Reply to thread

Message: <blockquote data-quote="RJude" data-source="post: 125835" data-attributes="member: 9341">Here is the log:Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2013Ran by SYSTEM on 24-06-2013 19:59:08Running from F:\Windows Vista (TM) Home Premium (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet002ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [217088 2009-03-31] (Alps Electric Co., Ltd.)HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3810304 2008-12-21] (Dell Inc.)HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-01-30] (SupportSoft, Inc.)HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)HKLM\...\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\toasterLauncher.exe [120128 2010-02-11] ()HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]HKU\Caitlin\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [ 2012-06-16] (SUPERAntiSpyware.com)HKU\Caitlin\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [ 2012-03-08] (Microsoft Corporation)HKU\Caitlin\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Caitlin\AppData\Local\Temp\xrrpxyjsuiwavyhxr.exe [ 2013-06-23] (NVIDIA Corporation)HKU\Caitlin\...\Winlogon: [Shell] cmd.exe [ 2008-01-20] (Microsoft Corporation) <==== ATTENTION HKU\Caitlin\...\Command Processor: "C:\Users\Caitlin\AppData\Local\Temp\xrrpxyjsuiwavyhxr.exe" <===== ATTENTION!Startup: C:\Users\Caitlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Caitlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk ->  (No File)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)========================== Services (Whitelisted) =================S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com)S4 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] ()S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-03-31] (Andrea Electronics Corporation)S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-06-23] (SurfRight B.V.)S4 hnmsvc; c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe [828656 2009-04-13] (Dell Inc.)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [214952 2012-03-26] (Microsoft Corporation)S4 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [658656 2010-03-04] (SoftThinks)S4 sprtsvc_DellComms; C:\Program Files\Dell\DellComms\bin\sprtsvc.exe [206064 2009-03-25] (SupportSoft, Inc.)S4 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-03-31] (IDT, Inc.)S2 WINZIPSSDiskOptimizer; C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe [605512 2011-11-10] (WinZip Computing, S.L. (WinZip Computing))S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-21] (Dell Inc.)S2 DirectUpdate; %systemroot%\system32\iksysflt.dll [x]S2 GMSIPCI; %systemroot%\system32\rismxdp.dll [x]S2 HitmanPro36CrusaderBoot; "D:\HitmanPro36.exe" /crusader:boot [x]S2 motmodem; %systemroot%\system32\twdns.dll [x]S2 savscan; %systemroot%\system32\transarcafsdaemon.dll [x]S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [x]==================== Drivers (Whitelisted) ====================S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-21] (Broadcom Corporation)S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)S2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 A2DDA; \??\C:\Users\Caitlin\AppData\Local\temp\Rar$EX41.496\Run\a2ddax86.sys [x]S3 catchme; \??\C:\Users\Caitlin\AppData\Local\Temp\catchme.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [x]S0 subxk; System32\drivers\oojbued.sys [x]S0 TfFsMon; system32\drivers\TfFsMon.sys [x]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]S0 TfSysMon; system32\drivers\TfSysMon.sys [x]S0 vvar; System32\drivers\gqertes.sys [x]==================== NetSvcs (Whitelisted) ===================NETSVC: motmodem -> C:\Windows\system32\twdns.dll ==> No File.NETSVC: savscan -> C:\Windows\system32\transarcafsdaemon.dll ==> No File.NETSVC: GMSIPCI -> C:\Windows\system32\rismxdp.dll ==> No File.NETSVC: rismxdp -> No Registry Path.NETSVC: DirectUpdate -> C:\Windows\system32\iksysflt.dll ==> No File.