4-5A07-4532-9E1F-9551E02B2F28}
2012-05-10 03:07 - 2012-05-10 03:06 - 00000000 ____D C:\Users\Jack\AppData\Local\{C8D6B54B-E52D-4C33-AAE0-5D2C310857F8}
2012-05-10 03:06 - 2012-05-10 03:06 - 00000000 ____D C:\Users\Jack\AppData\Local\{5B059318-18C6-452A-9695-C47731FE3D0F}
2012-05-10 02:49 - 2012-05-10 02:49 - 00000000 ____D C:\Users\Jack\AppData\Local\{E25ADBA1-5CA9-438D-BE69-0E4DDE9AA7CD}
2012-05-09 19:04 - 2009-09-16 01:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-09 18:38 - 2009-12-07 11:10 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 18:38 - 2009-09-16 01:38 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-09 18:04 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 03:34 - 2012-05-09 03:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{A2D9C225-9AB7-4ADC-8E7E-FC86E0C4B716}
2012-05-09 03:34 - 2012-05-09 03:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{7E4A35EF-75C7-4536-869D-FA445016EED0}
2012-05-08 23:57 - 2012-05-08 23:57 - 00000000 ____D C:\Users\Jack\AppData\Local\{F40135FC-7B65-46C8-AE79-9C3BE39415FE}
2012-05-08 23:57 - 2012-05-08 23:56 - 00000000 ____D C:\Users\Jack\AppData\Local\{21A8B5E9-345A-4123-8E0B-9D5F9FC08BFA}
2012-05-08 12:01 - 2012-05-08 12:01 - 00053760 ____A C:\Users\Jack\Desktop\jack wetherill culture of the glossy.doc
2012-05-08 11:47 - 2012-05-08 11:34 - 00012424 ____A C:\Users\Jack\Desktop\Bibliography.docx
2012-05-08 11:04 - 2012-04-30 14:56 - 00020299 ____A C:\Users\Jack\Desktop\Examine the growth of the men.docx
2012-05-08 07:10 - 2012-05-08 07:10 - 00000000 ____D C:\Users\Jack\AppData\Local\{D2F7CBF5-0F1C-4503-A7BC-9C2A87D1D0E8}
2012-05-08 07:10 - 2012-05-08 07:10 - 00000000 ____D C:\Users\Jack\AppData\Local\{4E976DB0-0AE2-4F47-99AA-E535ABC02B60}
2012-05-08 00:15 - 2012-05-08 00:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{57A78862-826C-4085-AF24-DAD803E266E3}
2012-05-08 00:15 - 2012-05-08 00:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{2AB1BC9D-453C-4A4C-AB14-2C1AE4BD8E07}
2012-05-07 07:16 - 2012-05-07 07:15 - 04086836 ____A C:\Users\Jack\Downloads\Jessie J - Domino (Radio 1 Live Lounge, 2012).mp3
2012-05-07 07:13 - 2012-05-07 07:13 - 03340225 ____A C:\Users\Jack\Downloads\Rita Ora - Somebody That I Used To Know (Gotye & Kimbra Cover @ Radio 1's Live Lounge).mp3
2012-05-07 07:12 - 2012-05-07 07:12 - 03166908 ____A C:\Users\Jack\Downloads\Jessie J - We Found Love (Radio 1 Live Lounge, 2012).mp3
2012-05-07 07:12 - 2012-05-07 07:03 - 03467889 ____A C:\Users\Jack\Downloads\Cheryl - Call My Name.mp3
2012-05-07 06:46 - 2012-05-07 06:46 - 00000000 ____D C:\Users\Jack\AppData\Local\{22DA9816-3728-413E-A4B4-C5951C058CD2}
2012-05-07 06:46 - 2012-05-07 06:46 - 00000000 ____D C:\Users\Jack\AppData\Local\{1B813DC2-8E19-453A-927A-8F56FBD5DB63}
2012-05-06 07:45 - 2012-05-06 07:45 - 00000000 ____D C:\Users\Jack\AppData\Local\{164E7C04-BA91-4A07-82D5-E903616E13D3}
2012-05-06 07:45 - 2012-05-06 07:44 - 00000000 ____D C:\Users\Jack\AppData\Local\{18CDFBA8-CB15-464F-AFE6-4082541DDB62}
2012-05-06 03:24 - 2012-05-06 03:24 - 00000000 ____D C:\Users\Jack\AppData\Local\{4303F8A3-4DB8-46EA-90B2-F53609216477}
2012-05-06 03:24 - 2012-05-06 03:23 - 00000000 ____D C:\Users\Jack\AppData\Local\{59018628-B444-48A4-9F05-CE62D408CDBE}
2012-05-05 10:04 - 2012-04-13 02:03 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 05:59 - 2012-05-05 05:59 - 00000000 ____D C:\Users\Jack\AppData\Local\{E0AE996D-2450-4DF3-A5DF-4EE4B34B1737}
2012-05-05 05:59 - 2012-05-05 05:58 - 00000000 ____D C:\Users\Jack\AppData\Local\{44293828-4441-4343-89D8-22DCA6318872}
2012-05-05 05:05 - 2012-05-05 05:05 - 00000000 ____D C:\Users\Jack\AppData\Local\{61533E2D-A184-4916-AE33-C6976412012F}
2012-05-05 05:05 - 2012-05-05 05:05 - 00000000 ____D C:\Users\Jack\AppData\Local\{038EE389-03D2-4CAC-AFC2-A2A2C1DFFE5E}
2012-05-04 04:17 - 2012-05-04 04:16 - 00000000 ____D C:\Users\Jack\AppData\Local\{0F4D108F-C3DA-477C-8FDB-B490F1A26517}
2012-05-04 04:16 - 2012-05-04 04:16 - 00000000 ____D C:\Users\Jack\AppData\Local\{4E7186BE-D8D2-4156-B959-A9A9D14C67B0}
2012-05-04 04:14 - 2012-05-04 04:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{C049B181-E56E-42F5-9E6A-8A46612EFAE0}
2012-05-04 04:14 - 2012-05-04 04:14 - 00000000 ____D C:\Users\Jack\AppData\Local\{95D15442-4137-49FE-9034-A128371AFE7D}
2012-05-04 02:52 - 2012-06-13 01:06 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-13 01:05 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-13 01:05 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 03:15 - 2012-05-03 03:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{BAF6B27E-2C2B-4CE9-AF4A-DF6245543B5F}
2012-05-03 03:15 - 2012-05-03 03:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{87E102F4-AFA7-43F5-8602-2082B7546707}
2012-05-03 00:48 - 2012-05-03 00:48 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-03 00:48 - 2012-05-03 00:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-03 00:48 - 2009-09-21 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-03 00:44 - 2012-05-03 00:43 - 00000000 ____D C:\Users\Jack\AppData\Local\{0D73C40F-97C6-41BB-B060-BBE5F4412B0F}
2012-05-03 00:43 - 2012-05-03 00:43 - 00000000 ____D C:\Users\Jack\AppData\Local\{E94F1C94-C127-494E-920C-76096F10A5B8}
2012-05-02 05:47 - 2011-11-02 04:25 - 00000000 ____D C:\Users\Jack\Documents\UNI
2012-05-01 21:32 - 2012-06-13 01:06 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-05-01 00:29 - 2012-05-01 00:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{C2DA0F8B-7014-4467-874E-2DAAF0C2A7C0}
2012-05-01 00:29 - 2012-05-01 00:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{B024F392-F6B9-4F27-B7F3-B0A5F39F717B}
2012-05-01 00:16 - 2012-05-01 00:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{0630CB13-32FF-4C06-A2DA-4B3A5B9E58CC}
2012-05-01 00:15 - 2012-05-01 00:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{0873B907-BE1A-4D16-9A7E-CC9D50151F0C}
2012-04-30 15:11 - 2012-04-30 15:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{711B0A83-0DFE-45E2-910E-9E6207B4BAF2}
2012-04-30 15:11 - 2012-04-30 15:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{32CD8C98-C5F9-4B91-BC45-80956AE58D79}
2012-04-30 03:12 - 2012-04-30 03:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{9CD30AFE-85E6-446E-A758-D085880E8615}
2012-04-30 03:11 - 2012-04-30 03:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{D2F41B61-EECC-4723-95D4-22008C74D175}
2012-04-30 03:11 - 2012-04-30 03:10 - 00000000 ____D C:\Users\Jack\AppData\Local\{2215F90A-0763-4680-9668-CBD41A867619}
2012-04-30 03:10 - 2012-04-30 03:10 - 00000000 ____D C:\Users\Jack\AppData\Local\{0B53C85B-54DE-4980-95FB-689B0C160C51}
2012-04-30 03:09 - 2012-04-30 03:09 - 00000000 ____D C:\Users\Jack\AppData\Local\{370B71D0-23E1-4557-A2AE-F546AED2C601}
2012-04-30 03:09 - 2012-04-30 03:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{8DB90117-DBD4-4A7B-BE0D-2B95FCFA2635}
2012-04-29 18:27 - 2012-04-29 18:26 - 00000000 ____D C:\Users\Jack\AppData\Local\{D2D698DA-5628-4D17-87B5-8F0B6E283462}
2012-04-29 18:26 - 2012-04-29 18:26 - 00000000 ____D C:\Users\Jack\AppData\Local\{3279B1A5-0BE5-460F-9B87-9797F2F4D50D}
2012-04-29 04:12 - 2012-04-29 04:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{EC3ECA86-DA96-4D8A-8E13-1E1D2D1BAEC4}
2012-04-29 04:12 - 2012-04-29 04:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{C32D5EA6-9FBC-43C0-A121-0AECA1CA8B7A}
2012-04-29 04:09 - 2012-04-29 04:09 - 00000000 ____D C:\Users\Jack\AppData\Local\{11FB1CCA-937A-445D-A78C-0E800A2F75C6}
2012-04-29 04:09 - 2012-04-29 04:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{81A5EDE9-5372-4B03-AE06-BC4BCFA715A5}
2012-04-27 19:50 - 2012-06-13 01:05 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 10:10 - 2012-04-27 10:10 - 00000000 ____D C:\Users\Jack\AppData\Local\{38AEA1DD-E27D-45FC-848D-131E06B3CCD7}
2012-04-27 10:10 - 2012-04-27 10:09 - 00000000 ____D C:\Users\Jack\AppData\Local\{18CF6013-A21E-4B8B-A066-AF7388398CE0}
2012-04-27 01:38 - 2012-04-27 01:38 - 00000000 ____D C:\Users\Jack\AppData\Local\{950D7D46-D71C-4ECA-8C0A-F893CBCB27FF}
2012-04-26 07:22 - 2012-04-26 07:21 - 00000000 ____D C:\Users\Jack\AppData\Local\{3E77B73A-3ED3-4BB6-8965-FC0AF54B3599}
