I recentally acquired what I think might be a keylogger due to some suspicious activity with games I've played and e-mail accounts, also having search engine searches for common things redirect me to ebay or other odd sites I've never visited before.
I also have a process called PING.exe taking up 60/70% of my CPU Usage, it doesn't show up on the standard task manager processes list I only found it on the resource monitor where I have suspended it temporarily for now, even after suspending it, my typing on skype and on my address bar and so on seems to have a small delay which is rather odd also.
I'm not really sure how else to describe it, So far I've used MalwareBytes doing a full scan and it's quarantined 6 infections so far which were:
Trojan.Hiloti
Trojan.Agent
Trojan.Agent.U
All of those being files and then three registry values which were Hiloti and Agent.U aswell as Hijack.ExeFile.
A friend of mine told me that it could possibly be someone harnassing my computer for DDOS usage or something but not 100% sure on that either.
Anyway I'll post my OTL log below it also provided me with an Extras.txt please just say if you require that also.
Thank you for your time in helping me.
Much Appreciated
Sam
OTL logfile created on: 08/09/2011 16:52:53 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Sam\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 60.94% Memory free
8.00 Gb Paging File | 5.96 Gb Available in Paging File | 74.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37.57 Gb Total Space | 7.09 Gb Free Space | 18.88% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 53.51 Gb Free Space | 27.40% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 877.99 Gb Free Space | 94.25% Space Free | Partition Type: NTFS
Computer Name: SAMS-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/08 16:52:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
PRC - [2011/08/31 09:58:30 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/08/31 09:58:18 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/04 00:17:13 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Games\Steam\Steam.exe
PRC - [2011/07/07 10:52:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/21 20:20:30 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/04/28 10:35:25 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 12:19:34 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/09 20:28:40 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/14 02:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
========== Modules (No Company Name) ==========
MOD - [2011/09/07 00:27:58 | 014,407,976 | ---- | M] () -- D:\Games\Steam\bin\libcef.dll
MOD - [2011/09/07 00:27:55 | 000,190,248 | ---- | M] () -- D:\Games\Steam\bin\chromehtml.dll
MOD - [2011/09/07 00:27:53 | 000,091,432 | ---- | M] () -- D:\Games\Steam\bin\avutil-50.dll
MOD - [2011/09/07 00:27:51 | 000,155,432 | ---- | M] () -- D:\Games\Steam\bin\avformat-52.dll
MOD - [2011/09/07 00:27:49 | 000,914,216 | ---- | M] () -- D:\Games\Steam\bin\avcodec-52.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/31 09:58:30 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/08/31 09:58:18 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/02 10:51:41 | 003,542,616 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/07 10:52:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 10:35:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/07 10:52:34 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/07 10:52:34 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/07 21:34:21 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/05/07 21:34:21 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/04/14 14:28:10 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2011/04/14 14:28:08 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2010/09/07 21:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/16 13:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/03/29 18:21:51 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/30 17:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/09/30 11:36:14 | 000,013,008 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pstrip64.sys -- (PStrip64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Sam\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/27 22:47:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/27 22:47:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{581DD211-893C-4A97-8641-A17B9323F686}: C:\Users\Sam\AppData\Local\{581DD211-893C-4A97-8641-A17B9323F686} [2011/09/07 00:08:13 | 000,000,000 | ---D | M]
[2010/07/16 01:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions
[2010/07/30 13:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\820n5vkg.default\extensions
[2010/07/30 13:54:44 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\820n5vkg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/07/30 13:50:25 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\820n5vkg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/07/16 01:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/26 08:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 08:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/06/26 08:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 08:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Hobbyist Software VLC Streamer] C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe (Hobbyist Software)