==================== One Month Created Files and Folders ========2013-06-24 19:59 - 2013-06-24 19:59 - 00000000 ____D C:\FRST2013-06-23 23:18 - 2013-06-23 23:18 - 00139232 ____A C:\Windows\Minidump\Mini062313-01.dmp2013-06-23 15:39 - 2013-06-23 15:39 - 01097627 ____A C:\Users\Caitlin\AppData\Roaming\2433f4332013-06-23 15:39 - 2013-06-23 15:39 - 01097600 ____A C:\Users\Caitlin\AppData\Local\2433f4332013-06-23 15:35 - 2013-06-23 15:35 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{FB9CC6D4-6A56-4FFE-8AE3-563E991FC57D}2013-06-23 00:36 - 2013-06-23 00:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{FE7A3477-0B54-469F-9955-16245DD8524B}2013-06-22 16:55 - 2013-06-22 17:44 - 117974633 ____A C:\Users\Caitlin\Documents\Always Forever.wmv2013-06-22 12:19 - 2013-06-22 12:22 - 140777201 ____A C:\Users\Caitlin\Desktop\Ryan, Do roses know their thorns can hurt.wmv2013-06-22 11:32 - 2013-06-22 11:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{D5F7F2DC-B67C-4C08-A564-CCB078797226}2013-06-21 11:03 - 2013-06-21 11:03 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{A6B1C668-A0E5-4AD5-B0BB-C896B3446F28}2013-06-20 11:37 - 2013-06-20 11:37 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E66D9967-8E5B-4681-BCBC-49C36A764BBB}2013-06-19 11:09 - 2013-06-19 11:09 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1459652D-89D5-45D1-B060-261D3FFFF53C}2013-06-18 23:08 - 2013-06-18 23:08 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0DC30A43-E0B0-4249-B913-C67F10736E93}2013-06-17 14:21 - 2013-06-17 14:21 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{F6514760-505B-40E0-9775-32BAB28BDC89}2013-06-16 17:17 - 2013-06-16 17:17 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf2013-06-16 16:54 - 2013-06-16 16:55 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{126C9442-62A1-47CE-AE40-6AFA1D7B51AE}2013-06-15 18:50 - 2013-06-15 18:50 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{158C0930-0F6B-4A73-A443-840840230FF5}2013-06-14 13:22 - 2013-06-14 13:22 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{27579C40-B4EE-4C77-9E58-870695617695}2013-06-14 13:21 - 2013-06-14 13:37 - 00000000 ____D C:\Users\Caitlin\Desktop\Safety Pics2013-06-14 00:34 - 2013-06-14 01:33 - 205655593 ____A C:\Users\Caitlin\Documents\SafetyCamp2013.wmv2013-06-13 20:09 - 2013-06-13 20:08 - 00013376 ____A C:\Users\Caitlin\Desktop\xLifeincolorings 5.veg2013-06-13 19:56 - 2013-06-23 18:11 - 00003874 ____A C:\Windows\setupact.log2013-06-13 19:56 - 2013-06-13 19:56 - 00000000 ____A C:\Windows\setuperr.log2013-06-12 18:46 - 2013-06-12 18:46 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{D3F275CD-D912-47B8-A849-695BB4EA4CB4}2013-06-11 19:36 - 2013-06-11 19:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1EE2E195-1376-4359-B1FE-AF56A691BE2A}2013-06-10 22:06 - 2013-06-10 22:06 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7CDF8395-B91D-4A16-9C4E-94DF559E2EDE}2013-06-09 18:29 - 2013-06-09 19:48 - 98398573 ____A C:\Users\Caitlin\Documents\ForeverYoung.wmv2013-06-09 16:34 - 2013-06-09 16:34 - 00023368 ____A C:\Users\Caitlin\Desktop\JColouring.veg2013-06-09 16:08 - 2013-06-09 16:07 - 00017640 ____A C:\Users\Caitlin\Desktop\sony vegas coloring 009.veg2013-06-09 16:06 - 2013-06-09 16:06 - 00018904 ____A C:\Users\Caitlin\Desktop\TheDarlingTutorials_2.veg2013-06-09 16:04 - 2013-06-09 16:04 - 00014768 ____A C:\Users\Caitlin\Desktop\xlifeincolorings7.veg2013-06-09 14:43 - 2013-06-09 14:43 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0DEE1197-B6A1-40CC-8641-BE4F97ABB78E}2013-06-09 00:32 - 2013-06-09 00:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1BC67F5D-DCA0-454A-9D0B-482A49A4BD04}2013-06-08 16:54 - 2013-06-08 16:54 - 00019152 ____A C:\Users\Caitlin\Documents\Horserider9802 sony vegas coloring.veg2013-06-08 12:31 - 2013-06-08 12:31 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{5D26E18D-AD13-45BB-ACE1-D935E4548259}2013-06-08 00:14 - 2013-06-08 00:14 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0F4970B7-9E4F-43DA-BE4C-B0DE882F8F96}2013-06-07 12:13 - 2013-06-07 12:14 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{C5FC9EA3-7673-4A64-9788-B572915B3BE4}2013-06-06 21:57 - 2013-06-06 21:57 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{4DCDC46B-BB6F-4BEE-8984-CE816DD8F739}2013-06-06 09:56 - 2013-06-06 09:56 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{BBA9CA9D-C306-4890-A26E-4201795EB3F9}2013-06-05 09:45 - 2013-06-05 09:45 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{407BD67D-FAAA-458F-914A-3E114A4A87B2}2013-06-04 10:03 - 2013-06-23 00:38 - 00002072 ____A C:\Windows\WindowsUpdate.log2013-06-04 10:02 - 2013-06-04 10:02 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{06B93890-E623-411A-ADCF-7D82859CB908}2013-06-03 21:55 - 2013-06-03 21:55 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{BB85A3C0-2CAB-4EED-ACA1-E854D64098F1}2013-06-03 09:54 - 2013-06-03 09:54 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E97467EB-9AFC-4357-A322-B96586F63DD3}2013-06-02 22:33 - 2013-06-23 23:18 - 187263387 ____A C:\Windows\MEMORY.DMP2013-06-02 22:33 - 2013-06-02 22:33 - 00139232 ____A C:\Windows\Minidump\Mini060213-01.dmp2013-06-02 21:17 - 2013-06-02 21:17 - 00000000 __SHD C:\found.0022013-06-02 12:42 - 2013-06-02 12:42 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{ED2F81C7-2E67-4741-9F4D-31BCEC1DF164}2013-06-01 11:57 - 2013-06-01 11:57 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E5D87E93-B0D2-4986-B5FC-A0BE553F4EAF}2013-05-31 22:00 - 2013-05-31 22:01 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7A2B4651-4898-41EC-A4A8-6DE3C93801C9}2013-05-31 15:25 - 2013-05-31 15:32 - 22349661 ____A C:\Users\Caitlin\Documents\LastPageant.wmv2013-05-31 10:00 - 2013-05-31 10:00 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7A7A0C55-4EBB-429C-AC72-4660A99157B1}2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{59E0D749-12F5-43F7-B11F-17083D2C3D8C}2013-05-30 09:49 - 2013-05-30 09:49 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{EB5ABCFE-A76A-4DE4-A29D-02BD3762EC97}2013-05-29 14:31 - 2013-05-29 15:27 - 123366633 ____A C:\Users\Caitlin\Documents\Ashes Like Snow.wmv2013-05-29 14:27 - 2013-05-29 14:28 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{87C10CDF-B7B9-46B4-9DE3-4EA051E70805}2013-05-29 13:21 - 2013-05-29 13:21 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{61E9C591-63B6-4D54-94A2-A8AE9F052841}2013-05-29 09:53 - 2013-05-29 09:53 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{69C56121-BFC5-4D66-A27A-06E05D623702}2013-05-28 23:26 - 2013-05-28 23:26 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{31571B64-6944-401A-A49E-F60E0A5A9631}2013-05-28 19:48 - 2013-05-28 19:48 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{90623B4B-FAB7-4E98-93F4-133C22646F3D}2013-05-28 17:05 - 2013-05-28 17:05 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1BC6A980-562C-43C8-8483-7A1D2526BB9F}2013-05-28 16:32 - 2013-05-28 16:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{EE7D7AA3-B6F7-4BD9-AF66-37483DFC0D7E}2013-05-28 10:12 - 2013-05-28 10:12 