2012-04-26 07:21 - 2012-04-26 07:21 - 00000000 ____D C:\Users\Jack\AppData\Local\{137B3979-2FEA-480E-A82B-D7D310A4391A}
2012-04-26 01:18 - 2012-04-26 01:18 - 00000000 ____D C:\Users\Jack\AppData\Local\{F29DEDC8-F154-477E-B9E5-2AA0AE94CA0D}
2012-04-25 21:34 - 2012-06-13 01:06 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:34 - 2012-06-13 01:06 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:28 - 2012-06-13 01:06 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 11:26 - 2012-04-25 11:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{7AFE9C26-87E7-446F-8A81-686C5C5CA41C}
2012-04-25 11:25 - 2012-04-25 11:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{01104989-C112-4C86-983F-A4CFDA80D80C}
2012-04-25 03:25 - 2012-04-25 03:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{63DEBDF0-B216-431A-B158-705368C29953}
2012-04-24 09:22 - 2012-04-24 09:21 - 00000000 ____D C:\Users\Jack\AppData\Local\{484CA22D-3A24-4051-BF22-36359AE6C3E2}
2012-04-24 09:21 - 2012-04-24 09:21 - 00000000 ____D C:\Users\Jack\AppData\Local\{409FDC99-2243-4F42-A353-65CE90ACC030}
2012-04-24 04:47 - 2012-04-24 04:46 - 00000000 ____D C:\Users\Jack\AppData\Local\{0B5FA270-ECBA-4D21-BD6C-AF71F31688F7}
2012-04-24 04:46 - 2012-04-24 04:46 - 00000000 ____D C:\Users\Jack\AppData\Local\{E542CC5D-3B58-47C9-9DEA-3F12058E6A3C}
2012-04-24 00:22 - 2012-04-24 00:22 - 00000000 ____D C:\Users\Jack\AppData\Local\{2A93BA0D-EA96-45D9-A44B-468FC0D3D77D}
2012-04-24 00:22 - 2012-04-24 00:21 - 00000000 ____D C:\Users\Jack\AppData\Local\{E139A697-2651-4C51-96CA-519EFB5A3287}
2012-04-23 21:59 - 2012-06-13 01:05 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:59 - 2012-06-13 01:05 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:59 - 2012-06-13 01:05 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:47 - 2012-06-13 01:05 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:47 - 2012-06-13 01:05 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:47 - 2012-06-13 01:05 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 05:03 - 2012-04-23 05:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{FF36C516-0AF7-442F-A0F1-9AA0C3A3158C}
2012-04-23 05:03 - 2012-04-23 05:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{27ED2414-4815-46DB-9D8C-9ECFF381B70C}
2012-04-23 03:34 - 2012-04-23 03:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{79DD12CD-2863-44AC-9E2E-DC4C44D08CD8}
2012-04-23 03:33 - 2012-04-23 03:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{CDCD9D46-969C-4175-A4AA-C486A5DB7087}
2012-04-22 05:31 - 2012-04-22 05:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{F3E37F90-DCC2-40A3-8221-39A9C420D6D4}
2012-04-22 05:31 - 2012-04-22 05:30 - 00000000 ____D C:\Users\Jack\AppData\Local\{EFD0B7D4-65A3-4437-8149-8CCFEBB41158}
2012-04-21 05:52 - 2012-04-21 05:52 - 00000000 ____D C:\Users\Jack\AppData\Local\{38943276-DE00-4855-8198-FC7F7AF4FAB4}
2012-04-21 05:52 - 2012-04-21 05:51 - 00000000 ____D C:\Users\Jack\AppData\Local\{124677CA-FEE8-4763-B848-D133226A7CEE}
2012-04-21 03:19 - 2012-04-21 03:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{5E981367-70BE-4183-8DB1-37E21B6B4DF8}
2012-04-21 03:19 - 2012-04-21 03:18 - 00000000 ____D C:\Users\Jack\AppData\Local\{5EB7F2DF-FA27-49CD-B075-62E906C2F339}
2012-04-20 10:12 - 2012-04-20 10:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{99C2965F-8A38-4F40-AF56-AE242F8B61B2}
2012-04-20 10:12 - 2012-04-20 10:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{72E1AC57-9749-4E84-A7F1-ABD52B93A0EB}
2012-04-20 10:09 - 2012-04-20 10:09 - 00000000 ____D C:\Users\Jack\AppData\Local\{3F2532D8-2852-423F-8594-FBC2B9A5FC16}
2012-04-20 10:09 - 2012-04-20 10:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{2449FED2-4E0A-440F-BA0B-85AE464433F0}
2012-04-20 08:55 - 2012-04-20 08:54 - 00000000 ____D C:\Users\Jack\AppData\Local\{52F70979-9001-45D2-9EE6-49CC87490246}
2012-04-20 08:54 - 2012-04-20 08:54 - 00000000 ____D C:\Users\Jack\AppData\Local\{E3FEBF0D-E3A7-4D3B-AC9B-7D1976B0EABA}
2012-04-19 22:25 - 2012-06-13 01:06 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 22:25 - 2012-06-13 01:06 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 22:23 - 2012-06-13 01:06 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-19 22:22 - 2012-06-13 01:07 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 22:22 - 2012-06-13 01:07 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 22:22 - 2012-06-13 01:06 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 22:22 - 2012-06-13 01:06 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-19 22:22 - 2012-06-13 01:06 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-19 22:21 - 2012-06-13 01:07 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 22:21 - 2012-06-13 01:06 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 22:21 - 2012-06-13 01:06 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-19 22:21 - 2012-06-13 01:06 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-19 22:21 - 2012-06-13 01:06 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 22:18 - 2012-06-13 01:06 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-19 21:07 - 2012-06-13 01:06 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:07 - 2012-06-13 01:06 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 21:06 - 2012-06-13 01:07 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 21:06 - 2012-06-13 01:07 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 21:06 - 2012-06-13 01:06 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-04-19 21:06 - 2012-06-13 01:06 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 21:06 - 2012-06-13 01:06 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-19 21:05 - 2012-06-13 01:07 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 21:05 - 2012-06-13 01:06 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 21:05 - 2012-06-13 01:06 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-19 21:05 - 2012-06-13 01:06 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-19 21:05 - 2012-06-13 01:06 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 21:05 - 2012-06-13 01:06 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-19 21:03 - 2012-06-13 01:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-19 21:00 - 2012-06-13 01:06 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-19 20:15 - 2012-06-13 01:06 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:58 - 2012-06-13 01:06 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-19 19:24 - 2012-06-13 01:06 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-19 07:36 - 2012-04-19 07:36 - 00000000 ____D C:\Users\Jack\AppData\Local\{DC373B95-43C6-44A2-8DCF-8AD6F318D724}
2012-04-19 07:36 - 2012-04-19 07:36 - 00000000 ____D C:\Users\Jack\AppData\Local\{BBF79729-4901-4105-BB0D-818290FDD4C3}
2012-04-18 06:16 - 2012-04-06 07:10 - 00000000 ____D C:\Program Files\Dell Support Center
2012-04-18 06:16 - 2009-09-16 01:42 - 00000000 ____D C:\Users\All Users\Dell
2012-04-18 03:36 - 2012-04-18 03:36 - 00000000 ____D C:\Users\Jack\AppData\Local\{2932AF45-12AB-4BD9-9784-58898AF552AA}
2012-04-18 03:36 - 2012-04-18 03:35 - 00000000 ____D C:\Users\Jack\AppData\Local\{D1606517-5BC2-4BBE-90E7-E938C09DF451}
2012-04-17 08:53 - 2012-04-17 08:53 - 00000000 ____D C:\Users\Jack\AppData\Local\{493CEEE9-B377-4E12-BC42-40865A10A477}
2012-04-17 08:53 - 2012-04-17 08:52 - 00000000 ____D C:\Users\Jack\AppData\Local\{C1B6AB2D-B36C-416B-A730-26F8663DBBE0}
2012-04-16 21:38 - 2012-06-13 01:07 - 00851968 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 20:45 - 2012-06-13 01:07 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-15 12:17 - 2012-04-15 12:16 - 00000000 ____D C:\Users\Jack\AppData\Local\{27DE89E0-2B09-458D-B2CF-4099A0E71D29}
2012-04-15 12:16 - 2012-04-15 12:16 - 00000000 ____D C:\Users\Jack\AppData\Local\{45EF02A8-32D2-4745-A29C-3A8AFE8B3C4D}
2012-04-13 01:43 - 2012-04-13 01:42 - 00000000 ____D C:\Users\Jack\AppData\Local\{5CD8234F-635F-4F63-8917-AED3FE833EF5}
2012-04-13 01:42 - 2012-04-13 01:42 - 00000000 ____D C:\Users\Jack\AppData\Local\{2A714E43-CDE1-4F03-9C15-085C97458B4C}