O4 - HKCU..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Program Files (x86)\PowerStrip\PStrip.exe (EnTech Taiwan)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.16.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19E64FA2-BCAC-46B0-ACAD-394A75772759}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2988FE80-6010-4703-A8FA-6072F92F78BD}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EFBC53A-9B2C-4240-948E-A6FD283A4320}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F8C6694-59B5-445D-944F-C33C8574A66C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/08 16:52:44 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2011/09/08 16:49:48 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/08 16:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/08 00:46:59 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\BTroopers
[2011/09/07 00:08:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\{581DD211-893C-4A97-8641-A17B9323F686}
[2011/08/30 00:25:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\dxhr
[2011/08/30 00:24:08 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\ALI213
[2011/08/30 00:24:08 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\28050
[2011/08/28 01:26:41 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Hobbyist_Software
[2011/08/28 01:25:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Hobbyist Software
[2011/08/28 01:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Streamer
[2011/08/28 01:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hobbyist Software
[2011/08/27 23:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AirDisplay
[2011/08/27 23:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Display
[2011/08/27 23:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Avatron
[2011/08/27 22:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/27 22:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/27 22:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/27 22:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/27 22:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/27 22:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/27 22:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/27 22:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/27 22:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/08/22 22:02:04 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\LOLReplay
[2011/08/22 22:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay
[2011/08/14 13:00:35 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/08/14 13:00:06 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Dropbox
[2011/04/07 18:19:01 | 000,586,752 | -HS- | C] (Microsoft Corporation) -- C:\Users\Sam\AppData\Local\sol.exe
[2011/04/07 18:19:01 | 000,586,752 | -HS- | C] (Microsoft Corporation) -- C:\Users\Sam\AppData\Local\ncl.exe
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/08 16:52:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2011/09/08 16:49:48 | 000,002,965 | ---- | M] () -- C:\Users\Sam\Desktop\HiJackThis.lnk
[2011/09/08 16:45:55 | 000,007,620 | ---- | M] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
[2011/09/08 16:28:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 14:32:44 | 000,000,656 | ---- | M] () -- C:\Users\Sam\Desktop\World of Warcraft.lnk
[2011/09/08 13:52:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 13:52:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 13:44:39 | 000,009,346 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.ini
[2011/09/08 13:44:37 | 000,009,364 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.bak
[2011/09/08 13:44:35 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 13:43:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/08 13:43:40 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/08 09:51:09 | 000,009,346 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.bk!
[2011/09/08 09:12:37 | 000,009,346 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.bko
[2011/09/07 09:02:42 | 000,000,120 | ---- | M] () -- C:\Users\Sam\AppData\Local\Smeruyiw.dat
[2011/09/07 00:08:14 | 000,000,000 | ---- | M] () -- C:\Users\Sam\AppData\Local\Ifejuvil.bin
[2011/09/06 18:02:49 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/06 18:02:49 | 000,664,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/06 18:02:49 | 000,125,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/03 20:51:25 | 000,122,204 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/31 09:58:30 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/31 09:58:18 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/08/31 09:58:18 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/30 16:59:14 | 002,054,104 | ---- | M] () -- C:\Users\Sam\Desktop\IMG_0203.JPG
[2011/08/30 12:07:10 | 000,004,607 | ---- | M] () -- C:\Users\Sam\.recently-used.xbel
[2011/08/27 22:49:11 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/26 07:54:07 | 007,921,704 | ---- | M] () -- C:\Users\Sam\Desktop\Adele_vs._Skrillex_-_Set_Fire_To_Everybody.mp3
[2011/08/25 15:31:48 | 016,641,315 | ---- | M] () -- C:\Users\Sam\Desktop\01 Android Porn.mp3
[2011/08/22 22:02:05 | 000,001,973 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011/08/18 00:14:48 | 000,001,155 | ---- | M] () -- C:\Users\Sam\Desktop\World of Warcraft Romie.lnk
[2011/08/17 23:14:29 | 003,383,525 | ---- | M] () -- C:\Users\Sam\Desktop\Maligned.psd
[2011/08/14 13:04:14 | 000,001,036 | ---- | M] () -- C:\Users\Sam\Desktop\Dropbox.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/08 16:49:48 | 000,002,965 | ---- | C] () -- C:\Users\Sam\Desktop\HiJackThis.lnk
[2011/09/07 00:08:14 | 000,000,120 | ---- | C] () -- C:\Users\Sam\AppData\Local\Smeruyiw.dat
[2011/09/07 00:08:14 | 000,000,000 | ---- | C] () -- C:\Users\Sam\AppData\Local\Ifejuvil.bin
[2011/09/03 20:51:25 | 000,122,204 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/31 09:58:17 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/08/30 16:57:51 | 002,054,104 | ---- | C] () -- C:\Users\Sam\Desktop\IMG_0203.JPG
[2011/08/30 12:07:10 | 000,004,607 | ---- | C] () -- C:\Users\Sam\.recently-used.xbel