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{84F5DABE-EE6A-4D9E-9E25-A2A288F434F0}2013-05-27 15:19 - 2013-05-27 15:19 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{3F0DFEAC-AB67-46DE-A5F5-0007C5112C4E}2013-05-26 17:03 - 2013-05-26 17:03 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{2C3ECAC2-E949-42BF-9085-9340D055FF4D}2013-05-25 10:36 - 2013-05-25 10:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{35A0955B-6E70-4666-AE2E-3003850E436F}==================== One Month Modified Files and Folders ========2013-06-24 19:59 - 2013-06-24 19:59 - 00000000 ____D C:\FRST2013-06-24 17:12 - 2006-11-02 08:47 - 00003744 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-06-24 17:12 - 2006-11-02 08:47 - 00003744 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-06-23 23:18 - 2013-06-23 23:18 - 00139232 ____A C:\Windows\Minidump\Mini062313-01.dmp2013-06-23 23:18 - 2013-06-02 22:33 - 187263387 ____A C:\Windows\MEMORY.DMP2013-06-23 23:18 - 2010-07-03 16:28 - 00000000 ____D C:\Windows\Minidump2013-06-23 18:11 - 2013-06-13 19:56 - 00003874 ____A C:\Windows\setupact.log2013-06-23 16:15 - 2010-05-19 00:50 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-06-23 16:14 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-06-23 16:11 - 2006-11-02 09:01 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-06-23 15:39 - 2013-06-23 15:39 - 01097627 ____A C:\Users\Caitlin\AppData\Roaming\2433f4332013-06-23 15:39 - 2013-06-23 15:39 - 01097600 ____A C:\Users\Caitlin\AppData\Local\2433f4332013-06-23 15:35 - 2013-06-23 15:35 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{FB9CC6D4-6A56-4FFE-8AE3-563E991FC57D}2013-06-23 15:35 - 2012-06-22 00:22 - 00000000 ____D C:\Users\Caitlin\AppData\Local\Windows Live2013-06-23 15:34 - 2009-11-08 17:37 - 00000066 ____A C:\Windows\System32\ToasterLauncherLog.log2013-06-23 15:34 - 2009-07-15 14:30 - 00000000 ____D C:\Users\Caitlin\Tracing2013-06-23 15:34 - 2009-06-29 00:27 - 00000000 ____D C:\Program Files\Dell DataSafe Local Backup2013-06-23 12:48 - 2011-07-22 22:49 - 00000000 ____D C:\Users\Caitlin\Documents\Projects2013-06-23 12:35 - 2009-07-15 14:42 - 00104448 ____A C:\Users\Caitlin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-06-23 12:13 - 2010-05-19 00:50 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-06-23 12:09 - 2012-05-11 01:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-06-23 00:38 - 2013-06-04 10:03 - 00002072 ____A C:\Windows\WindowsUpdate.log2013-06-23 00:36 - 2013-06-23 00:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{FE7A3477-0B54-469F-9955-16245DD8524B}2013-06-22 17:44 - 2013-06-22 16:55 - 117974633 ____A C:\Users\Caitlin\Documents\Always Forever.wmv2013-06-22 12:22 - 2013-06-22 12:19 - 140777201 ____A C:\Users\Caitlin\Desktop\Ryan, Do roses know their thorns can hurt.wmv2013-06-22 11:32 - 2013-06-22 11:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{D5F7F2DC-B67C-4C08-A564-CCB078797226}2013-06-21 11:03 - 2013-06-21 11:03 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{A6B1C668-A0E5-4AD5-B0BB-C896B3446F28}2013-06-20 11:37 - 2013-06-20 11:37 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E66D9967-8E5B-4681-BCBC-49C36A764BBB}2013-06-19 11:09 - 2013-06-19 11:09 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1459652D-89D5-45D1-B060-261D3FFFF53C}2013-06-18 23:08 - 2013-06-18 23:08 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0DC30A43-E0B0-4249-B913-C67F10736E93}2013-06-17 14:43 - 2009-07-15 14:21 - 00000000 ____D C:\Users\Caitlin\Documents\Word2013-06-17 14:21 - 2013-06-17 14:21 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{F6514760-505B-40E0-9775-32BAB28BDC89}2013-06-16 18:47 - 2006-11-02 06:33 - 00706714 ____A C:\Windows\System32\PerfStringBackup.INI2013-06-16 17:35 - 2009-07-15 14:05 - 00000000 ____D C:\users\Caitlin2013-06-16 17:17 - 2013-06-16 17:17 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf2013-06-16 16:55 - 2013-06-16 16:54 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{126C9442-62A1-47CE-AE40-6AFA1D7B51AE}2013-06-15 18:50 - 2013-06-15 18:50 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{158C0930-0F6B-4A73-A443-840840230FF5}2013-06-14 13:37 - 2013-06-14 13:21 - 00000000 ____D C:\Users\Caitlin\Desktop\Safety Pics2013-06-14 13:22 - 2013-06-14 13:22 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{27579C40-B4EE-4C77-9E58-870695617695}2013-06-14 01:33 - 2013-06-14 00:34 - 205655593 ____A C:\Users\Caitlin\Documents\SafetyCamp2013.wmv2013-06-13 20:08 - 2013-06-13 20:09 - 00013376 ____A C:\Users\Caitlin\Desktop\xLifeincolorings 5.veg2013-06-13 19:56 - 2013-06-13 19:56 - 00000000 ____A C:\Windows\setuperr.log2013-06-12 18:46 - 2013-06-12 18:46 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{D3F275CD-D912-47B8-A849-695BB4EA4CB4}2013-06-11 19:36 - 2013-06-11 19:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1EE2E195-1376-4359-B1FE-AF56A691BE2A}2013-06-10 22:06 - 2013-06-10 22:06 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7CDF8395-B91D-4A16-9C4E-94DF559E2EDE}2013-06-09 19:48 - 2013-06-09 18:29 - 98398573 ____A C:\Users\Caitlin\Documents\ForeverYoung.wmv2013-06-09 16:34 - 2013-06-09 16:34 - 00023368 ____A C:\Users\Caitlin\Desktop\JColouring.veg2013-06-09 16:07 - 2013-06-09 16:08 - 00017640 ____A C:\Users\Caitlin\Desktop\sony vegas coloring 009.veg2013-06-09 16:06 - 2013-06-09 16:06 - 00018904 ____A C:\Users\Caitlin\Desktop\TheDarlingTutorials_2.veg2013-06-09 16:04 - 2013-06-09 16:04 - 00014768 ____A C:\Users\Caitlin\Desktop\xlifeincolorings7.veg2013-06-09 14:43 - 2013-06-09 14:43 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0DEE1197-B6A1-40CC-8641-BE4F97ABB78E}2013-06-09 00:32 - 2013-06-09 00:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1BC67F5D-DCA0-454A-9D0B-482A49A4BD04}2013-06-08 16:54 - 2013-06-08 16:54 - 00019152 ____A C:\Users\Caitlin\Documents\Horserider9802 sony vegas coloring.veg2013-06-08 12:31 - 2013-06-08 12:31 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{5D26E18D-AD13-45BB-ACE1-D935E4548259}2013-06-08 00:14 - 2013-06-08 00:14 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0F4970B7-9E4F-43DA-BE4C-B0DE882F8F96}2013-06-07 12:14 - 2013-06-07 12:13 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{C5FC9EA3-7673-4A64-9788-B572915B3BE4}2013-06-06 21:57 - 2013-06-06 21:57 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{4DCDC46B-BB6F-4BEE-8984-CE816DD8F739}2013-06-06 09:56 - 2013-06-06 09:56 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{BBA9CA9D-C306-4890-A26E-4201795EB3F9}2013-06-05 09:45 - 2013-06-05 09:45 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{407BD67D-FAAA-458F-914A-3E114A4A87B2}2013-06-04 10:02 - 2013-06-04 10:02 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{06B93890-E623-411A-ADCF-7D82859CB908}2013-06-03 21:55 - 2013-06-03 21:55 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{BB85A3C0-2CAB-4EED-ACA1-E854D64098F1}2013-06-03 09:54 - 2013-06-03 09:54 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E97467EB-9AFC-4357-A322-B96586F63DD3}2013-06-02 22:33 - 2013-06-02 22:33 - 00139232 ____A C:\Windows\Minidump\Mini060213-01.dmp2013-06-02 21:19 - 2013-05-17 18:05 - 00003458 ____A C:\Windows\PFRO.log2013-06-02 21:17 - 2013-06-02 21:17 - 00000000 __SHD C:\found.0022013-06-02 21:10 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\IME2013-06-02 12:42 - 2013-06-02 12:42 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{ED2F81C7-2E67-4741-9F4D-31BCEC1DF164}2013-06-01 11:57 - 2013-06-01 11:57 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E5D87E93-B0D2-4986-B5FC-A0BE553F4EAF}2013-05-31 22:01 - 2013-05-31 22:00 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7A2B4651-4898-41EC-A4A8-6DE3C93801C9}2013-05-31 15:32 - 2013-05-31 15:25 - 22349661 ____A C:\Users\Caitlin\Documents\LastPageant.wmv2013-05-31 10:00 - 2013-05-31 10:00 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7A7A0C55-4EBB-429C-AC72-4660A99157B1}2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{59E0D749-12F5-43F7-B11F-17083D2C3D8C}2013-05-30 09:49 - 2013-05-30 09:49 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{EB5ABCFE-A76A-4DE4-A29D-02BD3762EC97}2013-05-29 15:27 - 2013-05-29 14:31 - 123366633 ____A C:\Users\Caitlin\Documents\Ashes Like Snow.wmv2013-05-29 14:28 - 2013-05-29 14:27 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{87C10CDF-B7B9-46B4-9DE3-4EA051E70805}2013-05-29 13:21 - 2013-05-29 13:21 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{61E9C591-63B6-4D54-94A2-A8AE9F052841}2013-05-29 09:53 - 2013-05-29 09:53 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{69C56121-BFC5-4D66-A27A-06E05D623702}2013-05-28 23:26 - 2013-05-28 23:26 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{31571B64-6944-401A-A49E-F60E0A5A9631}2013-05-28 19:48 - 2013-05-28 19:48 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{90623B4B-FAB7-4E98-93F4-133C22646F3D}2013-05-28 19:46 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\MSAgent2013-05-28 17:05 - 2013-05-28 17:05 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1BC6A980-562C-43C8-8483-7A1D2526BB9F}2013-05-28 16:32 - 2013-05-28 16:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{EE7D7AA3-B6F7-4BD9-AF66-37483DFC0D7E}2013-05-28 10:12 - 2013-05-28 10:12 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{84F5DABE-EE6A-4D9E-9E25-A2A288F434F0}2013-05-27 15:19 - 2013-05-27 15:19 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{3F0DFEAC-AB67-46DE-A5F5-0007C5112C4E}2013-05-26 17:03 - 2013-05-26 17:03 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{2C3ECAC2-E949-42BF-9085-9340D055FF4D}2013-05-25 10:36 - 2013-05-25 10:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{35A0955B-6E70-4666-AE2E-3003850E436F}ZeroAccess:C:\$Recycle.Bin\S-1-5-21-1188298847-2614170819-2347088058-1000\$1275ff5241a28249602b776eb539b742==================== Known DLLs (Whitelisted) ================================ Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points  =========================Restore point made on: 2013-06-09 20:05:08==================== Memory info =========================== Percentage of memory in use: 10%Total physical RAM: 3034.29 MBAvailable physical RAM: 2728.09 MBTotal Pagefile: 2859.19 MBAvailable Pagefile: 2793.3 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1991.24 MB==================== Drives ================================Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFSDrive c: (OS) (Fixed) (Total:218.2 GB) (Free:57.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.23 GB) NTFSDrive f: (HITMANPRO) (Removable) (Total:7.25 GB) (Free:7.25 GB) FAT32Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS==================== MBR & Partition Table ==========================================================================Disk: 1 (Size: 233 GB) (Disk ID: 00638CBF)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=218 GB) - (Type=07 NTFS)========================================================Disk: 2 (Size: 7 GB) (Disk ID: 367603A2)Partition 1: (Active) - (Size=7 GB) - (Type=0B)LastRegBack: 2013-06-23 18:30==================== End Of Log ============================</blockquote>

Verification

Top