2012-04-12 01:43 - 2012-04-12 01:43 - 00000000 ____D C:\Users\Jack\AppData\Local\{3DF5246D-840C-4DB9-8EC8-5E42CCB56596}
2012-04-12 01:43 - 2012-04-12 01:42 - 00000000 ____D C:\Users\Jack\AppData\Local\{BD2A2571-19AC-4B56-B201-220CB43A88B3}
2012-04-12 01:41 - 2012-04-12 01:41 - 00000000 ____D C:\Users\Jack\AppData\Local\{EC0CF824-F481-4A26-917A-2543EC20F39F}
2012-04-12 01:41 - 2012-04-12 01:41 - 00000000 ____D C:\Users\Jack\AppData\Local\{CA0E3259-2D5C-4417-95E5-648A3BB83C6D}
2012-04-12 01:39 - 2012-04-12 01:39 - 00000000 ____D C:\Users\Jack\AppData\Local\{F72C89D0-A7AB-4A81-9942-AB54FC2F3344}
2012-04-12 01:39 - 2012-04-12 01:39 - 00000000 ____D C:\Users\Jack\AppData\Local\{518B62C5-D6B8-430B-9505-952BDF81E8D8}
2012-04-11 02:29 - 2012-04-11 02:29 - 00000000 ____D C:\Users\Jack\AppData\Local\{81E60E6D-8D7B-417F-937E-121A3580C3D7}
2012-04-11 02:29 - 2012-04-11 02:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{F16120F5-48AD-4175-82DD-D6C1E900FC7D}
2012-04-11 02:18 - 2012-04-11 02:18 - 00000000 ____D C:\Users\Jack\AppData\Local\{CD89C815-E4AD-4484-996C-4FEC0E0378DE}
2012-04-11 02:18 - 2012-04-11 02:18 - 00000000 ____D C:\Users\Jack\AppData\Local\{8FA00318-DADF-4D18-A86F-B3098C6CC27C}
2012-04-10 07:11 - 2012-04-10 07:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{5F179A15-07D5-4BC0-9011-0BDFF123AB09}
2012-04-10 07:11 - 2012-04-10 07:10 - 00000000 ____D C:\Users\Jack\AppData\Local\{7A6BF770-B353-44EC-B839-32B85661A159}
2012-04-10 01:19 - 2012-04-10 01:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{1AD816FE-EBC5-48BE-B8E8-840A5083EB17}
2012-04-10 01:19 - 2012-04-10 01:18 - 00000000 ____D C:\Users\Jack\AppData\Local\{777ABFB2-1604-4125-8680-DD22526C62D5}
2012-04-09 15:28 - 2012-04-09 15:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{71517361-AFF7-4405-AFAB-9D374B3A8C48}
2012-04-09 15:28 - 2012-04-09 15:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{62FF5014-C672-4FA2-8F25-E1F027FD8C7E}
2012-04-09 13:11 - 2012-04-09 13:10 - 00000000 ____D C:\Users\Jack\AppData\Local\{426BE5C1-9FC2-44C8-8E31-D81EFEB9194B}
2012-04-09 13:10 - 2012-04-09 13:10 - 00000000 ____D C:\Users\Jack\AppData\Local\{9CCFAC5A-63AF-427D-8E8E-552688994A56}
2012-04-09 01:11 - 2012-04-09 01:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{1FBAEFED-32B7-4465-B5FD-BA303E4FFBE4}
2012-04-09 01:10 - 2012-04-09 01:10 - 00000000 ____D C:\Users\Jack\AppData\Local\{94C4307A-2DF4-44F2-B3EE-862FBA056554}
2012-04-09 01:08 - 2012-04-09 01:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{DCC2D62E-A260-4AC7-A583-5C853B49958C}
2012-04-09 01:08 - 2012-04-09 01:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{5A922A37-41C3-46E1-998E-8E312E1C4DB8}
2012-04-08 14:16 - 2012-04-08 14:16 - 00000000 ____D C:\Users\Jack\AppData\Local\{1892F5DE-BBD2-4950-A7D9-0BD8B1D8CB81}
2012-04-08 14:16 - 2012-04-08 14:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{F7B52DD7-0C72-468C-9D3C-B48BBFE4F284}
2012-04-08 13:41 - 2012-04-08 13:41 - 00000000 ____D C:\Users\Jack\AppData\Local\{C97139F6-6736-4966-82D0-AD07D77AD4C9}
2012-04-08 01:19 - 2012-04-08 01:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{84921F8A-40CE-4EC7-8D04-515325165DE8}
2012-04-08 01:19 - 2012-04-08 01:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{14E7CBEB-2D51-4BBB-9773-1EC4B095B6BB}
2012-04-08 00:20 - 2012-04-08 00:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{C03171E6-6B90-4DAB-809B-A2596C769C35}
2012-04-08 00:19 - 2012-04-08 00:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{0FD7AB5D-F8CA-4681-8922-79347B49AFC6}
2012-04-07 09:25 - 2012-04-07 09:25 - 00000000 ____D C:\Users\Jack\AppData\Local\{B5DA4F5E-810B-48DD-8A9B-7133A0CAC6DA}
2012-04-07 09:24 - 2012-04-07 09:24 - 00000000 ____D C:\Users\Jack\AppData\Local\{764756B1-5C83-454E-AD2C-F587C1351BEB}
2012-04-07 09:12 - 2012-04-07 09:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{B419E7A8-1D9E-4EED-8603-29345D6FCEC2}
2012-04-07 09:12 - 2012-04-07 09:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{33FAAF83-9958-4F45-A292-0F7D8BB7B9C1}
2012-04-07 04:18 - 2012-06-13 01:05 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:34 - 2012-06-13 01:05 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 07:12 - 2012-04-06 07:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{A5A5361C-6A37-45DB-946D-29346C8EA087}
2012-04-06 07:12 - 2012-04-06 07:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{42C944A6-6CB1-46A6-B718-D2A0B691573E}
2012-04-06 06:34 - 2012-04-06 06:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{A46E6482-D4E3-452D-8FE5-091193A22A51}
2012-04-06 06:34 - 2012-04-06 06:33 - 00000000 ____D C:\Users\Jack\AppData\Local\{CE6A7B33-D7C0-4C2A-9B62-C22017F9457F}
2012-04-05 00:22 - 2012-04-05 00:22 - 00000000 ____D C:\Users\Jack\AppData\Local\{E0277E40-B0F3-43B9-954C-7C64E9EE101D}
2012-04-05 00:22 - 2012-04-05 00:22 - 00000000 ____D C:\Users\Jack\AppData\Local\{4AE729BB-90F7-4F2E-A0D4-C0E6A44406F8}
2012-04-05 00:13 - 2012-04-05 00:13 - 00000000 ____D C:\Users\Jack\AppData\Local\{3771D96C-D90C-495A-9E2A-057ADBC02E61}
2012-04-05 00:13 - 2012-04-05 00:12 - 00000000 ____D C:\Users\Jack\AppData\Local\{1015F0DE-A348-4065-A024-E4DDFE9B6DAB}
2012-04-04 06:56 - 2012-06-14 08:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 02:42 - 2012-04-04 02:42 - 00000000 ____D C:\Users\Jack\AppData\Local\{9D0E9931-03BC-469E-954E-0AB308A731DC}
2012-04-04 02:42 - 2012-04-04 02:41 - 00000000 ____D C:\Users\Jack\AppData\Local\{9E0A7B22-033A-4AE6-8B98-76290ABE98C3}
2012-04-04 01:55 - 2012-04-04 01:55 - 00000000 ____D C:\Users\Jack\AppData\Local\{C323272A-1292-46B2-800D-209B6E4B9570}
2012-04-04 01:55 - 2012-04-04 01:55 - 00000000 ____D C:\Users\Jack\AppData\Local\{13319573-3D5C-412F-9E53-E759423C9D27}
2012-04-03 04:03 - 2012-04-03 04:03 - 00000000 ____D C:\Users\Jack\AppData\Local\{84BE83F3-E4BC-4D06-A0DF-D421E72A8034}
2012-04-03 04:03 - 2012-04-03 04:02 - 00000000 ____D C:\Users\Jack\AppData\Local\{BE785931-8534-4848-AA17-C78FA5924144}
2012-04-03 02:41 - 2012-04-03 02:41 - 00000000 ____D C:\Users\Jack\AppData\Local\{58D679D6-52E1-4982-B093-6E43F6AA68F7}
2012-04-03 02:41 - 2012-04-03 02:40 - 00000000 ____D C:\Users\Jack\AppData\Local\{3A3DD998-B8A4-4136-8789-EDFBAF1722E0}
2012-04-02 03:32 - 2012-04-02 03:32 - 00000000 ____D C:\Users\Jack\AppData\Local\{CB85328D-E6F9-4A89-B68D-59A3B6F58482}
2012-04-02 03:32 - 2012-04-02 03:32 - 00000000 ____D C:\Users\Jack\AppData\Local\{A74623C9-14B3-46A9-B055-E7830F7BCDE9}
2012-04-02 03:30 - 2012-04-02 03:30 - 00000000 ____D C:\Users\Jack\AppData\Local\{55D1DF3B-244B-4DD1-B1AE-C9AA8B95C4A4}
2012-04-02 02:13 - 2012-04-02 02:13 - 00002314 ____A C:\Users\Mum\Desktop\Google Chrome.lnk
2012-04-02 02:13 - 2012-04-02 02:12 - 00000000 ____D C:\Users\Mum\AppData\Local\Google
2012-04-02 02:11 - 2012-04-02 02:11 - 00739864 ____A (Google Inc.) C:\Users\Mum\Downloads\ChromeSetup.exe
2012-04-02 02:11 - 2012-04-02 02:11 - 00000000 ____D C:\Users\Mum\AppData\Local\Stardock_Corporation
2012-04-01 02:20 - 2012-04-01 02:20 - 00000000 ____D C:\Users\Jack\AppData\Local\{699BD109-8E70-45CE-9971-58E5846D769C}
2012-04-01 02:20 - 2012-04-01 02:20 - 00000000 ____D C:\Users\Jack\AppData\Local\{32639910-CDFB-48D7-A46A-17FD120D0289}
2012-04-01 02:15 - 2012-04-01 02:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{B92B1558-F446-46D7-A85D-8F86CC1902C0}
2012-04-01 02:15 - 2012-04-01 02:15 - 00000000 ____D C:\Users\Jack\AppData\Local\{6CF4F7A8-BAC4-419E-A010-8D3F6EF3EA59}
2012-03-31 09:49 - 2012-03-31 09:49 - 00000000 ____D C:\Users\Jack\AppData\Local\{09CB30D4-9971-40F5-9BF0-020363E4AC45}
2012-03-31 09:49 - 2012-03-31 09:48 - 00000000 ____D C:\Users\Jack\AppData\Local\{87FF3E66-E6CA-4840-8553-1BBBB0B765CA}
2012-03-31 09:14 - 2012-03-31 09:13 - 00000000 ____D C:\Users\Jack\AppData\Local\{42B67BAD-3695-4F5B-B32D-FC62A8F64C22}
2012-03-30 06:11 - 2012-03-30 06:11 - 00000000 ____D C:\Users\Mum\AppData\Roaming\Epson
2012-03-30 06:11 - 2012-03-30 06:11 - 00000000 ____D C:\Users\Mum\AppData\Roaming\Apple Computer
2012-03-30 06:11 - 2010-10-12 10:17 - 00000000 ____D C:\Users\Mum\AppData\Roaming\Adobe
2012-03-30 06:10 - 2012-03-30 06:10 - 00000000 ____D C:\Users\Mum\AppData\Local\Adobe
2012-03-30 06:10 - 2010-10-12 10:13 - 00117040 ____A C:\Users\Mum\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-30 03:09 - 2012-05-09 10:57 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-30 02:05 - 2012-03-30 02:02 - 00000000 ____D C:\Users\Jack\AppData\Local\{2415EB17-13B1-4831-8EC0-74222F842375}
2012-03-29 01:37 - 2012-03-29 01:36 - 00000000 ____D C:\Users\Jack\AppData\Local\{4F7B0492-2447-49F4-8AB1-9C683D4A72F6}
2012-03-28 13:25 - 2012-03-28 13:19 - 00000000 ____D C:\Users\Jack\Downloads\Nicki Minaj - Pink Friday Roman Reloaded [CD-Rip][2012]
2012-03-28 10:41 - 2012-03-28 10:41 - 00000000 ____D C:\Users\Jack\AppData\Local\{5C38D6B4-4205-4D51-B95F-95CF096C841D}
2012-03-28 10:40 - 2012-03-28 10:40 - 00000000 ____D C:\Users\Jack\AppData\Local\{BCDE2DFA-46F0-45C3-976C-1B39FCE32864}
2012-03-28 10:38 - 2012-03-28 10:38 - 00000000 ____D C:\Users\Jack\AppData\Local\{5E3E2EA1-B66B-4328-9A16-F201ED695202}
2012-03-28 10:38 - 2012-03-28 10:38 - 00000000 ____D C:\Users\Jack\AppData\Local\{1E502C1B-8293-40D0-B6CE-49B7EB1FC15B}
2012-03-28 02:42 - 2012-03-28 02:42 - 00000000 ____D C:\Users\Jack\AppData\Local\{7E5804C7-CA82-4CE8-97FF-40A894BE155C}
2012-03-28 02:42 - 2012-03-28 02:42 - 00000000 ____D C:\Users\Jack\AppData\Local\{36F46481-E5E9-4AA9-A279-4F1B07B859FD}
2012-03-28 02:26 - 2012-03-28 02:26 - 00000000 ____D C:\Users\Jack\AppData\Local\{84400AF0-FEE7-4C41-83FD-60089BFB288C}
2012-03-28 02:26 - 2012-03-28 02:26 - 00000000 ____D C:\Users\Jack\AppData\Local\{26DA1F8C-5CE7-4C8F-8B17-0EF686F68048}
2012-03-27 08:53 - 2012-03-27 08:53 - 00000000 ____D C:\Users\Jack\AppData\Local\{D13E79A4-EBE8-4506-9B76-2AC1D4C3BC8B}
2012-03-27 08:53 - 2012-03-27 08:53 - 00000000 ____D C:\Users\Jack\AppData\Local\{1B1A323B-15DA-4567-8BAA-4544BC602F61}
2012-03-27 01:30 - 2012-03-27 01:30 - 00000000 ____D C:\Users\Jack\AppData\Local\{BC05AC58-2C00-4AD7-A247-87C4EDB45619}
2012-03-27 01:30 - 2012-03-27 01:30 - 00000000 ____D C:\Users\Jack\AppData\Local\{17EA2147-4E72-4CCA-8AF6-592BAB1A6069}
2012-03-27 01:11 - 2012-03-27 01:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{F6FEB181-17BE-4695-9B58-7250414DA5FD}
2012-03-27 01:11 - 2012-03-27 01:11 - 00000000 ____D C:\Users\Jack\AppData\Local\{BBFC389B-35CF-4E9B-933F-8B5DF6519170}
2012-03-26 07:19 - 2012-03-26 07:19 - 05857754 ____A C:\Users\Jack\Downloads\**** up the fun.mp3
2012-03-26 02:06 - 2012-03-26 02:06 - 00000000 ____D C:\Users\Jack\AppData\Local\{C0D6723F-BE19-4BCF-AAAF-8FBBD823804F}
2012-03-26 02:06 - 2012-03-26 02:05 - 00000000 ____D C:\Users\Jack\AppData\Local\{7C5F9DD0-EEC0-420B-B89C-D7B70CE7CB34}
2012-03-26 00:50 - 2012-03-26 00:50 - 00000000 ____D C:\Users\Jack\AppData\Local\{D820F4F3-ABD1-4F59-8FB7-F768EBFA5724}
2012-03-26 00:50 - 2012-03-26 00:50 - 00000000 ____D C:\Users\Jack\AppData\Local\{07562F97-38A8-45D4-BF42-84B08C25D626}
2012-03-25 02:40 - 2012-03-25 02:40 - 00000000 ____D C:\Users\Jack\AppData\Local\{FB68EEA0-ADB0-4BFE-89E6-E6A438F1B984}
2012-03-25 02:40 - 2012-03-25 02:40 - 00000000 ____D C:\Users\Jack\AppData\Local\{ED9861FC-27DF-4F16-9DFA-4C3B14B2471D}
2012-03-25 01:50 - 2012-03-25 01:50 - 00000000 ____D C:\Users\Jack\AppData\Local\{48DF1E2B-4816-47FC-952F-E10821B1818A}
2012-03-25 01:50 - 2012-03-25 01:50 - 00000000 ____D C:\Users\Jack\AppData\Local\{24776631-3B0E-4E18-A0A6-0E9D8961C441}
2012-03-24 09:56 - 2012-03-24 09:56 - 00000000 ____D C:\Users\Jack\AppData\Local\{3989BAE4-9FC1-4223-97F8-3C3D259D32DF}
2012-03-24 09:56 - 2012-03-24 09:55 - 00000000 ____D C:\Users\Jack\AppData\Local\{8FAA08B4-361A-4E5D-9408-D859C135FAE5}
2012-03-24 08:52 - 2012-03-24 08:52 - 00000000 ____D C:\Users\Jack\AppData\Local\{EE9C9C9E-FCFC-4883-ADCF-3FBFF2420F8E}
2012-03-24 08:52 - 2012-03-24 08:52 - 00000000 ____D C:\Users\Jack\AppData\Local\{17AE3BF3-E775-4818-9906-3E860B5F4779}
2012-03-24 08:36 - 2012-03-24 08:36 - 00000000 ____D C:\Users\Jack\AppData\Local\{D73AF1F2-9445-4F12-BCE6-8143B8BB6DC1}
2012-03-24 08:36 - 2012-03-24 08:35 - 00000000 ____D C:\Users\Jack\AppData\Local\{C8F32E95-AAE8-4E77-A176-C00B9EC86D7C}
2012-03-23 06:20 - 2012-03-23 06:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{9D73351C-1C32-4FC9-94B9-20DD09C2BC7E}
2012-03-23 06:19 - 2012-03-23 06:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{DC537613-DA6F-493C-A73C-DBB16CEF77C1}
2012-03-23 03:32 - 2012-03-23 03:32 - 00000000 ____D C:\Users\Jack\AppData\Local\{FE295B4A-3DB4-492F-896C-4243D848E60B}
2012-03-23 03:32 - 2012-03-23 03:32 - 00000000 ____D C:\Users\Jack\AppData\Local\{F1D83203-34BA-41B2-A87E-383C583A284A}
2012-03-23 02:55 - 2012-03-23 02:55 - 00000000 ____D C:\Users\Jack\AppData\Local\{7C948115-12FC-411B-A5FA-00F824AA31F9}
2012-03-22 13:19 - 2012-03-22 13:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{9DE7D65E-4ADC-4DA5-B308-850A2AABC448}
2012-03-22 13:19 - 2012-03-22 01:19 - 00000000 ____D C:\Users\Jack\AppData\Local\{BFFE75FF-663D-46E6-B826-35592436E4DE}
2012-03-22 08:31 - 2012-03-22 08:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{E2BCC9A4-8368-4917-A49F-E713D6EE83DF}
2012-03-22 08:31 - 2012-03-22 08:31 - 00000000 ____D C:\Users\Jack\AppData\Local\{CA5B97C0-D27D-4D08-8B27-70845EC04093}
2012-03-21 11:16 - 2012-03-21 10:08 - 366442496 ____A C:\Users\Jack\Downloads\geordie.shore.s02e08.ws.pdtv.xvid-w4f.avi
2012-03-21 05:00 - 2012-03-21 05:00 - 00000000 ____D C:\Users\Jack\AppData\Local\{4469797C-D95C-47E3-AE31-D4E54AE2EC67}
2012-03-21 05:00 - 2012-03-21 04:59 - 00000000 ____D C:\Users\Jack\AppData\Local\{3FBA5E0D-1B00-4583-90A4-E89D6F90054D}
2012-03-21 03:25 - 2012-03-21 03:24 - 00000000 ____D C:\Users\Jack\AppData\Local\{2513B9BB-F232-4985-82CE-69BD1B206351}
2012-03-21 03:24 - 2012-03-21 03:24 - 00000000 ____D C:\Users\Jack\AppData\Local\{8F96FBF5-79EF-4097-A312-BB3CB272940D}
2012-03-20 12:17 - 2012-03-20 12:16 - 00000000 ____D C:\Users\Jack\AppData\Local\{E104E6F4-7DAD-4788-8188-180582EFD91A}
2012-03-20 12:16 - 2012-03-20 00:16 - 00000000 ____D C:\Users\Jack\AppData\Local\{FC906CA5-3C76-45E9-B4CF-217E4F575ECA}
2012-03-20 11:44 - 2012-03-20 11:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 11:44 - 2012-03-20 11:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 05:28 - 2012-03-20 05:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{BEBF2358-6617-4BE2-8C2C-0C66100BE277}
2012-03-20 05:28 - 2012-03-20 05:28 - 00000000 ____D C:\Users\Jack\AppData\Local\{30D65ED9-81F5-4F16-A7D9-68E588609E8D}
2012-03-19 15:46 - 2012-03-19 15:46 - 00000000 ____D C:\Users\Jack\AppData\Local\{E2C1DDCC-8427-4599-95D1-3F3F42F68EA0}
2012-03-19 15:46 - 2012-03-19 15:46 - 00000000 ____D C:\Users\Jack\AppData\Local\{73B07B5F-C06C-4F0A-BEAB-C90AC4C991F1}
2012-03-19 15:08 - 2012-03-19 15:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{0EAB04B5-5E8B-4995-8BB2-A6A86762EA3F}
2012-03-19 15:08 - 2012-03-19 15:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{07C01C8C-A35F-4B8F-85F1-1324557C6FC3}
2012-03-19 13:37 - 2012-03-19 13:37 - 00000000 ____D C:\Users\Jack\AppData\Local\{B21E599F-3937-4409-8585-A5C30D06ED22}
2012-03-19 13:37 - 2012-03-19 13:36 - 00000000 ____D C:\Users\Jack\AppData\Local\{9A774591-01D8-489E-86E0-37A0F2AF07B0}
2012-03-19 04:08 - 2012-03-19 04:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{F2A513D9-FD90-491B-8950-0B6AA00D1EE6}
2012-03-19 04:08 - 2012-03-19 04:08 - 00000000 ____D C:\Users\Jack\AppData\Local\{0008DD45-B15B-4DEB-BBC6-29E82F90B6BD}
2012-03-19 00:35 - 2012-03-19 00:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{FC9ED6BA-F4CD-4EA7-BD7B-AF63D20107EE}
2012-03-19 00:34 - 2012-03-19 00:34 - 00000000 ____D C:\Users\Jack\AppData\Local\{EFE3DB46-6853-4712-9103-D40A43D64D09}
2012-03-18 05:06 - 2012-03-18 05:06 - 00000000 ____D C:\Users\Jack\AppData\Local\{8663E287-1A12-4093-A1CA-04F2843E41FA}
2012-03-18 05:06 - 2012-03-18 05:06 - 00000000 ____D C:\Users\Jack\AppData\Local\{522B4806-BD60-4FE5-A3B7-B0E3DFC37F5B}
2012-03-18 03:27 - 2012-03-18 03:26 - 00000000 ____D C:\Users\Jack\AppData\Local\{992E8B73-7BBA-4114-BE7D-1CF76BF4C2DF}
2012-03-18 03:26 - 2012-03-18 03:26 - 00000000 ____D C:\Users\Jack\AppData\Local\{884823F5-0FDA-4118-BD44-5C5DFCCDA797}

ZeroAccess:
C:\Windows\Installer\{c791174a-e567-f19e-9677-adf66795fa27}
C:\Windows\Installer\{c791174a-e567-f19e-9677-adf66795fa27}\@
C:\Windows\Installer\{c791174a-e567-f19e-9677-adf66795fa27}\L
C:\Windows\Installer\{c791174a-e567-f19e-9677-adf66795fa27}\U

ZeroAccess:
C:\Users\Jack\AppData\Local\{c791174a-e567-f19e-9677-adf66795fa27}
C:\Users\Jack\AppData\Local\{c791174a-e567-f19e-9677-adf66795fa27}\@
C:\Users\Jack\AppData\Local\{c791174a-e567-f19e-9677-adf66795fa27}\L
C:\Users\Jack\AppData\Local\{c791174a-e567-f19e-9677-adf66795fa27}\U

 

[jack wetherill]

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 24%
Total physical RAM: 2008.36 MB
Available physical RAM: 1525.24 MB
Total Pagefile: 2008.36 MB
Available Pagefile: 1518.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:57.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.75 GB) NTFS
5 Drive g: (JACKS USB) (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1912 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 134 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 134 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1908 MB 4032 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G JACKS USB FAT Removable 1908 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-09 11:28

======================= End Of Log ==========================

 

[Broni]

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to BartPe and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

 

[jack wetherill]

Farbar Recovery Scan Tool Version: 14-06-2012
Ran by SYSTEM at 2012-06-15 16:33:39
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

[jack wetherill]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-06-2012
Ran by SYSTEM at 2012-06-15 16:50:17 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{c791174a-e567-f19e-9677-adf66795fa27} moved successfully.
C:\Users\Jack\AppData\Local\{c791174a-e567-f19e-9677-adf66795fa27} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

 

[Broni]

Try to boot normally.

 

[jack wetherill]

all seems ok. no popups about restarting.

 

[Broni]

Very well

We need to run some more checks to make sure you're clean.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[jack wetherill]

ComboFix 12-06-15.03 - Jack 15/06/2012 17:43:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2008.571 [GMT 1:00]
Running from: c:\users\Jack\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 18:55 . 2012-06-15 18:57 -------- d-----w- C:\FRST
2012-06-15 17:13 . 2012-06-15 17:13 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45239FD9-07A6-46D0-A86E-25CAE42AA834}\offreg.dll
2012-06-15 17:10 . 2012-06-15 17:10 -------- d-----w- c:\users\Other\AppData\Local\temp
2012-06-15 17:10 . 2012-06-15 17:10 -------- d-----w- c:\users\Mum\AppData\Local\temp
2012-06-15 16:31 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45239FD9-07A6-46D0-A86E-25CAE42AA834}\mpengine.dll
2012-06-14 16:29 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 22:27 . 2012-06-13 22:27 -------- d-----w- c:\windows\Cookies
2012-06-13 22:27 . 2012-06-13 22:27 -------- d-----w- c:\users\Cookies
2012-06-13 22:27 . 2012-06-13 22:27 -------- d-----w- c:\windows\Recent
2012-06-13 22:27 . 2012-06-13 22:27 -------- d-----w- c:\users\Recent
2012-06-13 09:29 . 2012-06-13 09:25 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 09:29 . 2012-06-13 09:25 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5590A0D8-2C5D-4B64-A691-534316DDFD99}\gapaengine.dll
2012-06-13 09:24 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 09:19 . 2012-06-13 09:20 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-13 09:07 . 2012-04-20 05:05 524800 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-13 09:05 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 09:05 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 09:05 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 09:05 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 09:05 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-13 09:05 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 09:05 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 09:05 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 09:05 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 09:05 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 09:05 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 09:05 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-04 15:10 . 2008-02-03 20:57 5423104 ----a-w- c:\windows\system32\tlpsplib10.dll
2012-06-04 15:08 . 2012-06-04 15:08 -------- d-----w- c:\program files (x86)\Topaz Labs LLC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 16:47 . 2012-04-13 09:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 16:47 . 2011-05-17 17:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 18:04 . 2012-04-13 10:03 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 11:09 . 2012-05-09 18:57 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 12:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 11:31 2475336 ----a-w- c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-10-18 12:26 3908192 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2010-12-06 2069344]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-07-23 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-06 308136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\system32\DRIVERS\OA013Ufd.sys [x]
R3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\system32\DRIVERS\OA013Vid.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/11 21:44];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-06-24 20:19 146928]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 16:47]
.
2012-06-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000Core.job
- c:\users\Jack\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 17:37]
.
2012-06-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000UA.job
- c:\users\Jack\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 17:37]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000Core.job
- c:\users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-27 16:54]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000UA.job
- c:\users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-27 16:54]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1004Core.job
- c:\users\Mum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 10:12]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1004UA.job
- c:\users\Mum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 10:12]
.
2012-05-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-04-23 3236432]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\uquzm2qq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Echofon: twitternotifier@naan.net - %profile%\extensions\twitternotifier@naan.net
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-06-15 18:28:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 17:28
.
Pre-Run: 61,232,422,912 bytes free
Post-Run: 61,443,039,232 bytes free
.
- - End Of File - - AD0A0ECA37692385EF205FB737448616

 

[Broni]

Looks good.

Any current issues?

You're running two AV programs, AVG and MSE.
One of them has to go.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities

When done....

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

====================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[jack wetherill]

oh I thought id uninstalled avg. thanks for letting me know, will set the scan going and reply after dinner. thanks for your help!

 

[Broni]

Run AVG Remover to get rid of leftovers.

 

[jack wetherill]

heres the malware log. will restart and then do the aswmbr scan

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.15.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Jack :: JACKS-LAPTOP [administrator]

Protection: Enabled

15/06/2012 19:06:38
mbam-log-2012-06-15 (19-06-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285794
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Broni]

I don't see aswMBR log.

 

[jack wetherill]

it hasnt finished scanning yet, does it normally take that long? I started it a few minutes after I posted my last reply.

 

[Broni]

Be patient.

 

[jack wetherill]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-15 19:29:38
-----------------------------
19:29:38.712 OS Version: Windows x64 6.1.7600
19:29:38.713 Number of processors: 2 586 0x170A
19:29:38.714 ComputerName: JACKS-LAPTOP UserName: Jack
19:29:44.016 Initialize success
19:30:38.971 AVAST engine defs: 12061500
19:30:49.471 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:30:49.514 Disk 0 Vendor: ST916031 0003 Size: 152627MB BusType: 3
19:30:49.703 Disk 0 MBR read successfully
19:30:49.707 Disk 0 MBR scan
19:30:49.787 Disk 0 Windows 7 default MBR code
19:30:49.792 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:30:49.935 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
19:30:49.976 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 137586 MB offset 30801920
19:30:50.038 Disk 0 scanning C:\Windows\system32\drivers
19:31:10.563 Service scanning
19:31:42.939 Modules scanning
19:31:42.950 Disk 0 trace - called modules:
19:31:42.975 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:31:43.004 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80025ca380]
19:31:43.011 3 CLASSPNP.SYS[fffff880013bb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800226c050]
19:31:44.691 AVAST engine scan C:\Windows
19:31:48.509 AVAST engine scan C:\Windows\system32
19:36:52.098 AVAST engine scan C:\Windows\system32\drivers
19:37:16.038 AVAST engine scan C:\Users\Jack
20:15:44.576 AVAST engine scan C:\ProgramData
20:21:22.945 Scan finished successfully
20:21:45.512 Disk 0 MBR has been saved successfully to "C:\Users\Jack\Desktop\MBR.dat"
20:21:45.519 The log file has been saved successfully to "C:\Users\Jack\Desktop\aswMBR.txt"

 

[Broni]

You didn't say:

Any current issues?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[jack wetherill]

oh sorry no there are no current problems, the otl scan is running now on my laptop.

 

[jack wetherill]

OTL logfile created on: 15/06/2012 20:27:43 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Jack\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.92% Memory free
3.92 Gb Paging File | 2.46 Gb Available in Paging File | 62.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 134.36 Gb Total Space | 57.24 Gb Free Space | 42.60% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 6.75 Gb Free Space | 46.09% Space Free | Partition Type: NTFS

Computer Name: JACKS-LAPTOP | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 20:26:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/08/30 09:32:24 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/07/07 16:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 17:41:50 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b\System.Web.Services.ni.dll
MOD - [2012/05/10 04:19:47 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
MOD - [2012/05/10 04:15:01 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/10 04:14:50 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/10 04:14:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/10 04:14:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/10 04:14:18 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/10 04:14:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2009/07/07 16:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/07/07 16:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/07/07 16:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/07/07 16:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/07/07 16:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/07/07 16:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 18:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/05/12 14:20:28 | 000,382,464 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\SysNative\ykx64mpcoinst.dll -- (yksvc)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/06/11 17:47:03 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 09:48:12 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/21 18:00:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/29 18:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
SRV - [2008/06/15 12:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 18:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/26 18:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 14:20:28 | 000,406,016 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2009/05/08 01:28:02 | 000,069,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:64bit: - [2009/03/09 17:00:00 | 000,311,456 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OA013Vid.sys -- (OA013Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OA013Ufd.sys -- (OA013Ufd)
DRV:64bit: - [2008/06/15 12:12:08 | 000,395,800 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/11/14 09:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/24 21:19:48 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/11/11 21:44:03] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1448020886-3423827417-3676847235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1448020886-3423827417-3676847235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1448020886-3423827417-3676847235-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1448020886-3423827417-3676847235-1000\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKU\S-1-5-21-1448020886-3423827417-3676847235-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-1448020886-3423827417-3676847235-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1448020886-3423827417-3676847235-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:2.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..network.proxy.http: "192.189.54.0"
FF - prefs.js..network.proxy.http_port: 80
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jack\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jack\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jack\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/12/27 19:15:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/03 09:48:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/07 15:59:07 | 000,000,000 | ---D | M]

[2010/12/27 14:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions
[2010/12/27 18:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1fm4w6mj.default\extensions
[2010/12/27 19:15:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1fm4w6mj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/27 19:15:10 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1fm4w6mj.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/12/27 19:15:09 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1fm4w6mj.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2010/12/27 19:15:10 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\1fm4w6mj.default\extensions\twitternotifier@naan.net
[2012/06/15 17:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\uquzm2qq.default\extensions
[2011/04/24 16:00:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\uquzm2qq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/05 11:13:49 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\uquzm2qq.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/12/24 13:21:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\uquzm2qq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/26 20:56:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\uquzm2qq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/06/15 17:17:19 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\uquzm2qq.default\extensions\foxyproxy@eric.h.jung
[2012/02/25 20:05:35 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\uquzm2qq.default\extensions\toolbar@ask.com
[2012/06/15 17:17:33 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\uquzm2qq.default\extensions\twitternotifier@naan.net
[2011/11/09 23:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/03 09:48:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/09/03 19:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2009/09/03 19:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012/05/03 09:48:09 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/03 09:48:09 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/03 09:48:09 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/03 09:48:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/05/03 09:48:09 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jack\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jack\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jack\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Switchy! Chrome Extension 1.6 (Enabled) = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\plugins/npSwitchy.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jack\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jack\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Proxy Switchy! = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
CHR - Extension: Google Search = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/15 18:14:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1448020886-3423827417-3676847235-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1448020886-3423827417-3676847235-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1448020886-3423827417-3676847235-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1448020886-3423827417-3676847235-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5113D363-5447-49BE-BE02-94CBACB9F090}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E1D40E1-8E86-48E9-8E78-C62FEE835E91}: DhcpNameServer = 77.244.128.44 77.244.128.45
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Rainshower_1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Rainshower_1920x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 20:26:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
[2012/06/15 19:55:33 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/15 19:29:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012/06/15 19:05:44 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Jack\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/06/15 19:04:07 | 002,899,344 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Jack\Desktop\avg_remover_stf_x64_2012_2125.exe
[2012/06/15 19:01:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/15 18:28:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/15 17:38:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/15 17:38:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/15 17:38:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/15 17:38:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/15 17:36:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/15 17:32:58 | 004,559,180 | R--- | C] (Swearware) -- C:\Users\Jack\Desktop\ComboFix.exe
[2012/06/15 17:07:59 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{02247E5F-CC83-40A3-B180-2697F0CBA646}
[2012/06/14 19:14:36 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{00BC807D-CAFE-49B7-A436-E86174847ED0}
[2012/06/14 19:10:04 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{534C618D-2A61-467B-82B7-640EA71F162E}
[2012/06/14 17:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/14 17:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{DEB70F73-3F2B-44BB-AA54-B8F85B643B00}
[2012/06/14 17:29:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/14 17:28:55 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{A759F1A1-E3E7-4C1F-BD63-F67FD7D97683}
[2012/06/14 17:03:09 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{ECD864F4-CCCF-4CD5-BA36-42DAED119A97}
[2012/06/14 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{A7B0610F-02F9-42F6-9689-36F095B3A951}
[2012/06/14 12:38:49 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{B1B765EA-4771-42D3-A2DE-82E6902A236A}
[2012/06/14 12:37:47 | 000,000,000 | ---D | C] -- C:\Users\Jack\Desktop\New folder
[2012/06/14 12:25:43 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{0ABD97A0-84F9-4938-AD06-80650983A8CF}
[2012/06/13 23:27:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/06/13 23:27:07 | 000,000,000 | ---D | C] -- C:\Windows\Temporary Internet Files
[2012/06/13 23:27:07 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/06/13 23:27:07 | 000,000,000 | ---D | C] -- C:\Windows\Cookies
[2012/06/13 23:27:06 | 000,000,000 | ---D | C] -- C:\Windows\Recent
[2012/06/13 23:27:06 | 000,000,000 | ---D | C] -- C:\Windows\History
[2012/06/13 11:12:50 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{0E83771D-B942-4A49-9904-7D5C31523A27}
[2012/06/13 11:12:26 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{5ECF4A85-FBC2-441D-BD48-3A8EE7B0FE47}
[2012/06/13 10:57:43 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{533A1839-9746-47EA-AE59-EB6DD2B86F63}
[2012/06/13 10:57:08 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{5DF70F82-BD01-47AF-833E-44575F52EFC1}
[2012/06/13 10:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/13 09:50:15 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{99A897C3-69FA-4E08-9CCF-DA854FF5310A}
[2012/06/13 09:50:03 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{594280D2-C354-47B5-A1D7-90B614669B32}
[2012/06/12 23:01:16 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{8CF1DCE0-2591-45EF-948D-8E88DC976824}
[2012/06/12 23:00:51 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{18367588-3635-4923-9767-AA926F01CE50}
[2012/06/12 21:27:39 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{F572E958-301F-4AC8-AB50-29166173C5E0}
[2012/06/12 21:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{CC215D5E-58D1-4F32-80FB-27D9A4F69DD6}
[2012/06/12 12:58:42 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{E1C793A6-0912-4D82-80FE-07084A2DD228}
[2012/06/12 12:58:19 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{9A2AA4CA-08FD-4AA1-AC5B-7C7296E87776}
[2012/06/12 12:07:17 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{102D6629-6381-48E7-A96F-117C62EB5B90}
[2012/06/12 12:07:06 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{B93FB8A8-AF3D-4FB8-94D8-AAD26CE46648}
[2012/06/12 11:31:32 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{187FF342-5E0B-426A-B433-FD3376A83895}
[2012/06/12 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{E2D866C8-E5F7-4555-B648-ED553A8E36D7}
[2012/06/11 10:48:17 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{CDA99E22-4A13-470D-ADD4-378FED60EF3E}
[2012/06/11 10:47:43 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{B5DCCC88-A4E4-4CDF-AE22-553667C0BE18}
[2012/06/11 09:34:02 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{360348E3-3132-45FD-B826-ABF982E243E6}
[2012/06/11 09:33:39 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{BC79EFAC-C748-4BD3-9E99-5B11B0431F91}
[2012/06/10 13:19:08 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{228EDDBC-61A4-40FF-9351-DF3CB96F05FB}
[2012/06/10 13:18:56 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{E64451C9-9492-4A32-BC10-8322BE5E8879}
[2012/06/10 12:03:32 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{70BBC7B5-F900-4FF7-8946-AC1D71B96FCC}
[2012/06/10 12:03:18 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{2EC7AFBC-D11A-4D18-94B9-21A2AC698A8C}
[2012/06/09 18:13:50 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{4B7E01C6-692F-4874-873A-E25F8E69BF52}
[2012/06/09 18:12:33 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{4B7DF642-5AF5-405A-8D3B-7DD7337238AD}
[2012/06/09 18:05:09 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{EA51F30F-0096-4420-BA0A-A69D3916C885}
[2012/06/09 18:04:59 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{DE132581-001A-4D75-95AE-E3616900836A}
[2012/06/08 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{BDD35117-5F0F-45F9-A29D-DCA1F33FD717}
[2012/06/08 20:06:12 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{8F64FC30-5F34-4B48-9A28-60449F0C222D}
[2012/06/08 19:25:05 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{F0386CE9-4888-434E-9783-0DAE8BBA60F9}
[2012/06/08 19:24:46 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{AA3F8317-E56F-4246-BAEC-3FF9ACEDC9CC}
[2012/06/07 18:28:23 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{054618AF-B62A-48EA-A7C9-77CB6C5C1F20}
[2012/06/07 18:27:56 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{934C2C06-BBB1-46BA-8CD3-052B3C978C77}
[2012/06/07 14:16:31 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{DFA6B0E7-E637-4D9D-B807-ECDF4B7135FA}
[2012/06/07 14:16:08 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{4C8D1CD4-061E-4093-BDFC-1436D0CEAB83}
[2012/06/07 12:21:02 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{26AC9BA0-1C68-447C-A86E-421F5682C9FF}
[2012/06/07 12:20:31 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{4E25D94A-66C9-4E77-969A-ADBB718859C5}
[2012/06/07 12:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{34C05481-4664-4D1B-908E-0243A1C11652}
[2012/06/07 12:08:38 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{345A3137-E8E0-4935-9CD2-350E290DF4D1}
[2012/06/06 12:15:08 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{E343F509-3E61-40D5-B555-D002F75B93EC}
[2012/06/06 12:14:30 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{EA15BFBC-1CF4-4BA9-ACDD-F9D8F63E9FBD}
[2012/06/06 12:04:50 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{A736C0D6-DFCD-401F-9C24-68E5D3CC8330}
[2012/06/06 12:04:26 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{3928B458-2723-45FA-8B8F-42B546B30A9F}
[2012/06/05 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{EB8DBCA2-F903-4D89-BF5D-361B484761AE}
[2012/06/05 11:24:05 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{5527E846-E7FE-45A8-BADE-8C8DE1CE9CB8}
[2012/06/05 11:19:52 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{9F9F4AD6-3BDF-42C4-99DF-EA254867F31E}
[2012/06/05 11:19:40 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{2708BE1B-E7A0-46FA-B34F-262BD5D580A4}
[2012/06/04 16:09:01 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs
[2012/06/04 16:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Topaz Labs LLC

 

[jack wetherill]

[2012/06/04 14:33:47 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{51F05BC1-2A99-494A-9F6A-DC786024FAD3}
[2012/06/04 14:32:41 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{FA803603-43D4-40F6-967B-3A922A8E30BF}
[2012/06/04 14:29:34 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{21F44884-E80B-4654-B7BD-1697CE4A4262}
[2012/06/04 14:29:03 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{FD13F54B-7644-4372-AFD7-7F6585BE7F6B}
[2012/06/02 12:17:17 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{D4EF6367-D239-480E-AE77-F1B4A679D55D}
[2012/06/02 12:17:06 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{59FE6A5D-2545-48F0-93E1-0B136723ED2F}
[2012/06/02 11:40:32 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{C9B6731C-CE2E-49C2-9890-EBD922555D4A}
[2012/06/02 11:39:54 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{FB6F08C6-7661-4FC1-9ED9-99BAE90CCC32}
[2012/06/01 12:32:56 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{652DBDA2-52BB-428B-B460-19BDC8823CB5}
[2012/06/01 12:32:35 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{194A79A3-EBF2-45D0-A2EA-CDF127F9549C}
[2012/06/01 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{D471582B-E4AE-4FF0-A442-E3316A637A23}
[2012/06/01 11:49:39 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{6823CBD8-86DB-4C8A-85A4-E2FAAC0E17CC}
[2012/06/01 11:46:58 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{6048D5DA-D752-4967-8386-B0DF724D4CF5}
[2012/06/01 11:46:23 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{5B31B7F1-476C-4668-A512-2133D0516763}
[2012/05/31 15:01:10 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{5E413BC9-F17E-4C6B-84F5-9CB52A326F31}
[2012/05/31 15:00:47 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{419347AB-ADCD-4914-AF5F-3A98C658427C}
[2012/05/31 10:25:49 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{0F51B525-D9EB-4F28-B717-C08399059EA8}
[2012/05/31 10:25:24 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{D624A29E-35E1-481B-AFF7-B7CF4C96A0B2}
[2012/05/31 10:22:32 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{0EB14429-4E29-4048-9B63-E51B706187E6}
[2012/05/30 12:27:43 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{038A9DFB-2FDD-495B-982B-05C048FB686B}
[2012/05/30 12:27:06 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{0F7A5495-0397-48C2-94C0-117299DC36FF}
[2012/05/30 11:11:36 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{1BEF25E3-E9E6-43D4-8160-441277037CB0}
[2012/05/30 11:11:14 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{15842B3E-F474-4559-956C-93B032A72B3F}
[2012/05/29 19:59:59 | 000,000,000 | ---D | C] -- C:\Users\Jack\Documents\FORUMS
[2012/05/29 10:55:55 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{63926CBB-0360-4FBE-A744-A6CDE4778F07}
[2012/05/29 10:55:13 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{7FFCA015-DC74-4651-B6AE-3B977A81C140}
[2012/05/29 10:33:46 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{FE30BA98-2FA0-4A64-BBFA-9C2E32AAE64F}
[2012/05/28 10:31:41 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{98B3A6E4-F5AE-4ADA-A4A2-953D6BB0F2D1}
[2012/05/28 10:31:17 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{141822BB-D552-4E06-8862-CD39E1C2A62A}
[2012/05/27 16:57:03 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{99C0A456-86AE-44B2-9F1A-B795436AB3F0}
[2012/05/27 16:56:51 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{1E62CB97-B772-478F-8C10-13DDCE27D8B8}
[2012/05/27 13:09:35 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{25F8A6F6-07EF-40A4-B7BA-75191C8C37E4}
[2012/05/27 13:09:20 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{66E1F754-448F-4EA1-862A-FB84BC6BC70B}
[2012/05/26 20:21:49 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{74F851A2-8099-48DE-8BA5-364C0EB0C4D5}
[2012/05/26 20:21:32 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{F2EBF340-2E33-4849-B5B8-4D853FF3FDB6}
[2012/05/26 12:08:53 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{181E7B4D-2CF9-4582-8979-A47336851586}
[2012/05/26 12:08:40 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{EB4CFDCC-B8D3-4392-B086-EDE7FF6C7655}
[2012/05/26 11:14:36 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{9B68C50A-B9DB-41DF-A90B-B1B5E4591643}
[2012/05/26 11:14:20 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{ADE87D5F-1FA3-4BD9-B5C6-72E6BF668C61}
[2012/05/25 09:44:55 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{4375246A-59B3-4F33-AB0C-F6624A6007E3}
[2012/05/25 09:44:42 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{0B53004A-3A82-444C-AF6B-B103767C4353}
[2012/05/25 09:42:33 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{C2DCAE39-5BCD-4618-B124-47C778394A49}
[2012/05/24 15:14:39 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{0D0ED071-DA00-4A72-A3A0-180AF96566D8}
[2012/05/24 15:14:28 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{F680F03C-97D4-4630-8175-C98462D990AF}
[2012/05/24 10:19:33 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{8BDC9D3B-C86D-485C-ABBB-F07430C9BDAC}
[2012/05/24 10:19:11 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{CDA8CE12-5011-4FF6-80A8-F9ED4519B94E}
[2012/05/24 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{716EBF87-4865-4FB8-B175-F8CBFEF6D98D}
[2012/05/24 10:11:38 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{EF2541CF-B89B-4880-A4F6-D12CCFAFE13F}
[2012/05/23 21:02:00 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{47F3D9FE-EF6C-45EB-8355-6EE884E98CDB}
[2012/05/23 21:01:49 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{54905808-61DA-4D44-8E84-5BB32EC2C787}
[2012/05/23 12:33:23 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{0DF3EB57-6C58-4222-BA79-F79E656908F9}
[2012/05/23 12:32:58 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{3639598E-8820-410F-B291-5DDF48EBA5E6}
[2012/05/23 12:28:09 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{519DF9F3-05C6-4030-B5A0-E108D8911931}
[2012/05/23 12:27:55 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{8F65CB25-92D6-4DC9-A905-6006D3C06332}
[2012/05/22 09:03:58 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{2409FE97-88A1-4D95-BFDB-D61DCB1F482C}
[2012/05/22 09:03:46 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{50A1DD04-17D9-43DE-BD97-30CD2B9BB6AD}
[2012/05/22 09:01:37 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{26778133-586F-47C1-A231-3950E077F6CD}
[2012/05/22 09:01:23 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{E8B71A2B-0B2E-4A76-901E-E6DE02066F0E}
[2012/05/21 19:25:43 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{CD43AE50-EE05-4A7D-B79E-841502FD841E}
[2012/05/21 13:34:49 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{6EB0FD2E-C4E4-4DF0-9A56-3DF785320488}
[2012/05/21 13:34:33 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{81466FA7-780A-4A1B-A069-3FD5E86B3320}
[2012/05/21 13:30:41 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{274F8154-732F-4E78-AE8F-1D13A5E843AF}
[2012/05/21 13:30:30 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{CBAF0C31-41AC-4C79-AC90-B1D2A5982E40}
[2012/05/20 15:23:33 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{3FAD4CA0-1AE6-408B-9EE4-40863E4F190E}
[2012/05/20 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{82397CBB-6B6F-4AA1-81B5-E9056616D919}
[2012/05/20 14:52:18 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{BC393EE9-0946-4DDA-B08E-0922367EEC2F}
[2012/05/20 14:51:52 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{9E0A30BC-0159-4333-9FB9-1EB9DC2B6499}
[2012/05/20 11:55:16 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{92902A1E-9C87-4021-BD0D-C6B856383DBE}
[2012/05/20 11:54:52 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{E7EAC416-ACB9-40C4-890F-CE4B422A4641}
[2012/05/19 14:59:47 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{1BA08688-9FA2-412C-9420-0906384D073D}
[2012/05/19 14:59:33 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{EB2BD1B9-BC72-4151-8EC3-DACCCE3FB5EA}
[2012/05/19 12:05:03 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{52D235FA-A8DF-4057-BF50-4E7EBBEC33B0}
[2012/05/19 12:04:39 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{B79D15E7-2400-492B-AD98-C4EA1B3ECD4B}
[2012/05/18 17:19:07 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{B92F609D-3284-4446-9188-E4A2BA3047D3}
[2012/05/18 17:18:51 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{653B07EA-C450-47BA-9442-5066B8D09A8F}
[2012/05/17 13:57:24 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{ACA18F3B-68D8-40F1-9880-14C403A6DE27}
[2012/05/17 13:57:09 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{C54F47EE-D662-4454-82C4-18ADD78E7A04}
[2012/05/17 13:56:01 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{C02BB7CD-9280-4353-A529-3D34B60F2039}
[2012/05/17 13:55:32 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\{B1EECAEF-1F8C-4B8D-92DC-108AE4A5BA4C}

========== Files - Modified Within 30 Days ==========

[2012/06/15 20:26:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
[2012/06/15 20:21:45 | 000,000,512 | ---- | M] () -- C:\Users\Jack\Desktop\MBR.dat
[2012/06/15 20:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1004UA.job
[2012/06/15 20:15:06 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000UA.job
[2012/06/15 20:03:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 19:33:50 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 19:33:50 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 19:29:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012/06/15 19:24:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 19:24:16 | 1579,438,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/15 19:15:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000Core.job
[2012/06/15 19:05:48 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Jack\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/06/15 19:04:10 | 002,899,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Jack\Desktop\avg_remover_stf_x64_2012_2125.exe
[2012/06/15 18:43:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000UA.job
[2012/06/15 18:43:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000Core.job
[2012/06/15 18:34:29 | 000,736,074 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/15 18:34:29 | 000,635,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/15 18:34:29 | 000,113,998 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/15 18:14:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/15 18:13:33 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/15 17:33:19 | 004,559,180 | R--- | M] (Swearware) -- C:\Users\Jack\Desktop\ComboFix.exe
[2012/06/14 17:56:34 | 002,359,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 17:29:14 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 12:38:20 | 000,001,272 | ---- | M] () -- C:\Users\Jack\Desktop\shutdown.exe.lnk
[2012/06/13 11:45:56 | 343,175,767 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/13 10:22:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/13 10:20:03 | 000,741,920 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/12 12:18:15 | 000,002,404 | ---- | M] () -- C:\Users\Jack\Desktop\Google Chrome.lnk
[2012/06/11 11:17:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1004Core.job
[2012/05/26 11:16:49 | 000,001,056 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/26 11:16:26 | 000,001,022 | ---- | M] () -- C:\Users\Jack\Desktop\Dropbox.lnk
[2012/05/25 14:19:24 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/23 21:00:39 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2012/06/15 20:21:45 | 000,000,512 | ---- | C] () -- C:\Users\Jack\Desktop\MBR.dat
[2012/06/15 17:38:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/15 17:38:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/15 17:38:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/15 17:38:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/15 17:38:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/14 17:29:14 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 12:37:56 | 000,001,272 | ---- | C] () -- C:\Users\Jack\Desktop\shutdown.exe.lnk
[2012/06/13 10:20:28 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/12 12:55:30 | 343,175,767 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/04 16:10:46 | 005,423,104 | ---- | C] () -- C:\Windows\SysNative\tlpsplib10.dll
[2012/05/25 14:19:24 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/02 13:33:42 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/07/18 20:07:05 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2011/03/08 21:19:37 | 000,106,496 | ---- | C] () -- C:\Users\Jack\AppData\Roaming\fontdb.mdb
[2011/03/08 21:19:37 | 000,000,130 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/28 13:16:12 | 000,741,920 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/02 16:04:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2011/11/29 13:21:28 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\8B169F33
[2012/06/11 14:21:37 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Audacity
[2011/03/08 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\BorWare
[2012/01/05 22:15:25 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Caches
[2009/11/11 21:53:41 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/06/15 19:25:52 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Dropbox
[2011/09/21 15:41:09 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Epson
[2012/06/12 21:10:46 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\FileZilla
[2011/08/02 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\FreeVideoConverter
[2010/04/08 16:10:58 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\GrabPro
[2012/02/22 11:09:09 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\IrfanView
[2011/08/02 13:34:35 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Leawo
[2011/08/02 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Leawo FLV2Video
[2010/04/16 17:08:39 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\ManyCam
[2011/08/02 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Moyea
[2011/11/29 21:36:07 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Notepad++
[2010/04/09 09:31:11 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Orbit
[2010/12/12 14:02:54 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Ozvori
[2012/01/19 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\PCDr
[2010/09/25 21:39:14 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Research In Motion
[2010/12/25 18:29:42 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Simply Super Software
[2010/04/08 13:05:48 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\SteelBytes
[2009/11/11 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Template
[2011/06/27 10:54:11 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\TSO
[2010/12/21 12:09:57 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Udydv
[2012/05/25 14:38:21 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\uTorrent
[2010/10/25 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Windows Live Writer
[2012/03/30 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Epson
[2011/09/22 23:10:31 | 000,000,000 | ---D | M] -- C:\Users\Other\AppData\Roaming\Epson
[2011/09/26 20:56:37 | 000,000,000 | ---D | M] -- C:\Users\Other\AppData\Roaming\Orbit
[2012/06/15 18:43:02 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000Core.job
[2012/06/15 18:43:04 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000UA.job
[2012/05/23 21:00:39 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/24 10:02:53 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/15 18:13:33 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2008/02/05 04:51:14 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/11/12 05:31:54 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/06/15 18:28:09 | 000,025,040 | ---- | M] () -- C:\ComboFix.txt
[2009/09/16 12:45:41 | 000,003,541 | RH-- | M] () -- C:\dell.sdr
[2012/06/15 19:24:16 | 1579,438,080 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 05:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/06/15 19:24:24 | 2105,921,536 | -HS- | M] () -- C:\pagefile.sys
[2012/06/13 23:29:10 | 000,077,593 | ---- | M] () -- C:\PE-Files.txt
[2010/12/25 19:00:44 | 000,062,090 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_25.12.2010_17.53.50_log.txt
[2012/06/13 23:29:06 | 000,077,593 | ---- | M] () -- C:\Win-Files.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/05 18:14:20 | 000,000,286 | -HS- | M] () -- C:\Users\Jack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2009/11/11 22:12:21 | 000,000,221 | -HS- | M] () -- C:\Users\Jack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/15 19:29:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012/06/15 19:04:10 | 002,899,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Jack\Desktop\avg_remover_stf_x64_2012_2125.exe
[2012/06/15 19:05:48 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Jack\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/06/15 17:33:19 | 004,559,180 | R--- | M] (Swearware) -- C:\Users\Jack\Desktop\ComboFix.exe
[2012/06/15 20:26:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/15 20:03:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 18:43:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000Core.job
[2012/06/15 18:43:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000UA.job
[2012/06/15 19:15:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000Core.job
[2012/06/15 20:15:06 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1000UA.job
[2012/06/11 11:17:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1004Core.job
[2012/06/15 20:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1448020886-3423827417-3676847235-1004UA.job
[2012/05/23 21:00:39 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/15 19:24:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/02/24 10:02:53 | 000,032,620 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012/06/15 18:13:33 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/16 10:21:09 | 000,000,402 | -HS- | M] () -- C:\Users\Jack\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< End of report >