[2011/08/27 22:49:11 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/26 07:54:07 | 007,921,704 | ---- | C] () -- C:\Users\Sam\Desktop\Adele_vs._Skrillex_-_Set_Fire_To_Everybody.mp3
[2011/08/25 15:30:45 | 016,641,315 | ---- | C] () -- C:\Users\Sam\Desktop\01 Android Porn.mp3
[2011/08/22 22:02:05 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011/08/22 22:02:05 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2011/08/18 00:14:48 | 000,001,155 | ---- | C] () -- C:\Users\Sam\Desktop\World of Warcraft Romie.lnk
[2011/08/17 23:14:19 | 003,383,525 | ---- | C] () -- C:\Users\Sam\Desktop\Maligned.psd
[2011/08/14 13:04:14 | 000,001,036 | ---- | C] () -- C:\Users\Sam\Desktop\Dropbox.lnk
[2011/07/29 01:00:50 | 000,000,059 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2011/06/15 18:11:29 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/07 18:19:08 | 000,010,886 | -HS- | C] () -- C:\Users\Sam\AppData\Local\325cq8r6ceko405fg
[2011/04/07 18:19:08 | 000,010,886 | -HS- | C] () -- C:\ProgramData\325cq8r6ceko405fg
[2011/02/26 02:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/10/31 12:33:35 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/09/08 06:05:39 | 000,000,132 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/23 11:15:30 | 000,009,346 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.bko
[2010/07/22 12:22:51 | 000,009,346 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.bk!
[2010/07/22 12:22:43 | 000,009,364 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.bak
[2010/07/22 12:16:18 | 000,009,346 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.ini
[2010/07/22 12:00:45 | 000,000,438 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/07/15 23:08:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/27 11:28:48 | 000,764,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/21 14:53:11 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/06/12 13:06:14 | 000,000,747 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\MPQEditor.ini
[2010/05/25 17:46:26 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/04/25 14:29:44 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/04/25 14:29:43 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/04/25 14:29:42 | 002,359,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/04/10 23:37:25 | 000,007,620 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
[2010/04/05 02:34:22 | 000,003,584 | ---- | C] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/01 13:27:48 | 000,000,396 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/15 03:39:00 | 001,364,522 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\wrar393.exe
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/04/20 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.minecraft
[2011/07/09 08:36:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Command and Conquer 4
[2010/03/29 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DAEMON Tools Lite
[2011/03/29 11:40:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DarksporeData
[2011/07/21 21:18:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Downloaded Installations
[2011/09/08 13:45:33 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox
[2011/08/22 16:39:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DVDVideoSoft
[2011/08/22 16:39:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/22 09:44:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0
[2011/08/28 01:25:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Hobbyist Software
[2010/09/30 13:59:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Leadertech
[2010/09/26 17:06:21 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LolClient
[2010/07/27 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Megaupload
[2010/07/18 23:23:39 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MotioninJoy
[2011/06/01 20:54:04 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mumble
[2010/12/22 06:31:14 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\NationRed
[2011/03/21 01:44:13 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nicalis
[2010/05/10 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Octoshape
[2011/05/07 10:09:30 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OnLive App
[2010/04/10 21:58:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OpenOffice.org
[2011/06/15 07:33:34 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Orbit
[2011/06/15 07:33:34 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ProgSense
[2011/07/27 08:20:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Propellerhead Software
[2010/05/12 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Publish Providers
[2011/03/16 10:24:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PunkBuster
[2010/10/28 23:58:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\RayV
[2011/04/06 13:00:12 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion
[2011/02/16 10:18:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\RIFT
[2011/06/21 17:06:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rovio
[2011/07/03 23:22:17 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\runic games
[2010/05/12 12:29:38 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sony
[2010/09/25 23:48:17 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive
[2011/06/23 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify
[2011/09/08 10:38:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client
[2011/07/11 11:31:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Ubisoft
[2011/09/07 17:47:50 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent
[2010/12/01 02:28:30 | 000,000,000 | -HSD | M] -- C:\Users\Sam\AppData\Roaming\wyUpdate AU
[2011/08/01 10:12:12 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >