Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect Won't Go Away


  • This topic is locked This topic is locked

#1
mjwalters0716

mjwalters0716

    Member

  • Member
  • PipPip
  • 12 posts
K, I've exhausted what little knowledge I have trying to get rid of this one. Not sure when or how it came to be on my computer, but now most links clicked on will redirect me to a random page. If I use the back menu to go back to the original google search, I can usually click on the link a second time to get to the page I originally intended, and every link I click on that same search page will then also work. However, if I put in a new search or go to another page of the search I once again get a redirect on clicking a link. Also, today I somehow got AV Guard put on my computer with numerous malware entries. I went about the usual process of booting in Safemode, using CCleaner, then updating Malwarebytes, running a Quick Scan, removing threats, rebooting and rinse and repeat until I don't get any further threats. For good measure I also updated Spybot, immunize and scan for threats. Both eventually come out with no threats, but the redirect is still happening (though AV Guard seems gone). I then followed the guide on GeekstoGo about removing the Google Redirect nonsense using OTM, GooredFix, and TDSSKiller. Killer found one rootkit and removed it, but the redirect seems to continue. I've been testing it specifically by trying to go to virus removal websites which this invader seems to especially like to redirect me from. So, now I'm here to see if the pros can help. I've now run OTL and here is my log. Thanks for the help in advance:

OTL logfile created on: 10/7/2011 7:14:26 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Michael\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.97 Gb Available Physical Memory | 83.01% Memory free
11.98 Gb Paging File | 11.03 Gb Available in Paging File | 92.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.32 Gb Total Space | 33.57 Gb Free Space | 17.19% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 102.44 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Drive E: | 341.80 Gb Total Space | 79.93 Gb Free Space | 23.39% Space Free | Partition Type: NTFS
Drive F: | 394.40 Gb Total Space | 24.88 Gb Free Space | 6.31% Space Free | Partition Type: NTFS
Drive G: | 341.80 Gb Total Space | 34.94 Gb Free Space | 10.22% Space Free | Partition Type: NTFS
Drive H: | 394.40 Gb Total Space | 7.51 Gb Free Space | 1.90% Space Free | Partition Type: NTFS
Drive I: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 4.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VCHOMENET | User Name: Michael | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011/10/05 09:04:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/07/13 18:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/05 09:04:54 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/01 21:29:24 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/07 20:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/12 04:09:58 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/02 02:43:15 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/15 13:38:15 | 000,075,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/12 01:32:32 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/07 19:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/30 11:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/01/14 11:57:01 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/01/14 11:57:01 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/17 15:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/08/21 01:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/01/21 18:45:00 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007/06/26 09:45:14 | 000,362,496 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WMP54Gv41x64.sys -- (rt61x64)
DRV - [2010/03/13 12:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/12 02:24:05] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 76 19 AF 18 14 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 74 A4 AC 0C F0 3B F1 4C 81 7B 43 B1 BB FC 14 84 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/07 15:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 09:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/13 21:51:23 | 000,000,000 | ---D | M]

[2010/04/11 21:27:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2011/10/07 19:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3pcn1rg6.default\extensions
[2011/07/13 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/01 04:15:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/07 15:39:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3PCN1RG6.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011/10/05 09:04:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/01 04:15:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/05 09:04:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/05 06:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/10/07 19:01:35 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [oDesk Team] C:\Program Files (x86)\oDesk\oDeskTeam.exe (oDesk Corporation)
O4 - HKCU..\Run: [Steam] E:\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2228E5B4-283C-4B18-9A08-6E685799DDBD}: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED954E1E-9734-4080-997A-B0ECD040F76D}: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 01:39:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0ca5b687-45d4-11df-aef3-00248c3f6f27}\Shell - "" = AutoRun
O33 - MountPoints2\{0ca5b687-45d4-11df-aef3-00248c3f6f27}\Shell\AutoRun\command - "" = L:\StartHere.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 19:13:45 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:07:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\GooredFix Backups
[2011/10/07 19:07:12 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/07 19:05:24 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 19:01:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/07 18:59:43 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2011/10/07 17:40:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\YP00uucS1i
[2011/10/07 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\S777fRRL9gTXjYe
[2011/10/07 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PSSS2iibD3pn4aH
[2011/10/07 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GYCCCekIVrzONx0
[2011/10/07 17:40:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uK888fRZ9
[2011/10/07 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\niiivDD2onF4mHs
[2011/10/07 17:40:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OsssWKK7fEL9TZj
[2011/10/07 17:40:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BllIIBrrzPyxAuv
[2011/10/07 17:40:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\aUUCCekkIBrON
[2011/10/07 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OKKK8ffRZ9
[2011/10/07 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\iQJJ66dEK8fRZhX
[2011/10/07 17:40:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\b777dEEL8gRZhYw
[2011/10/07 17:40:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\x11iibDD3on
[2011/10/07 17:40:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tGGG5aaQJ6dW8
[2011/10/07 17:40:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\jfffELL8gTZhYwk
[2011/10/07 17:40:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bdddELL8gRZqYX
[2011/10/07 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wDD33onnG4
[2011/10/07 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ONNNtxxP0ucSib3
[2011/10/07 17:40:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tWWWK77fRL
[2011/10/07 17:40:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QyyyxAA1uvSobFp
[2011/10/07 17:40:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eyyycSS1ivDon4
[2011/10/07 17:40:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\U999gTTXqjY
[2011/10/07 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PBBBrrzPNyx
[2011/10/07 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\oUUCCelIBrzPNx1
[2011/10/07 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\l22oobFF3pm5aJ6
[2011/10/07 17:40:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\g444pmmH5sQJdE
[2011/10/07 17:40:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\xkkkUVVrlOBtP0c
[2011/10/07 17:40:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yXqqjjUCekIBzO
[2011/10/07 17:40:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eEEKK8gRR9hYXjV
[2011/10/07 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\z444aamH6sWJfE8
[2011/10/07 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pYYYCwwkUVrlBtP
[2011/10/07 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\O44aamHH6sW7fL8
[2011/10/07 17:40:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\dxxAA0uucS2bDpn
[2011/10/07 17:40:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\VIBBrrzONyxAuv2
[2011/10/07 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bHHH5ssWJ7dE8g
[2011/10/07 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\zK777fEL9g
[2011/10/07 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wNNyyxA11uS2oFp
[2011/10/07 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ujUUCCekI
[2011/10/07 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\P33ppmGG5aJ
[2011/10/07 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pyyycAA1u
[2011/10/07 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BUUVVellIBtPNcA
[2011/10/07 17:39:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UiiibDD3pnGaQ6s
[2011/10/07 17:39:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tQJJJ6dWK8fRLhX
[2011/10/07 17:39:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\x777ddEK8gR
[2011/10/07 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FggRRZqhhYwkUeO
[2011/10/07 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eBBttzP00yA
[2011/10/07 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\atxxPP0ycS1iD3n
[2011/10/07 17:39:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\zqqqjYYCwkIVl
[2011/10/07 17:39:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eAAA1uuvD2ob4pG
[2011/10/07 17:39:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UJ77ddEL8gR
[2011/10/07 17:39:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\maaQQH66sWKfE9g
[2011/10/07 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\oekkIIVrzONtx0c
[2011/10/07 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FqjjUUCekIBrzNx
[2011/10/07 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\f66ddWKK7fR9gXq
[2011/10/07 17:39:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LKKK8ffRZ9hXwjC
[2011/10/07 17:39:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KOOONttxP0uc1
[2011/10/07 17:39:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sFFF3ppnG5aQ6d
[2011/10/07 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UtzzPPNycA1uD2
[2011/10/07 17:39:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yhYYYXwkUVe
[2011/10/07 17:39:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tPP00yccA1vD2nF
[2011/10/07 17:39:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HdEEKK8gRZ9hYwU
[2011/10/07 17:39:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\N666sWWJ7fELgTq
[2011/10/07 17:39:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IUUUCeelIBrzNyA
[2011/10/07 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pttzzP0yyc1iv2n
[2011/10/07 17:39:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uCwwkkIVrlONtPu
[2011/10/07 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yOONNtxxA0c
[2011/10/07 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\t33ppnGG4aQ6sK7
[2011/10/07 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NWWKK7ffRL9TXj
[2011/10/07 17:39:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\YQQQJ66dWK8RL9T
[2011/10/07 17:39:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OYYCCwkkUV
[2011/10/07 17:39:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DqqqjYYCwkIVlOt
[2011/10/07 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\zWWKK8ffRLhTXjU
[2011/10/07 17:39:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Y666ddEK8fRZhTw
[2011/10/07 17:39:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\puuvvS22o
[2011/10/07 17:39:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\kvvDD2oobFpmGs
[2011/10/07 17:39:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\d55ssQJJ7
[2011/10/07 17:39:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\K777fRRL9gTXj
[2011/10/07 17:39:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UddEEK88fRZhTwj
[2011/10/07 17:39:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QccSS11ivD3nFam
[2011/10/07 17:39:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RaQQQH6sWK7fE9T
[2011/10/07 17:39:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RaaQQH6ssW7fE9g
[2011/10/07 17:39:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GssWWK77fE9gTqj
[2011/10/07 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\InnnG44aQH6WKfE
[2011/10/07 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\dOOBBtzzP0yA1v2
[2011/10/07 17:39:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QnnnG44amH6WJ7E
[2011/10/07 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\jzzOONyxA0uvSiF
[2011/10/07 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\mYXXwwkUVelOt
[2011/10/07 17:39:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lLLL8ggRZ
[2011/10/07 17:39:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\o00uucS1ibD3oG
[2011/10/07 17:39:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IggTTZqqjYCkIrl
[2011/10/07 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZLL99gTTXqjCeIV
[2011/10/07 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\i333pmmG5aQJdW8
[2011/10/07 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\l88ggRRZqhYwkVe
[2011/10/07 17:38:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pvvvS22ibF3nGaQ
[2011/10/07 17:38:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pNyyyxA1uvS2oFp
[2011/10/07 17:38:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LuvvvS2ibF3pn5Q
[2011/10/07 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\C55ssQJ66EK8fZh
[2011/10/07 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\VnnnFF4pmH5sJ7E
[2011/10/07 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\noonnF44a
[2011/10/07 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KH66ddWK7f
[2011/10/07 17:38:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\swwwjUUVelIBzNy
[2011/10/07 17:38:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OUVVeelOBt
[2011/10/07 17:38:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\gPPPNyycA1u
[2011/10/07 17:38:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\S33oonnF4a
[2011/10/07 17:38:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NrrrlOONtxP0cSi
[2011/10/07 17:38:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hCeekkIVrzONxAu
[2011/10/07 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vDD22obFF4mG5
[2011/10/07 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eGGG4aaQH6sW7fL
[2011/10/07 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BQQHH6ssWK7ELgT
[2011/10/07 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\a555aQQH6dWKfR9
[2011/10/07 17:38:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RddWWK88fRLhTq
[2011/10/07 17:38:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tjjUUCeelI
[2011/10/07 17:38:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\mgggRZZ9hY
[2011/10/07 17:38:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\xrrllONttx0uc1
[2011/10/07 17:38:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UttzzP0yyA1iv2n
[2011/10/07 17:38:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LllIIBttzPNcAu
[2011/10/07 17:38:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EellIIBtzPNyc
[2011/10/07 17:38:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\K33oonF44aH5sJd
[2011/10/07 17:38:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qSSS2iibD3pn4aH
[2011/10/07 17:38:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hnnnG44amH6sJ7E
[2011/10/07 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FFF44pmmG5sJ6EK
[2011/10/07 17:38:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RNNNtxxA0ucSib
[2011/10/07 17:38:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\YaaQQH66dW7fR
[2011/10/07 17:38:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\J9hhTTXqj
[2011/10/07 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pAAA1uuvS
[2011/10/07 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DwwwjUUVelIBzPy
[2011/10/07 17:38:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XIIIVrrlONtx0uS
[2011/10/07 17:38:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GmHH55sWJ7
[2011/10/07 17:38:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cooonFF4pmH5QJd
[2011/10/07 17:38:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\coonnF44pmHsQ7d
[2011/10/07 17:38:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\l0yyccS1ivD3nFa
[2011/10/07 17:38:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qTTZZqjjYCwIVlO
[2011/10/07 17:38:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\kDDD3oonG4aH6W
[2011/10/07 17:38:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CUUUCeekIBr
[2011/10/07 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pffEEL99g
[2011/10/07 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FYYCCekkIVrONx0
[2011/10/07 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fWWKK7ffELgTZjY
[2011/10/07 17:38:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pRRRL99hTXqUCeI
[2011/10/07 17:38:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KBBBttzPNycAuv2
[2011/10/07 17:38:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EXXwwjUUCe
[2011/10/07 17:38:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IL88ggTZqhYCkUr
[2011/10/07 17:38:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yXXXwjjUVel
[2011/10/07 17:38:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cwwwjjUVelIB
[2011/10/07 17:38:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\r22oonF44pH5
[2011/10/07 17:38:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hvvvDD3onF4aH5W
[2011/10/07 17:38:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bQHH66sWK7fE9g
[2011/10/07 17:38:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bDDD3oonG4aH6WJ
[2011/10/07 17:38:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZUUCCelIIrzPNx1
[2011/10/07 17:38:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\INttxxA0ucS2bDp
[2011/10/07 17:38:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fxAA00ucS2ib3pG
[2011/10/07 17:38:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\WKK77fRLLgTXqYe
[2011/10/07 17:38:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vjjjUCCekIBrO
[2011/10/07 17:38:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bZ999hTXwjUCeI
[2011/10/07 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVVVellIBtzNyA1
[2011/10/07 17:37:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\p33oonG44aH6sJ7
[2011/10/07 17:37:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QBtttzP0ycA
[2011/10/07 17:37:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\JtzzPP0ycA1i
[2011/10/07 17:37:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CCCCwkkUVrl
[2011/10/07 17:37:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AmmHH6ssWJfELgT
[2011/10/07 17:37:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ojjjYYCwkIVrON
[2011/10/07 17:37:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NAAA0uucS2i
[2011/10/07 17:37:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\o999hTXqqUCekBz
[2011/10/07 17:37:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\TppnnG44aQHsW7f
[2011/10/07 17:37:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\S666sWWK7fELgTq
[2011/10/07 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SdWWKK8fRL9hXqU
[2011/10/07 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\I88ffRLL9hTqjCe
[2011/10/07 17:37:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RdddEKK8fRZhTwj
[2011/10/07 17:37:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\J44ppmG55sJ6dKf
[2011/10/07 17:37:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\dxxPP0ycS1ivDoF
[2011/10/07 17:37:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SKK88gRRZ9hXwUV
[2011/10/07 17:37:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XsQQJJ7dEK8gR9Y
[2011/10/07 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\h6ssWWJ7fEL8
[2011/10/07 17:37:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yrrzOONtxA0uS2b
[2011/10/07 17:37:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OfffELL9gTZqYCk
[2011/10/07 17:37:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\mIIIVrzONtxAuc2
[2011/10/07 17:37:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pccAA1uuvD2bFpm
[2011/10/07 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EpppnGG5aQH6W
[2011/10/07 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\d333pnnG5aQ6
[2011/10/07 17:37:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\J9hhTTXwjUCelBz
[2011/10/07 17:37:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\k111ivvD2onFpm5
[2011/10/07 17:37:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IPPP0yycS1iv3oF
[2011/10/07 17:37:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IPPP0yycS1iD3oF
[2011/10/07 17:37:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uvS2ibF3pGaHdKf
[2011/10/07 17:37:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CjUCekIBrOyAuSi
[2011/10/07 17:37:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cdWK7fRL9TqY
[2011/10/07 17:37:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AWK7fRL9gXjC
[2011/10/07 17:37:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\URZ9hTXwjClBzNx
[2011/10/07 17:37:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SbF4pmG5sJdKf
[2011/10/07 17:37:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\a4pmH5sQJdKgZhX
[2011/10/07 17:37:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CVelOBtzyAi
[2011/10/07 17:37:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZJ7dEK8gR
[2011/10/07 17:37:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EOBtzP0yc1
[2011/10/07 17:37:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\z3onF4amHsJdLgZ
[2011/10/07 17:37:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\y8gTZqhYCkVlBx0
[2011/10/07 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\N1iibD3oG4am6Wf
[2011/10/07 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\K2ibD3pnGaHsK
[2011/10/07 17:37:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wBrzONyxAu
[2011/10/07 17:37:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Q9gTXqjYCkV
[2011/10/07 17:37:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tmG5aQJ6dKfLhXj
[2011/10/07 17:37:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LA0uvS2ib3n
[2011/10/07 17:37:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\nvD2obF4pGsJdKf
[2011/10/07 17:37:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HTXwjUCelBzNx1v
[2011/10/07 17:37:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tonF4amH5W7E8Rq
[2011/10/07 17:37:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\C2onF4pmHsJ
[2011/10/07 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\JwkUVelOBz0c
[2011/10/07 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\A4amH5sWJdLgZhX
[2011/10/07 17:36:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XYCwkIVrlNx0c1b
[2011/10/07 17:36:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fG4amH6sW7E8TqY
[2011/10/07 17:36:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\B2ibD3pnGaHsKfL
[2011/10/07 17:36:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tWK7fRL9gXjCkVz
[2011/10/07 17:36:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wJ6dWK8fR9TqUeI
[2011/10/07 17:36:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\w6dWK8fRLhXjCkB
[2011/10/07 17:36:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UWK8fRL9hXjCkBz
[2011/10/07 17:36:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\j9hTXwjUCl
[2011/10/07 17:36:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ClIBtzPNyAuDoFp
[2011/10/07 17:36:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tOBtzP0yc1
[2011/10/07 17:36:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\O1ivD3onFaHsJdL
[2011/10/07 17:36:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\JibD3onG4
[2011/10/07 17:36:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CS1ivD3on4m5W7E
[2011/10/07 17:36:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\b3onF4amHsJdLgZ
[2011/10/07 17:36:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qucS2ibD3n4Q
[2011/10/07 17:36:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\v6dWK7fRLg
[2011/10/07 17:36:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\S9hTXqjUCkBzNx0
[2011/10/07 17:36:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QQJ6dEK8fZhXjCl
[2011/10/07 17:36:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eYXwjUVelBzNc1
[2011/10/07 17:36:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uUCelIBrz
[2011/10/07 17:36:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CsQJ6dEK8R9TwU
[2011/10/07 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\urlONtxP0c1b
[2011/10/07 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\U1ivD3onFaHsJd
[2011/10/07 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FWJ7fEL8gZhC
[2011/10/07 17:36:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SNyxA0uvSiFpGaH
[2011/10/07 17:36:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\C8fRL9hTXjC
[2011/10/07 17:36:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wG5aQH6dW7R9T
[2011/10/07 17:36:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hgTXqjYCeIrOtAu
[2011/10/07 17:36:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XBtzPNycAu
[2011/10/07 17:36:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LEK8fRZ9hXj
[2011/10/07 17:36:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\d6dEK8fRZ
[2011/10/07 17:36:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\WhYCwkUVrOtP
[2011/10/07 17:36:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eG4amH6sW7E8TqY
[2011/10/07 17:36:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZWJ7fEL8gZhCkVl
[2011/10/07 17:36:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\e4amH6sWJfLgZh
[2011/10/07 17:36:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\A8gTZqhYCkVlBx0
[2011/10/07 17:36:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hS1ibD3on
[2011/10/07 17:36:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yL9gTXqjYeIrOt
[2011/10/07 17:36:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XbF3pnG5aHdKfLg
[2011/10/07 17:36:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CrzONyxA0v2
[2011/10/07 17:36:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\H8RhwCIrNAuSoFp
[2011/10/07 17:36:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\F1uvS2obF
[2011/10/07 17:36:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lZ9hTXwjU
[2011/10/07 17:36:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EIBtzPNyc1v2b4m
[2011/10/07 17:36:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZZqhYCwkUrOtPyS
[2011/10/07 17:36:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NWK7fEL9gZjCkVl
[2011/10/07 17:36:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\C3pnG4aQHsKfLg
[2011/10/07 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tpnG5aQH6W7R9Tq
[2011/10/07 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\s6dWK7fRLgXjCkV
[2011/10/07 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\krzONtxA0c2b3n4
[2011/10/07 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\F3pnG5aQHdKfLgX
[2011/10/07 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EbF3pnG5aHdKfLg
[2011/10/07 17:36:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XYCekIVrzN
[2011/10/07 17:36:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\c5aQH6dWKfLgXjC
[2011/10/07 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\YL9hTXqjUe
[2011/10/07 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\w3pmG5aQJdKfLhX
[2011/10/07 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\VG5aQJ6dW8R9TqU
[2011/10/07 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LQJ6dWK8fLhXjCk
[2011/10/07 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ImG5aQJ6dKfLhXj
[2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Z4pmG5sQJdKfZhX
[2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\y5sQJ6dEKfZhXjC
[2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ppmG5sQJ6E8R9Tw
[2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\oRZ9hTXwjClBzN
[2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KfRZ9hTXwUeIr
[2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GG5sQJ6dE8R9TwU
[2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\csQJ6dEK8
[2011/10/07 17:35:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\TCekIVrzOtAuSiD
[2011/10/07 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZycAuvD2oFpGsJd
[2011/10/07 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bhTXwjUCeIrPyAu
[2011/10/07 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\rwkUVelOBz0c1v2
[2011/10/07 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OUVelOBtz0c1v2n
[2011/10/07 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NVelOBtzPyAiDop
[2011/10/07 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NVelOBtzPyAiDoF
[2011/10/07 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fvD2onF4pH
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yaH6sWJ7fLgZhCk
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\w6sWJ7fELg
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UWJ7fEL8gZh
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ScS1iD3on4m6W7E
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ScS1iD3on4HsJfL
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\mG4amH6sW7E8TqY
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\k1ibD3onGaHsJfL
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\jsWJ7fEL8T
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IiD3onG4aHsJfLg
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\G4amH6sWJfLgZhC
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\G4aH6sWJ7E8TqYw
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\famH5sWJ7E8RqYw
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eS1iD3onGaHsJfL
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\d7fEL8gTZhCk
[2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AH6sWJ7fE
[2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ogXjCkVOtAuSiDp
[2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\oggXjCkVzNAuSiD
[2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\oggTqYeIrOtAuSi
[2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\K9ggTqYeIrOx0c2
[2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EHH66sWKfLgZY
[2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bCwIIVrNtPuSiDo
[2011/10/07 17:35:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wwUrOt0c1v
[2011/10/07 17:34:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OopG5aQJ6KR9X
[2011/10/07 17:34:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LkUVelOBtPy
[2011/10/07 17:34:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FelOBtzP0c1v
[2011/10/07 17:34:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UCekIBrzOyA
[2011/10/07 17:34:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tNyxA0uvSiFpGaH
[2011/10/07 17:34:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LBrzONyxAuSiFp
[2011/10/07 17:34:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\edEK8gRZ9Yw
[2011/10/07 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\r6sWK7fELgZjCkV
[2011/10/07 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OWK7fEL9gZjCkVl
[2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yyxA0uvS2bn5Q6
[2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vfLgTXqjYkVzN
[2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\u7fRL9gTXjCk
[2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\kCekIBrzOyAuSiF
[2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hD3pnG4aQ6W7E9T
[2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GyxA0uvS2bn5Q
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\W5QJK8fLhXjC
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uXqjUCekIrOyAuS
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\t2ob3G5aQW8LhXj
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sGQJK8fLhXj
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\s5QJK8fLhXj
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RBrzONyxAuS
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QhTXqjUCeIrOyAu
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QhTXqjCekBzNx0v
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Pb3GQJK8fLhXjCk
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LzNAu2Fms6KRhXU
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HTXqjUCekBzNx0v
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FS2obFmG5QW8R9T
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FS2ob3G5a6W8LhX
[2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\a9hTXqjUCkBzNx0
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\VIBtzNAuDbpGQd8
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\VIBtzNAu2Fms6KR
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzPy12bp5
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzNcuDb4G
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzNAvo4GQ
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzNAuDbpG
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUVelIBtzNcuDb4
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QYXwjUVlItNcuD
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IlIBtzNAvo4GQd8
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IlIBtzNAuDbpGQd
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eVelIBtzPc1Db4G
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzy12bp5
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzNcuDb4
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzNAu2Fm
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzc2p5JE
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzAvo4GQ
[2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVelIBtNcuDb4
[2011/10/07 17:34:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GByu2Fp5QW
[2011/10/07 17:34:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sfLgXCekIrN
[2011/10/07 17:34:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\gTXwjUCelBz
[2011/10/07 17:34:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vyxA0uvS2b3n5
[2011/10/07 17:34:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PWK8fRL9hXjCkB
[2011/10/07 17:34:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
[2011/10/07 17:34:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DjUVelIBtPyAuD
[2011/10/07 17:34:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tqhYXwkUVlBz0c1
[2011/10/07 17:34:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PYXwkUVelBz0c1v
[2011/10/07 17:34:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NXwkUVelOtPyAiD
[2011/10/07 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\YIVrlONtx0c1b
[2011/10/07 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QlONtxP0uSiDoG
[2011/10/07 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PCwkIVrlOtP
[2011/10/07 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KgTZqjYCwIrOtPu
[2011/10/07 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BcS1ibD3oGaHsJf
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\zOtx0ucS2b3n4Q6
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uS2ibD3pn
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tXjYCekIrO
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tgXqjYCekV
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tgXjYCekIO
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\rrONtxA0uSiDpGa
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QucS2ibD3n4Q6W7
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PXYekIrONx0
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PgXqYCekIzN
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\paQH6sWK7E9TqYw
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HcS2ibD3pGaHsKf
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DzONtxA0uSiDpGa
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\brzOtxA0uSiDpGa
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bIONtxA0uSiDpGa
[2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\a0ucS2ibDpGaHsK
[2011/10/07 17:34:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HmJEg9XUltN
[2011/10/07 17:33:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\gci3Ga6K7E9
[2011/10/07 17:33:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\gAu2b3n4HsK
[2011/10/07 17:33:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\n8LTjeBOy0SbpGQ
[2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wH6sWJ7fE8TqY
[2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UJdK8g9YwUeBzyA
[2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\stPcS1ibDoGaHsJ
[2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sNtPcS1ib3n4m6W
[2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QtPcS1ibDoGaHsJ
[2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PZqhYCVOxy1v3n4
[2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\kH5QJd8g9XUeBPc
[2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eSibD3onGaHsJfL
[2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BibD3onG4m6W7E8
[2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ApmHQJE8gZYweBP
[2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sNtxP0ucSiDoGaH
[2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QtxP0ucS1b3n4m6
[2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NVrlONtPc1b3n4
[2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NVrlONt0c1b3n4
[2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NVNx0S1ib3n4m6
[2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CgqCIVONtPc1b3n
[2011/10/07 17:33:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\aS2ibD3nGQ
[2011/10/07 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wVtc2ps8TeP1b5W
[2011/10/07 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UUeBPy124GQd8ZT
[2011/10/07 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\rHTOvshzodwN4KC
[2011/10/07 17:33:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AXUeBPy1Do45Jd8
[2011/10/07 17:33:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ytSom7TwO0iF5Eq
[2011/10/07 17:33:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ghr2HTODKjt3Jhx
[2011/10/07 17:33:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CbHETwO0vFs
[2011/10/07 17:33:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ahUrAiGdLjItSpH
[2011/10/07 17:33:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sms7gCrPiFsLhVz
[2011/10/07 17:28:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bxPP00ucS1ibDoG
[2011/10/07 17:28:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OGG55aQJJdWK8R9
[2011/10/07 17:28:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DddEEK88gRZhYwj
[2011/10/07 17:28:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\iqqqjYYCwkIrlOt
[2011/10/07 17:28:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OA111uvS2obF3m5
[2011/10/07 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\b3oonnF4amH5WJd
[2011/10/07 17:27:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\JHHH6ddWK7fR9gX
[2011/10/07 17:27:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZIIIBrrzP
[2011/10/07 17:27:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lPPP0yycS1iv3oF
[2011/10/07 17:27:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DbbFF3pnnGaQHdK
[2011/10/07 17:27:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DJJ77dEEK8RZ9YX
[2011/10/07 17:27:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BwwwkUUVrlOtxPy
[2011/10/07 17:27:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\gAA00uvvS2bF3nG
[2011/10/07 17:27:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\loonnF4ppm5sQ7d
[2011/10/07 17:27:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HTTTZqqjYCw
[2011/10/07 17:26:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RCCCellIBrzNyx1
[2011/10/07 17:26:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yvvvD22onF4
[2011/10/07 17:26:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lbbDD3ppnG4QHsW
[2011/10/07 17:26:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\v55ssQJJ6dK8fZ9
[2011/10/07 17:26:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\u88ggTZqqYCwkVl
[2011/10/07 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BNNNyyxA0uvSib3
[2011/10/07 17:26:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lD22oobF4pmG5Q6
[2011/10/07 17:26:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZfEELL8gT
[2011/10/07 17:26:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\e999hTTXqjUCkIr
[2011/10/07 17:25:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BtttzPP0ycA1vDo
[2011/10/07 17:25:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\R3ooonG4amH6sJf
[2011/10/07 17:25:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\xLL99hTTXqj
[2011/10/07 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\mkUUVVelOB
[2011/10/07 17:25:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\G0uuccS2ib
[2011/10/07 17:25:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GpmmGG5sQJ
[2011/10/07 17:25:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qRRRZqqhYXwk
[2011/10/07 17:25:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KxxxA00ucS2iD3n
[2011/10/07 17:25:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\C222oobF4pmGsQ
[2011/10/07 17:24:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fiibbD3ooG4am6W
[2011/10/07 17:24:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SpmmGG5aQJ6dK8R
[2011/10/07 17:24:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fZZZ9hhYXwjUelB
[2011/10/07 17:24:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ntttxxP0u
[2011/10/07 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\nbbbF33pm
[2011/10/07 17:24:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LsWWJJ7dEL8gZqY
[2011/10/07 17:24:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\w777fEEL9gTZjYe
[2011/10/07 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RffRRZ99hTwjUe
[2011/10/07 17:24:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BwwkkUVrrlBtx
[2011/10/07 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OyyxxA0uuv2ib
[2011/10/07 17:23:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lonnnF4pmH5s
[2011/10/07 17:23:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Q44aamH6sWJ7fLg
[2011/10/07 17:23:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XKKK8ffRL9hTqjC
[2011/10/07 17:23:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PqqhhYXXwkVelBt
[2011/10/07 17:23:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XxxxA00ucS2bDpn
[2011/10/07 17:23:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\N222obbF4pm5sQ6
[2011/10/07 17:23:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\zHH55sWWJ7dL8RZ
[2011/10/07 17:23:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\JekkkIVrz
[2011/10/07 17:22:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QyyycAA1uvD2bFp
[2011/10/07 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QnnGG4amm6sWJfL
[2011/10/07 17:22:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\J88ffRLL9
[2011/10/07 17:22:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ThhhYXXwjUVlItz
[2011/10/07 17:22:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qLL99gTTZqjC
[2011/10/07 17:22:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qeeelIIBrzPy
[2011/10/07 17:22:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\frrrllOBtxP0cSi
[2011/10/07 17:22:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\dccSS2ibb3pnGaH
[2011/10/07 17:22:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\F6ddEEK8f
[2011/10/07 17:21:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tYYCCwkUUV
[2011/10/07 17:21:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UCCCekkIBrzOyx0
[2011/10/07 17:21:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\nDD22onnF
[2011/10/07 17:21:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KmmHH6ssWJ7ELgT
[2011/10/07 17:21:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\o999hTTXqjUekIr
[2011/10/07 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tttzzP00yc
[2011/10/07 17:21:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UxxAA0uucSibDpn
[2011/10/07 17:21:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KGGG5ssQJ6dE8fZ
[2011/10/07 17:21:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NXXXwkkUVel
[2011/10/07 17:20:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\X000uccS2ib3p
[2011/10/07 17:20:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DJJJ6ddEK8fR9hX
[2011/10/07 17:20:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lYYYCwwkUVrlBtP
[2011/10/07 17:17:18 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/10/07 15:40:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/07 15:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/07 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/07 15:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/04 23:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic
[2011/10/02 23:02:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Crash Test Dummies (6 Albums)
[2011/10/02 23:01:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Hot Action Cop - Hot Action Cop
[2011/10/02 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\A Beautiful Mind Soundtrack
[2011/10/02 19:37:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Corpse Bride Soundtrack
[2011/10/01 21:30:07 | 000,000,000 | R--D | C] -- C:\Users\Michael\Dropbox
[2011/10/01 21:27:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/10/01 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ATI
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ATI
[2011/09/30 00:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/09/30 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/09/30 00:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/09/29 23:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/09/29 23:52:32 | 000,000,000 | ---D | C] -- C:\ATI
[2011/09/29 22:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/09/28 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\SWTOR
[2011/09/27 01:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ 3D
[2011/09/26 21:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Poser
[2011/09/26 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/09/26 21:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Poser 8 Content
[2011/09/22 17:51:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/09/19 01:31:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\RCT3
[2011/09/19 01:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
[2011/09/13 16:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine
[2011/09/13 06:30:08 | 000,037,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:07:40 | 000,782,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/07 19:07:40 | 000,662,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/07 19:07:40 | 000,121,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/07 19:05:25 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 19:03:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/07 19:03:19 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/07 19:01:35 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/10/07 18:59:44 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:02:29 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/10/07 17:40:14 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 17:40:14 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 17:32:51 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/07 17:03:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/07 15:42:37 | 069,229,383 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/07 12:46:24 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/05 18:33:46 | 000,328,971 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/05 09:05:12 | 000,002,052 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/01 21:30:07 | 000,001,042 | ---- | M] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | M] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/22 15:57:35 | 000,437,695 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111007-174841.backup
[2011/09/19 01:31:42 | 000,001,089 | ---- | M] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | M] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | M] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2011/09/08 22:24:50 | 000,437,405 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110922-155735.backup
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/01 21:30:07 | 000,001,042 | ---- | C] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | C] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/19 01:31:42 | 000,001,089 | ---- | C] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | C] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | C] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/07/12 01:06:43 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/14 09:44:10 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/01/27 17:30:55 | 000,000,507 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/12/19 01:18:21 | 000,003,879 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Perfmon.PerfmonCfg
[2010/12/18 20:10:10 | 000,007,601 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2010/10/05 18:24:34 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/05 18:24:34 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/15 13:38:16 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/15 13:38:15 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/15 13:38:15 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/06/13 22:10:43 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/06/11 18:25:27 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/05/25 10:09:14 | 000,011,776 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 04:31:24 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/05/02 02:51:19 | 000,221,608 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/05/01 03:31:38 | 000,776,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/12 08:47:02 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2010/04/12 04:42:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/04/12 02:58:26 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/12 02:54:31 | 004,902,912 | ---- | C] () -- C:\Windows\SysWow64\qt-mt335.dll
[2010/04/11 22:56:18 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/11 22:37:03 | 000,121,753 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2010/04/11 18:37:03 | 000,052,864 | R--- | C] () -- C:\Windows\SysWow64\SetupWizard.exe
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/12/28 00:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/06/12 08:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== LOP Check ==========

[2011/09/08 19:52:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.purple
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\a0ucS2ibDpGaHsK
[2011/10/07 17:37:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\A4amH5sWJdLgZhX
[2011/10/07 17:37:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\a4pmH5sQJdKgZhX
[2011/10/07 17:38:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\a555aQQH6dWKfR9
[2011/10/07 17:36:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\A8gTZqhYCkVlBx0
[2011/10/07 17:34:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\a9hTXqjUCkBzNx0
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AH6sWJ7fE
[2011/10/07 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ahUrAiGdLjItSpH
[2011/10/07 17:37:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AmmHH6ssWJfELgT
[2011/10/07 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ApmHQJE8gZYweBP
[2011/10/07 17:33:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\aS2ibD3nGQ
[2011/09/19 01:31:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Atari
[2011/10/07 17:39:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\atxxPP0ycS1iD3n
[2010/04/12 03:54:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Autodesk
[2011/10/07 17:40:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\aUUCCekkIBrON
[2011/10/07 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/07 17:37:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AWK7fRL9gXjC
[2011/10/07 17:33:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AXUeBPy1Do45Jd8
[2011/10/07 17:45:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Azureus
[2011/10/07 17:36:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\B2ibD3pnGaHsKfL
[2011/10/07 17:36:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\b3onF4amHsJdLgZ
[2011/10/07 17:28:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\b3oonnF4amH5WJd
[2011/10/07 17:40:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\b777dEEL8gRZhYw
[2011/10/07 17:34:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BcS1ibD3oGaHsJf
[2011/10/07 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\bCwIIVrNtPuSiDo
[2011/10/07 17:38:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\bDDD3oonG4aH6WJ
[2011/10/07 17:40:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\bdddELL8gRZqYX
[2011/10/07 17:40:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\bHHH5ssWJ7dE8g
[2011/10/07 17:35:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\bhTXwjUCeIrPyAu
[2011/10/07 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BibD3onG4m6W7E8
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\bIONtxA0uSiDpGa
[2011/10/07 17:40:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BllIIBrrzPyxAuv
[2011/10/07 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BNNNyyxA0uvSib3
[2010/09/04 03:31:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BoneTown
[2011/10/07 17:38:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\bQHH66sWK7fE9g
[2011/10/07 17:38:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BQQHH6ssWK7ELgT
[2011/02/22 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Braid
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\brzOtxA0uSiDpGa
[2011/10/07 17:25:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BtttzPP0ycA1vDo
[2011/10/07 17:39:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BUUVVellIBtPNcA
[2011/10/07 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BwwkkUVrrlBtx
[2011/10/07 17:27:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BwwwkUUVrlOtxPy
[2011/10/07 17:28:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\bxPP00ucS1ibDoG
[2011/10/07 17:38:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\bZ999hTXwjUCeI
[2011/10/07 17:25:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\C222oobF4pmGsQ
[2011/10/07 17:37:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\C2onF4pmHsJ
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\C3pnG4aQHsKfLg
[2011/10/07 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\C55ssQJ66EK8fZh
[2011/10/07 17:36:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\c5aQH6dWKfLgXjC
[2011/10/07 17:36:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\C8fRL9hTXjC
[2010/06/08 14:06:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2011/10/07 17:33:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CbHETwO0vFs
[2011/10/07 17:37:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CCCCwkkUVrl
[2011/10/07 17:37:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cdWK7fRL9TqY
[2011/10/07 17:33:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CgqCIVONtPc1b3n
[2010/09/06 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Chime
[2011/10/07 17:37:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CjUCekIBrOyAuSi
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cjUVelIBtNcuDb4
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzAvo4GQ
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzc2p5JE
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzNAu2Fm
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzNcuDb4
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzy12bp5
[2011/10/07 17:36:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ClIBtzPNyAuDoFp
[2010/04/12 04:29:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.ExMan
[2010/08/16 22:42:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ContentGuard
[2011/10/07 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\coonnF44pmHsQ7d
[2011/10/07 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cooonFF4pmH5QJd
[2011/10/07 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CrzONyxA0v2
[2011/10/07 17:36:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CS1ivD3on4m5W7E
[2011/10/07 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\csQJ6dEK8
[2011/10/07 17:36:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CsQJ6dEK8R9TwU
[2011/10/07 17:38:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CUUUCeekIBr
[2011/10/07 17:37:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CVelOBtzyAi
[2011/10/07 17:38:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cwwwjjUVelIB
[2010/05/06 04:32:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cYo
[2011/10/07 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\d333pnnG5aQ6
[2011/10/07 17:39:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\d55ssQJJ7
[2011/10/07 17:36:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\d6dEK8fRZ
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\d7fEL8gTZhCk
[2011/01/28 05:03:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAZ 3D
[2011/10/07 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DbbFF3pnnGaQHdK
[2011/10/07 17:22:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\dccSS2ibb3pnGaH
[2011/10/07 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DddEEK88gRZhYwj
[2011/05/18 13:30:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DisneyInteractiveStudios
[2011/10/07 17:27:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DJJ77dEEK8RZ9YX
[2011/10/07 17:20:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DJJJ6ddEK8fR9hX
[2011/10/07 17:34:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DjUVelIBtPyAuD
[2011/10/07 17:39:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\dOOBBtzzP0yA1v2
[2011/10/07 17:39:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DqqqjYYCwkIVlOt
[2011/10/07 17:34:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/10/07 17:37:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVVVellIBtzNyA1
[2011/10/07 17:38:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DwwwjUUVelIBzPy
[2011/10/07 17:40:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\dxxAA0uucS2bDpn
[2011/10/07 17:37:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\dxxPP0ycS1ivDoF
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DzONtxA0uSiDpGa
[2011/10/07 17:36:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\e4amH6sWJfLgZh
[2011/10/07 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\e999hTTXqjUCkIr
[2011/10/07 17:39:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\eAAA1uuvD2ob4pG
[2011/10/07 17:39:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\eBBttzP00yA
[2011/10/07 17:36:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\EbF3pnG5aHdKfLg
[2011/10/07 17:34:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\edEK8gRZ9Yw
[2011/10/07 17:40:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\eEEKK8gRR9hYXjV
[2011/10/07 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\EellIIBtzPNyc
[2011/10/07 17:36:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\eG4amH6sW7E8TqY
[2011/10/07 17:38:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\eGGG4aaQH6sW7fL
[2011/10/07 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\EHH66sWKfLgZY
[2011/10/07 17:36:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\EIBtzPNyc1v2b4m
[2011/10/07 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\EOBtzP0yc1
[2011/10/07 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\EpppnGG5aQH6W
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\eS1iD3onGaHsJfL
[2011/10/07 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\eSibD3onGaHsJfL
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\eVelIBtzPc1Db4G
[2011/10/07 17:38:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\EXXwwjUUCe
[2011/10/07 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\eYXwjUVelBzNc1
[2011/10/07 17:40:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\eyyycSS1ivDon4
[2011/10/07 17:36:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\F1uvS2obF
[2011/10/07 17:36:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\F3pnG5aQHdKfLgX
[2011/10/07 17:39:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\f66ddWKK7fR9gXq
[2011/10/07 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\F6ddEEK8f
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\famH5sWJ7E8RqYw
[2011/10/07 17:34:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FelOBtzP0c1v
[2011/10/07 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FFF44pmmG5sJ6EK
[2011/10/07 17:36:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\fG4amH6sW7E8TqY
[2011/10/07 17:39:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FggRRZqhhYwkUeO
[2011/10/07 17:24:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\fiibbD3ooG4am6W
[2011/10/07 17:39:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FqjjUUCekIBrzNx
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FreeAudioPack
[2011/10/07 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\frrrllOBtxP0cSi
[2011/10/07 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FS2ob3G5a6W8LhX
[2011/10/07 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FS2obFmG5QW8R9T
[2011/10/07 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\fvD2onF4pH
[2011/10/07 17:36:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FWJ7fEL8gZhC
[2011/10/07 17:38:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\fWWKK7ffELgTZjY
[2011/10/07 17:38:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\fxAA00ucS2ib3pG
[2011/10/07 17:38:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FYYCCekkIVrONx0
[2011/10/07 17:24:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\fZZZ9hhYXwjUelB
[2011/10/07 17:25:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\G0uuccS2ib
[2011/10/07 17:40:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\g444pmmH5sQJdE
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\G4aH6sWJ7E8TqYw
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\G4amH6sWJfLgZhC
[2011/10/07 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gAA00uvvS2bF3nG
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gAu2b3n4HsK
[2011/10/07 17:34:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GByu2Fp5QW
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gci3Ga6K7E9
[2011/10/07 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GG5sQJ6dE8R9TwU
[2011/10/07 17:33:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ghr2HTODKjt3Jhx
[2011/10/07 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GmHH55sWJ7
[2011/10/07 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GpmmGG5sQJ
[2011/10/07 17:38:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gPPPNyycA1u
[2011/10/07 17:39:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GssWWK77fE9gTqj
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2011/10/07 17:34:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gTXwjUCelBz
[2011/10/07 17:40:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GYCCCekIVrzONx0
[2011/10/07 17:34:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GyxA0uvS2bn5Q
[2011/10/07 17:37:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\h6ssWWJ7fEL8
[2011/10/07 17:36:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\H8RhwCIrNAuSoFp
[2011/10/07 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\hCeekkIVrzONxAu
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\HcS2ibD3pGaHsKf
[2011/10/07 17:34:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\hD3pnG4aQ6W7E9T
[2011/10/07 17:39:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\HdEEKK8gRZ9hYwU
[2011/10/07 17:36:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\hgTXqjYCeIrOtAu
[2011/10/07 17:34:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\HmJEg9XUltN
[2011/10/07 17:38:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\hnnnG44amH6sJ7E
[2011/10/07 17:36:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\hS1ibD3on
[2011/10/07 17:27:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\HTTTZqqjYCw
[2011/10/07 17:34:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\HTXqjUCekBzNx0v
[2011/10/07 17:37:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\HTXwjUCelBzNx1v
[2011/10/07 17:38:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\hvvvDD3onF4aH5W
[2011/10/07 17:39:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\i333pmmG5aQJdW8
[2011/10/07 17:37:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\I88ffRLL9hTqjCe
[2011/04/29 12:30:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ice-pick Lodge
[2011/10/07 17:39:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IggTTZqqjYCkIrl
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IiD3onG4aHsJfLg
[2011/10/07 17:38:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IL88ggTZqhYCkUr
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IlIBtzNAuDbpGQd
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IlIBtzNAvo4GQd8
[2011/10/07 17:35:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ImG5aQJ6dKfLhXj
[2010/04/12 08:47:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ImgBurn
[2011/10/07 17:39:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\InnnG44aQH6WKfE
[2011/10/07 17:38:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\INttxxA0ucS2bDp
[2011/10/07 17:37:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IPPP0yycS1iD3oF
[2011/10/07 17:37:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IPPP0yycS1iv3oF
[2011/10/07 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\iQJJ66dEK8fRZhX
[2011/10/07 17:28:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\iqqqjYYCwkIrlOt
[2011/10/07 17:39:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IUUUCeelIBrzNyA
[2011/10/07 17:37:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\J44ppmG55sJ6dKf
[2011/10/07 17:22:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\J88ffRLL9
[2011/10/07 17:38:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\J9hhTTXqj
[2011/10/07 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\J9hhTTXwjUCelBz
[2011/10/07 17:36:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\j9hTXwjUCl
[2011/07/11 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\jAlbum
[2011/10/07 17:23:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\JekkkIVrz
[2011/10/07 17:40:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\jfffELL8gTZhYwk
[2011/10/07 17:27:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\JHHH6ddWK7fR9gX
[2011/10/07 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\JibD3onG4
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\jsWJ7fEL8T
[2011/10/07 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\JtzzPP0ycA1i
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Juniper Networks
[2011/10/07 17:37:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\JwkUVelOBz0c
[2011/10/07 17:39:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\jzzOONyxA0uvSiF
[2011/10/07 17:37:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\k111ivvD2onFpm5
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\k1ibD3onGaHsJfL
[2011/10/07 17:37:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\K2ibD3pnGaHsK
[2011/10/07 17:38:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\K33oonF44aH5sJd
[2011/10/07 17:39:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\K777fRRL9gTXj
[2011/10/07 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\K9ggTqYeIrOx0c2
[2011/10/07 17:38:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\KBBBttzPNycAuv2
[2011/10/07 17:34:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\kCekIBrzOyAuSiF
[2011/10/07 17:38:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\kDDD3oonG4aH6W
[2011/10/07 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\KfRZ9hTXwUeIr
[2011/10/07 17:21:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\KGGG5ssQJ6dE8fZ
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\KgTZqjYCwIrOtPu
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\kH5QJd8g9XUeBPc
[2011/10/07 17:38:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\KH66ddWK7f
[2011/10/07 17:21:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\KmmHH6ssWJ7ELgT
[2011/10/07 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\KOOONttxP0uc1
[2011/10/07 17:36:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\krzONtxA0c2b3n4
[2011/10/07 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\kvvDD2oobFpmGs
[2011/10/07 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\KxxxA00ucS2iD3n
[2011/10/07 17:38:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\l0yyccS1ivD3nFa
[2011/10/07 17:40:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\l22oobFF3pm5aJ6
[2011/10/07 17:39:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\l88ggRRZqhYwkVe
[2011/10/07 17:37:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LA0uvS2ib3n
[2011/10/07 17:26:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\lbbDD3ppnG4QHsW
[2011/10/07 17:34:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LBrzONyxAuSiFp
[2011/10/07 17:26:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\lD22oobF4pmG5Q6
[2011/09/22 17:51:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/10/07 17:36:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LEK8fRZ9hXj
[2011/10/07 17:39:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LKKK8ffRZ9hXwjC
[2011/10/07 17:34:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LkUVelOBtPy
[2011/10/07 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LllIIBttzPNcAu
[2011/10/07 17:39:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\lLLL8ggRZ
[2011/10/07 17:23:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\lonnnF4pmH5s
[2011/10/07 17:27:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\loonnF4ppm5sQ7d
[2011/10/07 17:27:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\lPPP0yycS1iv3oF
[2011/10/07 17:35:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LQJ6dWK8fLhXjCk
[2011/10/07 17:24:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LsWWJJ7dEL8gZqY
[2011/04/12 14:15:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LucasArts
[2011/10/07 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LuvvvS2ibF3pn5Q
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Luxology
[2011/10/07 17:20:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\lYYYCwwkUVrlBtP
[2011/10/07 17:36:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\lZ9hTXwjU
[2011/10/07 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LzNAu2Fms6KRhXU
[2011/10/07 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\maaQQH66sWKfE9g
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mG4amH6sW7E8TqY
[2011/10/07 17:38:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mgggRZZ9hY
[2011/10/07 17:37:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mIIIVrzONtxAuc2
[2011/10/07 17:25:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mkUUVVelOB
[2011/10/07 17:39:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mYXXwwkUVelOt
[2011/10/07 17:37:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\N1iibD3oG4am6Wf
[2011/10/07 17:23:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\N222obbF4pm5sQ6
[2011/10/07 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\N666sWWJ7fELgTq
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\n8LTjeBOy0SbpGQ
[2011/10/07 17:37:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NAAA0uucS2i
[2011/10/07 17:24:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\nbbbF33pm
[2011/10/07 17:21:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\nDD22onnF
[2010/06/28 12:10:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Need for Speed World
[2011/10/07 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\niiivDD2onF4mHs
[2011/10/07 17:38:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\noonnF44a
[2011/05/27 14:14:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Notepad++
[2011/10/07 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NrrrlOONtxP0cSi
[2011/10/07 17:24:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ntttxxP0u
[2011/10/07 17:37:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\nvD2obF4pGsJdKf
[2011/10/07 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NVelOBtzPyAiDoF
[2011/10/07 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NVelOBtzPyAiDop
[2011/10/07 17:33:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NVNx0S1ib3n4m6
[2011/10/07 17:33:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NVrlONt0c1b3n4
[2011/10/07 17:33:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NVrlONtPc1b3n4
[2011/10/07 17:36:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NWK7fEL9gZjCkVl
[2011/10/07 17:39:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NWWKK7ffRL9TXj
[2011/10/07 17:34:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NXwkUVelOtPyAiD
[2011/10/07 17:21:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NXXXwkkUVel
[2011/10/07 17:39:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\o00uucS1ibD3oG
[2011/10/07 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\O1ivD3onFaHsJdL
[2011/10/07 17:40:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\O44aamHH6sW7fL8
[2011/10/07 17:21:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\o999hTTXqjUekIr
[2011/10/07 17:37:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\o999hTXqqUCekBz
[2011/10/07 17:28:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OA111uvS2obF3m5
[2011/10/07 17:39:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\oekkIIVrzONtx0c
[2011/10/07 17:37:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OfffELL9gTZqYCk
[2011/10/07 17:28:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OGG55aQJJdWK8R9
[2011/10/07 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\oggTqYeIrOtAuSi
[2011/10/07 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\oggXjCkVzNAuSiD
[2011/10/07 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ogXjCkVOtAuSiDp
[2011/10/07 17:37:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ojjjYYCwkIVrON
[2011/10/07 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OKKK8ffRZ9
[2011/10/07 17:40:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ONNNtxxP0ucSib3
[2011/10/07 17:34:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OopG5aQJ6KR9X
[2011/10/07 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\oRZ9hTXwjClBzN
[2011/10/07 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OsssWKK7fEL9TZj
[2011/10/07 17:40:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\oUUCCelIBrzPNx1
[2011/10/07 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OUVelOBtz0c1v2n
[2011/10/07 17:38:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OUVVeelOBt
[2011/10/07 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OWK7fEL9gZjCkVl
[2011/10/07 17:39:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OYYCCwkkUV
[2011/10/07 17:23:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OyyxxA0uuv2ib
[2011/10/07 17:37:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\p33oonG44aH6sJ7
[2011/10/07 17:39:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\P33ppmGG5aJ
[2011/10/07 17:38:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pAAA1uuvS
[2011/10/07 17:34:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\paQH6sWK7E9TqYw
[2011/10/07 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Pb3GQJK8fLhXjCk
[2011/10/07 17:40:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PBBBrrzPNyx
[2011/10/07 17:37:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pccAA1uuvD2bFpm
[2011/10/07 17:34:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PCwkIVrlOtP
[2011/10/07 17:38:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pffEEL99g
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PgXqYCekIzN
[2010/05/06 04:55:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PlayFirst
[2010/07/27 18:11:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Pmcc
[2011/10/07 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pNyyyxA1uvS2oFp
[2011/09/26 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/10/07 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ppmG5sQJ6E8R9Tw
[2011/10/07 17:23:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PqqhhYXXwkVelBt
[2011/10/07 17:38:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pRRRL99hTXqUCeI
[2011/10/07 17:40:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PSSS2iibD3pn4aH
[2011/10/07 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pttzzP0yyc1iv2n
[2011/10/07 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\puuvvS22o
[2011/10/07 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pvvvS22ibF3nGaQ
[2011/10/07 17:34:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PWK8fRL9hXjCkB
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PXYekIrONx0
[2011/10/07 17:34:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PYXwkUVelBz0c1v
[2011/10/07 17:39:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pyyycAA1u
[2011/10/07 17:40:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pYYYCwwkUVrlBtP
[2011/10/07 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PZqhYCVOxy1v3n4
[2011/10/07 17:23:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Q44aamH6sWJ7fLg
[2011/10/07 17:37:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Q9gTXqjYCkV
[2011/10/07 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QBtttzP0ycA
[2011/10/07 17:39:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QccSS11ivD3nFam
[2011/10/07 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\qeeelIIBrzPy
[2011/10/07 17:34:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QhTXqjCekBzNx0v
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QhTXqjUCeIrOyAu
[2011/10/07 17:22:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\qLL99gTTZqjC
[2011/10/07 17:34:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QlONtxP0uSiDoG
[2011/10/07 17:22:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QnnGG4amm6sWJfL
[2011/10/07 17:39:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QnnnG44amH6WJ7E
[2011/10/07 17:36:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QQJ6dEK8fZhXjCl
[2011/10/07 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\qRRRZqqhYXwk
[2011/10/07 17:38:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\qSSS2iibD3pn4aH
[2011/10/07 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QtPcS1ibDoGaHsJ
[2011/10/07 17:38:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\qTTZZqjjYCwIVlO
[2011/10/07 17:33:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QtxP0ucS1b3n4m6
[2011/10/07 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\qucS2ibD3n4Q
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QucS2ibD3n4Q6W7
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QYXwjUVlItNcuD
[2011/10/07 17:22:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QyyycAA1uvD2bFp
[2011/10/07 17:40:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QyyyxAA1uvSobFp
[2011/10/07 17:38:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\r22oonF44pH5
[2011/10/07 17:25:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\R3ooonG4amH6sJf
[2011/10/07 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\r6sWK7fELgZjCkV
[2011/10/07 17:39:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RaaQQH6ssW7fE9g
[2011/10/07 17:39:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RaQQQH6sWK7fE9T
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RBrzONyxAuS
[2011/10/07 17:26:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RCCCellIBrzNyx1
[2011/10/07 17:37:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RdddEKK8fRZhTwj
[2011/10/07 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RddWWK88fRLhTq
[2011/02/22 02:52:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RenPy
[2011/10/07 17:24:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RffRRZ99hTwjUe
[2011/10/07 17:33:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\rHTOvshzodwN4KC
[2011/10/07 17:38:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RNNNtxxA0ucSib
[2011/01/06 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Rovio
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\rrONtxA0uSiDpGa
[2011/03/10 17:17:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\runic games
[2011/10/07 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\rwkUVelOBz0c1v2
[2011/10/07 17:38:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\S33oonnF4a
[2011/10/07 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\s5QJK8fLhXj
[2011/10/07 17:37:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\S666sWWK7fELgTq
[2011/10/07 17:36:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\s6dWK7fRLgXjCkV
[2011/10/07 17:40:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\S777fRRL9gTXjYe
[2011/10/07 17:36:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\S9hTXqjUCkBzNx0
[2011/10/07 17:37:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SbF4pmG5sJdKf
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ScS1iD3on4HsJfL
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ScS1iD3on4m6W7E
[2011/10/07 17:37:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SdWWKK8fRL9hXqU
[2010/11/24 23:32:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SEGA Corporation
[2011/10/07 17:39:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\sFFF3ppnG5aQ6d
[2011/10/07 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\sfLgXCekIrN
[2011/10/07 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\sGQJK8fLhXj
[2011/10/07 17:37:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SKK88gRRZ9hXwUV
[2011/10/07 17:33:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\sms7gCrPiFsLhVz
[2011/10/07 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\sNtPcS1ib3n4m6W
[2011/10/07 17:33:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\sNtxP0ucSiDoGaH
[2011/10/07 17:36:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SNyxA0uvSiFpGaH
[2011/10/07 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SpmmGG5aQJ6dK8R
[2011/10/07 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\stPcS1ibDoGaHsJ
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SUVelIBtzNcuDb4
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzNAuDbpG
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzNAvo4GQ
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzNcuDb4G
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzPy12bp5
[2011/10/07 17:38:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\swwwjUUVelIBzNy
[2011/10/07 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\t2ob3G5aQW8LhXj
[2011/10/07 17:39:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\t33ppnGG4aQ6sK7
[2011/10/07 17:35:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TCekIVrzOtAuSiD
[2011/10/07 17:40:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tGGG5aaQJ6dW8
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tgXjYCekIO
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tgXqjYCekV
[2011/03/10 16:07:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\The Creative Assembly
[2011/10/07 17:22:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ThhhYXXwjUVlItz
[2010/04/12 03:10:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thinstall
[2011/02/22 00:45:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\thriXXX
[2011/10/07 17:38:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tjjUUCeelI
[2011/10/07 17:37:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tmG5aQJ6dKfLhXj
[2011/10/07 17:34:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tNyxA0uvSiFpGaH
[2011/10/07 17:36:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tOBtzP0yc1
[2011/10/07 17:37:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tonF4amH5W7E8Rq
[2011/10/07 17:36:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tpnG5aQH6W7R9Tq
[2011/10/07 17:39:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tPP00yccA1vD2nF
[2011/10/07 17:37:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TppnnG44aQHsW7f
[2011/10/07 17:34:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tqhYXwkUVlBz0c1
[2011/10/07 17:39:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tQJJJ6dWK8fRLhX
[2011/10/07 17:21:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tttzzP00yc
[2010/06/20 18:12:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Twilight
[2011/10/07 17:36:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tWK7fRL9gXjCkVz
[2011/10/07 17:40:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tWWWK77fRL
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tXjYCekIrO
[2011/10/07 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\tYYCCwkUUV
[2011/10/07 17:36:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\U1ivD3onFaHsJd
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\u7fRL9gTXjCk
[2011/10/07 17:26:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\u88ggTZqqYCwkVl
[2011/10/07 17:40:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\U999gTTXqjY
[2010/09/02 06:11:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ubisoft
[2011/10/07 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UCCCekkIBrzOyx0
[2011/10/07 17:34:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UCekIBrzOyA
[2011/10/07 17:39:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uCwwkkIVrlONtPu
[2011/10/07 17:39:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UddEEK88fRZhTwj
[2011/10/07 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UiiibDD3pnGaQ6s
[2011/10/07 17:39:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UJ77ddEL8gR
[2011/10/07 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UJdK8g9YwUeBzyA
[2011/10/07 17:39:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ujUUCCekI
[2011/10/07 17:40:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uK888fRZ9
[2011/10/07 17:36:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\urlONtxP0c1b
[2011/10/07 17:37:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\URZ9hTXwjClBzNx
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uS2ibD3pn
[2011/10/07 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UttzzP0yyA1iv2n
[2011/10/07 17:39:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UtzzPPNycA1uD2
[2011/10/07 17:36:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uUCelIBrz
[2011/10/07 17:33:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UUeBPy124GQd8ZT
[2011/10/07 17:37:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uvS2ibF3pGaHdKf
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UWJ7fEL8gZh
[2011/10/07 17:36:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UWK8fRL9hXjCkBz
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uXqjUCekIrOyAuS
[2011/10/07 17:21:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\UxxAA0uucSibDpn
[2011/10/07 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\v55ssQJJ6dK8fZ9
[2011/10/07 17:36:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\v6dWK7fRLg
[2011/10/07 17:38:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\vDD22obFF4mG5
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\vfLgTXqjYkVzN
[2011/10/07 17:35:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\VG5aQJ6dW8R9TqU
[2011/10/07 17:40:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\VIBBrrzONyxAuv2
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\VIBtzNAu2Fms6KR
[2011/10/07 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\VIBtzNAuDbpGQd8
[2011/10/07 17:38:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\vjjjUCCekIBrO
[2011/10/07 17:38:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\VnnnFF4pmH5sJ7E
[2011/10/07 17:34:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\vyxA0uvS2b3n5
[2011/10/07 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\w3pmG5aQJdKfLhX
[2011/10/07 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\W5QJK8fLhXjC
[2011/10/07 17:36:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\w6dWK8fRLhXjCkB
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\w6sWJ7fELg
[2011/10/07 17:24:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\w777fEEL9gTZjYe
[2010/10/21 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WB Games
[2011/10/07 17:37:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\wBrzONyxAu
[2011/10/07 17:40:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\wDD33onnG4
[2011/10/07 17:36:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\wG5aQH6dW7R9T
[2011/10/07 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\wH6sWJ7fE8TqY
[2011/10/07 17:36:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WhYCwkUVrOtP
[2010/07/16 07:36:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WindSolutions
[2011/10/07 17:36:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\wJ6dWK8fR9TqUeI
[2011/10/07 17:38:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WKK77fRLLgTXqYe
[2011/10/07 17:39:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\wNNyyxA11uS2oFp
[2011/10/07 17:33:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\wVtc2ps8TeP1b5W
[2011/10/07 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\wwUrOt0c1v
[2011/10/07 17:20:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\X000uccS2ib3p
[2011/10/07 17:40:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\x11iibDD3on
[2011/10/07 17:39:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\x777ddEK8gR
[2011/10/07 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XbF3pnG5aHdKfLg
[2011/10/07 17:36:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XBtzPNycAu
[2011/10/07 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XIIIVrrlONtx0uS
[2011/10/07 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XKKK8ffRL9hTqjC
[2011/10/07 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\xkkkUVVrlOBtP0c
[2011/10/07 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\xLL99hTTXqj
[2011/10/07 17:38:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\xrrllONttx0uc1
[2011/10/07 17:37:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XsQQJJ7dEK8gR9Y
[2011/10/07 17:23:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XxxxA00ucS2bDpn
[2011/10/07 17:36:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XYCekIVrzN
[2011/10/07 17:36:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XYCwkIVrlNx0c1b
[2011/10/07 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\y5sQJ6dEKfZhXjC
[2011/10/07 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Y666ddEK8fRZhTw
[2011/10/07 17:37:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\y8gTZqhYCkVlBx0
[2011/10/07 17:38:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\YaaQQH66dW7fR
[2011/10/07 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\yaH6sWJ7fLgZhCk
[2011/10/07 17:39:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\yhYYYXwkUVe
[2011/10/07 17:34:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\YIVrlONtx0c1b
[2011/10/07 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\yL9gTXqjYeIrOt
[2011/10/07 17:35:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\YL9hTXqjUe
[2011/10/07 17:39:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\yOONNtxxA0c
[2011/10/07 17:40:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\YP00uucS1i
[2011/10/07 17:39:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\YQQQJ66dWK8RL9T
[2011/10/07 17:37:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\yrrzOONtxA0uS2b
[2011/10/07 17:33:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ytSom7TwO0iF5Eq
[2011/10/07 17:26:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\yvvvD22onF4
[2011/10/07 17:40:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\yXqqjjUCekIBzO
[2011/10/07 17:38:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\yXXXwjjUVel
[2011/10/07 17:34:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\yyxA0uvS2bn5Q6
[2011/10/07 17:37:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\z3onF4amHsJdLgZ
[2011/10/07 17:40:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\z444aamH6sWJfE8
[2011/10/07 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Z4pmG5sQJdKfZhX
[2011/10/07 17:26:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZfEELL8gT
[2011/10/07 17:23:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\zHH55sWWJ7dL8RZ
[2011/10/07 17:27:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZIIIBrrzP
[2010/04/12 04:55:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2011/10/07 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZJ7dEK8gR
[2011/10/07 17:39:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\zK777fEL9g
[2011/10/07 17:39:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZLL99gTTXqjCeIV
[2011/10/07 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\zOtx0ucS2b3n4Q6
[2011/10/07 17:39:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\zqqqjYYCwkIVl
[2011/10/07 17:38:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZUUCCelIIrzPNx1
[2011/10/07 17:36:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZWJ7fEL8gZhCkVl
[2011/10/07 17:39:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\zWWKK8ffRLhTXjU
[2011/10/07 17:35:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZycAuvD2oFpGsJd
[2011/10/07 17:36:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZZqhYCwkUrOtPyS
[2009/07/13 22:08:49 | 000,030,156 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 55995 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, when you re-run OTL after the fix run could you ensure all users is selected please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 74 A4 AC 0C F0 3B F1 4C 81 7B 43 B1 BB FC 14 84 [binary data]
    [2011/10/07 17:40:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\YP00uucS1i
    [2011/10/07 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\S777fRRL9gTXjYe
    [2011/10/07 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PSSS2iibD3pn4aH
    [2011/10/07 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GYCCCekIVrzONx0
    [2011/10/07 17:40:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uK888fRZ9
    [2011/10/07 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\niiivDD2onF4mHs
    [2011/10/07 17:40:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OsssWKK7fEL9TZj
    [2011/10/07 17:40:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BllIIBrrzPyxAuv
    [2011/10/07 17:40:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\aUUCCekkIBrON
    [2011/10/07 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OKKK8ffRZ9
    [2011/10/07 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\iQJJ66dEK8fRZhX
    [2011/10/07 17:40:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\b777dEEL8gRZhYw
    [2011/10/07 17:40:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\x11iibDD3on
    [2011/10/07 17:40:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tGGG5aaQJ6dW8
    [2011/10/07 17:40:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\jfffELL8gTZhYwk
    [2011/10/07 17:40:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bdddELL8gRZqYX
    [2011/10/07 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wDD33onnG4
    [2011/10/07 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ONNNtxxP0ucSib3
    [2011/10/07 17:40:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tWWWK77fRL
    [2011/10/07 17:40:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QyyyxAA1uvSobFp
    [2011/10/07 17:40:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eyyycSS1ivDon4
    [2011/10/07 17:40:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\U999gTTXqjY
    [2011/10/07 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PBBBrrzPNyx
    [2011/10/07 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\oUUCCelIBrzPNx1
    [2011/10/07 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\l22oobFF3pm5aJ6
    [2011/10/07 17:40:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\g444pmmH5sQJdE
    [2011/10/07 17:40:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\xkkkUVVrlOBtP0c
    [2011/10/07 17:40:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yXqqjjUCekIBzO
    [2011/10/07 17:40:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eEEKK8gRR9hYXjV
    [2011/10/07 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\z444aamH6sWJfE8
    [2011/10/07 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pYYYCwwkUVrlBtP
    [2011/10/07 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\O44aamHH6sW7fL8
    [2011/10/07 17:40:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\dxxAA0uucS2bDpn
    [2011/10/07 17:40:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\VIBBrrzONyxAuv2
    [2011/10/07 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bHHH5ssWJ7dE8g
    [2011/10/07 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\zK777fEL9g
    [2011/10/07 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wNNyyxA11uS2oFp
    [2011/10/07 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ujUUCCekI
    [2011/10/07 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\P33ppmGG5aJ
    [2011/10/07 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pyyycAA1u
    [2011/10/07 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BUUVVellIBtPNcA
    [2011/10/07 17:39:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UiiibDD3pnGaQ6s
    [2011/10/07 17:39:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tQJJJ6dWK8fRLhX
    [2011/10/07 17:39:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\x777ddEK8gR
    [2011/10/07 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FggRRZqhhYwkUeO
    [2011/10/07 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eBBttzP00yA
    [2011/10/07 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\atxxPP0ycS1iD3n
    [2011/10/07 17:39:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\zqqqjYYCwkIVl
    [2011/10/07 17:39:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eAAA1uuvD2ob4pG
    [2011/10/07 17:39:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UJ77ddEL8gR
    [2011/10/07 17:39:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\maaQQH66sWKfE9g
    [2011/10/07 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\oekkIIVrzONtx0c
    [2011/10/07 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FqjjUUCekIBrzNx
    [2011/10/07 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\f66ddWKK7fR9gXq
    [2011/10/07 17:39:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LKKK8ffRZ9hXwjC
    [2011/10/07 17:39:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KOOONttxP0uc1
    [2011/10/07 17:39:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sFFF3ppnG5aQ6d
    [2011/10/07 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UtzzPPNycA1uD2
    [2011/10/07 17:39:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yhYYYXwkUVe
    [2011/10/07 17:39:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tPP00yccA1vD2nF
    [2011/10/07 17:39:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HdEEKK8gRZ9hYwU
    [2011/10/07 17:39:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\N666sWWJ7fELgTq
    [2011/10/07 17:39:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IUUUCeelIBrzNyA
    [2011/10/07 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pttzzP0yyc1iv2n
    [2011/10/07 17:39:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uCwwkkIVrlONtPu
    [2011/10/07 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yOONNtxxA0c
    [2011/10/07 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\t33ppnGG4aQ6sK7
    [2011/10/07 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NWWKK7ffRL9TXj
    [2011/10/07 17:39:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\YQQQJ66dWK8RL9T
    [2011/10/07 17:39:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OYYCCwkkUV
    [2011/10/07 17:39:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DqqqjYYCwkIVlOt
    [2011/10/07 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\zWWKK8ffRLhTXjU
    [2011/10/07 17:39:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Y666ddEK8fRZhTw
    [2011/10/07 17:39:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\puuvvS22o
    [2011/10/07 17:39:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\kvvDD2oobFpmGs
    [2011/10/07 17:39:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\d55ssQJJ7
    [2011/10/07 17:39:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\K777fRRL9gTXj
    [2011/10/07 17:39:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UddEEK88fRZhTwj
    [2011/10/07 17:39:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QccSS11ivD3nFam
    [2011/10/07 17:39:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RaQQQH6sWK7fE9T
    [2011/10/07 17:39:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RaaQQH6ssW7fE9g
    [2011/10/07 17:39:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GssWWK77fE9gTqj
    [2011/10/07 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\InnnG44aQH6WKfE
    [2011/10/07 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\dOOBBtzzP0yA1v2
    [2011/10/07 17:39:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QnnnG44amH6WJ7E
    [2011/10/07 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\jzzOONyxA0uvSiF
    [2011/10/07 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\mYXXwwkUVelOt
    [2011/10/07 17:39:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lLLL8ggRZ
    [2011/10/07 17:39:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\o00uucS1ibD3oG
    [2011/10/07 17:39:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IggTTZqqjYCkIrl
    [2011/10/07 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZLL99gTTXqjCeIV
    [2011/10/07 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\i333pmmG5aQJdW8
    [2011/10/07 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\l88ggRRZqhYwkVe
    [2011/10/07 17:38:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pvvvS22ibF3nGaQ
    [2011/10/07 17:38:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pNyyyxA1uvS2oFp
    [2011/10/07 17:38:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LuvvvS2ibF3pn5Q
    [2011/10/07 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\C55ssQJ66EK8fZh
    [2011/10/07 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\VnnnFF4pmH5sJ7E
    [2011/10/07 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\noonnF44a
    [2011/10/07 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KH66ddWK7f
    [2011/10/07 17:38:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\swwwjUUVelIBzNy
    [2011/10/07 17:38:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OUVVeelOBt
    [2011/10/07 17:38:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\gPPPNyycA1u
    [2011/10/07 17:38:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\S33oonnF4a
    [2011/10/07 17:38:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NrrrlOONtxP0cSi
    [2011/10/07 17:38:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hCeekkIVrzONxAu
    [2011/10/07 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vDD22obFF4mG5
    [2011/10/07 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eGGG4aaQH6sW7fL
    [2011/10/07 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BQQHH6ssWK7ELgT
    [2011/10/07 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\a555aQQH6dWKfR9
    [2011/10/07 17:38:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RddWWK88fRLhTq
    [2011/10/07 17:38:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tjjUUCeelI
    [2011/10/07 17:38:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\mgggRZZ9hY
    [2011/10/07 17:38:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\xrrllONttx0uc1
    [2011/10/07 17:38:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UttzzP0yyA1iv2n
    [2011/10/07 17:38:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LllIIBttzPNcAu
    [2011/10/07 17:38:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EellIIBtzPNyc
    [2011/10/07 17:38:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\K33oonF44aH5sJd
    [2011/10/07 17:38:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qSSS2iibD3pn4aH
    [2011/10/07 17:38:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hnnnG44amH6sJ7E
    [2011/10/07 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FFF44pmmG5sJ6EK
    [2011/10/07 17:38:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RNNNtxxA0ucSib
    [2011/10/07 17:38:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\YaaQQH66dW7fR
    [2011/10/07 17:38:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\J9hhTTXqj
    [2011/10/07 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pAAA1uuvS
    [2011/10/07 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DwwwjUUVelIBzPy
    [2011/10/07 17:38:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XIIIVrrlONtx0uS
    [2011/10/07 17:38:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GmHH55sWJ7
    [2011/10/07 17:38:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cooonFF4pmH5QJd
    [2011/10/07 17:38:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\coonnF44pmHsQ7d
    [2011/10/07 17:38:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\l0yyccS1ivD3nFa
    [2011/10/07 17:38:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qTTZZqjjYCwIVlO
    [2011/10/07 17:38:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\kDDD3oonG4aH6W
    [2011/10/07 17:38:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CUUUCeekIBr
    [2011/10/07 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pffEEL99g
    [2011/10/07 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FYYCCekkIVrONx0
    [2011/10/07 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fWWKK7ffELgTZjY
    [2011/10/07 17:38:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pRRRL99hTXqUCeI
    [2011/10/07 17:38:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KBBBttzPNycAuv2
    [2011/10/07 17:38:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EXXwwjUUCe
    [2011/10/07 17:38:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IL88ggTZqhYCkUr
    [2011/10/07 17:38:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yXXXwjjUVel
    [2011/10/07 17:38:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cwwwjjUVelIB
    [2011/10/07 17:38:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\r22oonF44pH5
    [2011/10/07 17:38:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hvvvDD3onF4aH5W
    [2011/10/07 17:38:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bQHH66sWK7fE9g
    [2011/10/07 17:38:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bDDD3oonG4aH6WJ
    [2011/10/07 17:38:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZUUCCelIIrzPNx1
    [2011/10/07 17:38:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\INttxxA0ucS2bDp
    [2011/10/07 17:38:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fxAA00ucS2ib3pG
    [2011/10/07 17:38:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\WKK77fRLLgTXqYe
    [2011/10/07 17:38:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vjjjUCCekIBrO
    [2011/10/07 17:38:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bZ999hTXwjUCeI
    [2011/10/07 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVVVellIBtzNyA1
    [2011/10/07 17:37:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\p33oonG44aH6sJ7
    [2011/10/07 17:37:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QBtttzP0ycA
    [2011/10/07 17:37:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\JtzzPP0ycA1i
    [2011/10/07 17:37:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CCCCwkkUVrl
    [2011/10/07 17:37:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AmmHH6ssWJfELgT
    [2011/10/07 17:37:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ojjjYYCwkIVrON
    [2011/10/07 17:37:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NAAA0uucS2i
    [2011/10/07 17:37:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\o999hTXqqUCekBz
    [2011/10/07 17:37:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\TppnnG44aQHsW7f
    [2011/10/07 17:37:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\S666sWWK7fELgTq
    [2011/10/07 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SdWWKK8fRL9hXqU
    [2011/10/07 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\I88ffRLL9hTqjCe
    [2011/10/07 17:37:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RdddEKK8fRZhTwj
    [2011/10/07 17:37:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\J44ppmG55sJ6dKf
    [2011/10/07 17:37:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\dxxPP0ycS1ivDoF
    [2011/10/07 17:37:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SKK88gRRZ9hXwUV
    [2011/10/07 17:37:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XsQQJJ7dEK8gR9Y
    [2011/10/07 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\h6ssWWJ7fEL8
    [2011/10/07 17:37:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yrrzOONtxA0uS2b
    [2011/10/07 17:37:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OfffELL9gTZqYCk
    [2011/10/07 17:37:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\mIIIVrzONtxAuc2
    [2011/10/07 17:37:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\pccAA1uuvD2bFpm
    [2011/10/07 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EpppnGG5aQH6W
    [2011/10/07 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\d333pnnG5aQ6
    [2011/10/07 17:37:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\J9hhTTXwjUCelBz
    [2011/10/07 17:37:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\k111ivvD2onFpm5
    [2011/10/07 17:37:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IPPP0yycS1iv3oF
    [2011/10/07 17:37:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IPPP0yycS1iD3oF
    [2011/10/07 17:37:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uvS2ibF3pGaHdKf
    [2011/10/07 17:37:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CjUCekIBrOyAuSi
    [2011/10/07 17:37:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cdWK7fRL9TqY
    [2011/10/07 17:37:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AWK7fRL9gXjC
    [2011/10/07 17:37:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\URZ9hTXwjClBzNx
    [2011/10/07 17:37:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SbF4pmG5sJdKf
    [2011/10/07 17:37:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\a4pmH5sQJdKgZhX
    [2011/10/07 17:37:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CVelOBtzyAi
    [2011/10/07 17:37:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZJ7dEK8gR
    [2011/10/07 17:37:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EOBtzP0yc1
    [2011/10/07 17:37:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\z3onF4amHsJdLgZ
    [2011/10/07 17:37:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\y8gTZqhYCkVlBx0
    [2011/10/07 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\N1iibD3oG4am6Wf
    [2011/10/07 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\K2ibD3pnGaHsK
    [2011/10/07 17:37:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wBrzONyxAu
    [2011/10/07 17:37:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Q9gTXqjYCkV
    [2011/10/07 17:37:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tmG5aQJ6dKfLhXj
    [2011/10/07 17:37:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LA0uvS2ib3n
    [2011/10/07 17:37:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\nvD2obF4pGsJdKf
    [2011/10/07 17:37:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HTXwjUCelBzNx1v
    [2011/10/07 17:37:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tonF4amH5W7E8Rq
    [2011/10/07 17:37:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\C2onF4pmHsJ
    [2011/10/07 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\JwkUVelOBz0c
    [2011/10/07 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\A4amH5sWJdLgZhX
    [2011/10/07 17:36:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XYCwkIVrlNx0c1b
    [2011/10/07 17:36:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fG4amH6sW7E8TqY
    [2011/10/07 17:36:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\B2ibD3pnGaHsKfL
    [2011/10/07 17:36:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tWK7fRL9gXjCkVz
    [2011/10/07 17:36:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wJ6dWK8fR9TqUeI
    [2011/10/07 17:36:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\w6dWK8fRLhXjCkB
    [2011/10/07 17:36:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UWK8fRL9hXjCkBz
    [2011/10/07 17:36:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\j9hTXwjUCl
    [2011/10/07 17:36:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ClIBtzPNyAuDoFp
    [2011/10/07 17:36:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tOBtzP0yc1
    [2011/10/07 17:36:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\O1ivD3onFaHsJdL
    [2011/10/07 17:36:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\JibD3onG4
    [2011/10/07 17:36:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CS1ivD3on4m5W7E
    [2011/10/07 17:36:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\b3onF4amHsJdLgZ
    [2011/10/07 17:36:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qucS2ibD3n4Q
    [2011/10/07 17:36:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\v6dWK7fRLg
    [2011/10/07 17:36:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\S9hTXqjUCkBzNx0
    [2011/10/07 17:36:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QQJ6dEK8fZhXjCl
    [2011/10/07 17:36:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eYXwjUVelBzNc1
    [2011/10/07 17:36:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uUCelIBrz
    [2011/10/07 17:36:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CsQJ6dEK8R9TwU
    [2011/10/07 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\urlONtxP0c1b
    [2011/10/07 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\U1ivD3onFaHsJd
    [2011/10/07 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FWJ7fEL8gZhC
    [2011/10/07 17:36:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SNyxA0uvSiFpGaH
    [2011/10/07 17:36:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\C8fRL9hTXjC
    [2011/10/07 17:36:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wG5aQH6dW7R9T
    [2011/10/07 17:36:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hgTXqjYCeIrOtAu
    [2011/10/07 17:36:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XBtzPNycAu
    [2011/10/07 17:36:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LEK8fRZ9hXj
    [2011/10/07 17:36:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\d6dEK8fRZ
    [2011/10/07 17:36:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\WhYCwkUVrOtP
    [2011/10/07 17:36:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eG4amH6sW7E8TqY
    [2011/10/07 17:36:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZWJ7fEL8gZhCkVl
    [2011/10/07 17:36:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\e4amH6sWJfLgZh
    [2011/10/07 17:36:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\A8gTZqhYCkVlBx0
    [2011/10/07 17:36:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hS1ibD3on
    [2011/10/07 17:36:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yL9gTXqjYeIrOt
    [2011/10/07 17:36:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XbF3pnG5aHdKfLg
    [2011/10/07 17:36:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CrzONyxA0v2
    [2011/10/07 17:36:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\H8RhwCIrNAuSoFp
    [2011/10/07 17:36:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\F1uvS2obF
    [2011/10/07 17:36:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lZ9hTXwjU
    [2011/10/07 17:36:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EIBtzPNyc1v2b4m
    [2011/10/07 17:36:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZZqhYCwkUrOtPyS
    [2011/10/07 17:36:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NWK7fEL9gZjCkVl
    [2011/10/07 17:36:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\C3pnG4aQHsKfLg
    [2011/10/07 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tpnG5aQH6W7R9Tq
    [2011/10/07 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\s6dWK7fRLgXjCkV
    [2011/10/07 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\krzONtxA0c2b3n4
    [2011/10/07 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\F3pnG5aQHdKfLgX
    [2011/10/07 17:36:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EbF3pnG5aHdKfLg
    [2011/10/07 17:36:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XYCekIVrzN
    [2011/10/07 17:36:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\c5aQH6dWKfLgXjC
    [2011/10/07 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\YL9hTXqjUe
    [2011/10/07 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\w3pmG5aQJdKfLhX
    [2011/10/07 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\VG5aQJ6dW8R9TqU
    [2011/10/07 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LQJ6dWK8fLhXjCk
    [2011/10/07 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ImG5aQJ6dKfLhXj
    [2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Z4pmG5sQJdKfZhX
    [2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\y5sQJ6dEKfZhXjC
    [2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ppmG5sQJ6E8R9Tw
    [2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\oRZ9hTXwjClBzN
    [2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KfRZ9hTXwUeIr
    [2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GG5sQJ6dE8R9TwU
    [2011/10/07 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\csQJ6dEK8
    [2011/10/07 17:35:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\TCekIVrzOtAuSiD
    [2011/10/07 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZycAuvD2oFpGsJd
    [2011/10/07 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bhTXwjUCeIrPyAu
    [2011/10/07 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\rwkUVelOBz0c1v2
    [2011/10/07 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OUVelOBtz0c1v2n
    [2011/10/07 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NVelOBtzPyAiDop
    [2011/10/07 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NVelOBtzPyAiDoF
    [2011/10/07 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fvD2onF4pH
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yaH6sWJ7fLgZhCk
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\w6sWJ7fELg
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UWJ7fEL8gZh
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ScS1iD3on4m6W7E
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ScS1iD3on4HsJfL
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\mG4amH6sW7E8TqY
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\k1ibD3onGaHsJfL
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\jsWJ7fEL8T
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IiD3onG4aHsJfLg
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\G4amH6sWJfLgZhC
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\G4aH6sWJ7E8TqYw
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\famH5sWJ7E8RqYw
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eS1iD3onGaHsJfL
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\d7fEL8gTZhCk
    [2011/10/07 17:35:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AH6sWJ7fE
    [2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ogXjCkVOtAuSiDp
    [2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\oggXjCkVzNAuSiD
    [2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\oggTqYeIrOtAuSi
    [2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\K9ggTqYeIrOx0c2
    [2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\EHH66sWKfLgZY
    [2011/10/07 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bCwIIVrNtPuSiDo
    [2011/10/07 17:35:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wwUrOt0c1v
    [2011/10/07 17:34:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OopG5aQJ6KR9X
    [2011/10/07 17:34:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LkUVelOBtPy
    [2011/10/07 17:34:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FelOBtzP0c1v
    [2011/10/07 17:34:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UCekIBrzOyA
    [2011/10/07 17:34:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tNyxA0uvSiFpGaH
    [2011/10/07 17:34:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LBrzONyxAuSiFp
    [2011/10/07 17:34:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\edEK8gRZ9Yw
    [2011/10/07 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\r6sWK7fELgZjCkV
    [2011/10/07 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OWK7fEL9gZjCkVl
    [2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yyxA0uvS2bn5Q6
    [2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vfLgTXqjYkVzN
    [2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\u7fRL9gTXjCk
    [2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\kCekIBrzOyAuSiF
    [2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\hD3pnG4aQ6W7E9T
    [2011/10/07 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GyxA0uvS2bn5Q
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\W5QJK8fLhXjC
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uXqjUCekIrOyAuS
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\t2ob3G5aQW8LhXj
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sGQJK8fLhXj
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\s5QJK8fLhXj
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RBrzONyxAuS
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QhTXqjUCeIrOyAu
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QhTXqjCekBzNx0v
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Pb3GQJK8fLhXjCk
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LzNAu2Fms6KRhXU
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HTXqjUCekBzNx0v
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FS2obFmG5QW8R9T
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\FS2ob3G5a6W8LhX
    [2011/10/07 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\a9hTXqjUCkBzNx0
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\VIBtzNAuDbpGQd8
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\VIBtzNAu2Fms6KR
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzPy12bp5
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzNcuDb4G
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzNAvo4GQ
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUVlIBtzNAuDbpG
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUVelIBtzNcuDb4
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QYXwjUVlItNcuD
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IlIBtzNAvo4GQd8
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\IlIBtzNAuDbpGQd
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eVelIBtzPc1Db4G
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzy12bp5
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzNcuDb4
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzNAu2Fm
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzc2p5JE
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVlIBtzAvo4GQ
    [2011/10/07 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\cjUVelIBtNcuDb4
    [2011/10/07 17:34:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GByu2Fp5QW
    [2011/10/07 17:34:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sfLgXCekIrN
    [2011/10/07 17:34:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\gTXwjUCelBz
    [2011/10/07 17:34:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vyxA0uvS2b3n5
    [2011/10/07 17:34:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PWK8fRL9hXjCkB
    [2011/10/07 17:34:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DjUVelIBtPyAuD
    [2011/10/07 17:34:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tqhYXwkUVlBz0c1
    [2011/10/07 17:34:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PYXwkUVelBz0c1v
    [2011/10/07 17:34:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NXwkUVelOtPyAiD
    [2011/10/07 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\YIVrlONtx0c1b
    [2011/10/07 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QlONtxP0uSiDoG
    [2011/10/07 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PCwkIVrlOtP
    [2011/10/07 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KgTZqjYCwIrOtPu
    [2011/10/07 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BcS1ibD3oGaHsJf
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\zOtx0ucS2b3n4Q6
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uS2ibD3pn
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tXjYCekIrO
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tgXqjYCekV
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tgXjYCekIO
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\rrONtxA0uSiDpGa
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QucS2ibD3n4Q6W7
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PXYekIrONx0
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PgXqYCekIzN
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\paQH6sWK7E9TqYw
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HcS2ibD3pGaHsKf
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DzONtxA0uSiDpGa
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\brzOtxA0uSiDpGa
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bIONtxA0uSiDpGa
    [2011/10/07 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\a0ucS2ibDpGaHsK
    [2011/10/07 17:34:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HmJEg9XUltN
    [2011/10/07 17:33:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\gci3Ga6K7E9
    [2011/10/07 17:33:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\gAu2b3n4HsK
    [2011/10/07 17:33:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\n8LTjeBOy0SbpGQ
    [2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wH6sWJ7fE8TqY
    [2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UJdK8g9YwUeBzyA
    [2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\stPcS1ibDoGaHsJ
    [2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sNtPcS1ib3n4m6W
    [2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QtPcS1ibDoGaHsJ
    [2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PZqhYCVOxy1v3n4
    [2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\kH5QJd8g9XUeBPc
    [2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\eSibD3onGaHsJfL
    [2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BibD3onG4m6W7E8
    [2011/10/07 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ApmHQJE8gZYweBP
    [2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sNtxP0ucSiDoGaH
    [2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QtxP0ucS1b3n4m6
    [2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NVrlONtPc1b3n4
    [2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NVrlONt0c1b3n4
    [2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NVNx0S1ib3n4m6
    [2011/10/07 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CgqCIVONtPc1b3n
    [2011/10/07 17:33:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\aS2ibD3nGQ
    [2011/10/07 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\wVtc2ps8TeP1b5W
    [2011/10/07 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UUeBPy124GQd8ZT
    [2011/10/07 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\rHTOvshzodwN4KC
    [2011/10/07 17:33:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AXUeBPy1Do45Jd8
    [2011/10/07 17:33:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ytSom7TwO0iF5Eq
    [2011/10/07 17:33:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ghr2HTODKjt3Jhx
    [2011/10/07 17:33:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\CbHETwO0vFs
    [2011/10/07 17:33:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ahUrAiGdLjItSpH
    [2011/10/07 17:33:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\sms7gCrPiFsLhVz
    [2011/10/07 17:28:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\bxPP00ucS1ibDoG
    [2011/10/07 17:28:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OGG55aQJJdWK8R9
    [2011/10/07 17:28:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DddEEK88gRZhYwj
    [2011/10/07 17:28:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\iqqqjYYCwkIrlOt
    [2011/10/07 17:28:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OA111uvS2obF3m5
    [2011/10/07 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\b3oonnF4amH5WJd
    [2011/10/07 17:27:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\JHHH6ddWK7fR9gX
    [2011/10/07 17:27:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZIIIBrrzP
    [2011/10/07 17:27:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lPPP0yycS1iv3oF
    [2011/10/07 17:27:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DbbFF3pnnGaQHdK
    [2011/10/07 17:27:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DJJ77dEEK8RZ9YX
    [2011/10/07 17:27:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BwwwkUUVrlOtxPy
    [2011/10/07 17:27:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\gAA00uvvS2bF3nG
    [2011/10/07 17:27:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\loonnF4ppm5sQ7d
    [2011/10/07 17:27:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\HTTTZqqjYCw
    [2011/10/07 17:26:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RCCCellIBrzNyx1
    [2011/10/07 17:26:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\yvvvD22onF4
    [2011/10/07 17:26:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lbbDD3ppnG4QHsW
    [2011/10/07 17:26:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\v55ssQJJ6dK8fZ9
    [2011/10/07 17:26:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\u88ggTZqqYCwkVl
    [2011/10/07 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BNNNyyxA0uvSib3
    [2011/10/07 17:26:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lD22oobF4pmG5Q6
    [2011/10/07 17:26:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ZfEELL8gT
    [2011/10/07 17:26:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\e999hTTXqjUCkIr
    [2011/10/07 17:25:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BtttzPP0ycA1vDo
    [2011/10/07 17:25:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\R3ooonG4amH6sJf
    [2011/10/07 17:25:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\xLL99hTTXqj
    [2011/10/07 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\mkUUVVelOB
    [2011/10/07 17:25:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\G0uuccS2ib
    [2011/10/07 17:25:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\GpmmGG5sQJ
    [2011/10/07 17:25:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qRRRZqqhYXwk
    [2011/10/07 17:25:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KxxxA00ucS2iD3n
    [2011/10/07 17:25:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\C222oobF4pmGsQ
    [2011/10/07 17:24:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fiibbD3ooG4am6W
    [2011/10/07 17:24:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SpmmGG5aQJ6dK8R
    [2011/10/07 17:24:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\fZZZ9hhYXwjUelB
    [2011/10/07 17:24:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ntttxxP0u
    [2011/10/07 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\nbbbF33pm
    [2011/10/07 17:24:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LsWWJJ7dEL8gZqY
    [2011/10/07 17:24:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\w777fEEL9gTZjYe
    [2011/10/07 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\RffRRZ99hTwjUe
    [2011/10/07 17:24:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BwwkkUVrrlBtx
    [2011/10/07 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OyyxxA0uuv2ib
    [2011/10/07 17:23:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lonnnF4pmH5s
    [2011/10/07 17:23:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Q44aamH6sWJ7fLg
    [2011/10/07 17:23:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XKKK8ffRL9hTqjC
    [2011/10/07 17:23:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PqqhhYXXwkVelBt
    [2011/10/07 17:23:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\XxxxA00ucS2bDpn
    [2011/10/07 17:23:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\N222obbF4pm5sQ6
    [2011/10/07 17:23:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\zHH55sWWJ7dL8RZ
    [2011/10/07 17:23:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\JekkkIVrz
    [2011/10/07 17:22:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QyyycAA1uvD2bFp
    [2011/10/07 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\QnnGG4amm6sWJfL
    [2011/10/07 17:22:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\J88ffRLL9
    [2011/10/07 17:22:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ThhhYXXwjUVlItz
    [2011/10/07 17:22:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qLL99gTTZqjC
    [2011/10/07 17:22:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\qeeelIIBrzPy
    [2011/10/07 17:22:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\frrrllOBtxP0cSi
    [2011/10/07 17:22:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\dccSS2ibb3pnGaH
    [2011/10/07 17:22:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\F6ddEEK8f
    [2011/10/07 17:21:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tYYCCwkUUV
    [2011/10/07 17:21:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UCCCekkIBrzOyx0
    [2011/10/07 17:21:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\nDD22onnF
    [2011/10/07 17:21:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KmmHH6ssWJ7ELgT
    [2011/10/07 17:21:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\o999hTTXqjUekIr
    [2011/10/07 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\tttzzP00yc
    [2011/10/07 17:21:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\UxxAA0uucSibDpn
    [2011/10/07 17:21:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KGGG5ssQJ6dE8fZ
    [2011/10/07 17:21:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\NXXXwkkUVel
    [2011/10/07 17:20:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\X000uccS2ib3p
    [2011/10/07 17:20:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DJJJ6ddEK8fR9hX
    [2011/10/07 17:20:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\lYYYCwwkUVrlBtP
    @Alternate Data Stream - 55995 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

  • 0

#3
mjwalters0716

mjwalters0716

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
K, here's the OTL log with All Users checked:

OTL logfile created on: 10/8/2011 1:32:56 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Michael\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.05 Gb Available Physical Memory | 67.63% Memory free
11.98 Gb Paging File | 9.72 Gb Available in Paging File | 81.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.32 Gb Total Space | 37.12 Gb Free Space | 19.00% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 102.44 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Drive E: | 341.80 Gb Total Space | 79.93 Gb Free Space | 23.39% Space Free | Partition Type: NTFS
Drive F: | 394.40 Gb Total Space | 24.88 Gb Free Space | 6.31% Space Free | Partition Type: NTFS
Drive G: | 341.80 Gb Total Space | 34.94 Gb Free Space | 10.22% Space Free | Partition Type: NTFS
Drive H: | 394.40 Gb Total Space | 7.51 Gb Free Space | 1.90% Space Free | Partition Type: NTFS
Drive I: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 4.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VCHOMENET | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011/10/05 09:04:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/01 17:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/01 23:27:50 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Steam\steam.exe
PRC - [2011/07/12 17:48:23 | 000,288,280 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskTeam.exe
PRC - [2011/07/12 17:48:23 | 000,218,648 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskHelper.exe
PRC - [2011/06/07 20:54:05 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/15 13:38:15 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/01/18 21:43:02 | 000,124,256 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/05 09:04:54 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/01 21:29:24 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 22:00:28 | 014,410,024 | ---- | M] () -- E:\Steam\bin\libcef.dll
MOD - [2011/09/29 22:00:28 | 000,914,216 | ---- | M] () -- E:\Steam\bin\avcodec-52.dll
MOD - [2011/09/29 22:00:28 | 000,190,248 | ---- | M] () -- E:\Steam\bin\chromehtml.dll
MOD - [2011/09/29 22:00:28 | 000,155,432 | ---- | M] () -- E:\Steam\bin\avformat-52.dll
MOD - [2011/09/29 22:00:28 | 000,091,432 | ---- | M] () -- E:\Steam\bin\avutil-50.dll
MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/07 20:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/12 04:09:58 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/02 02:43:15 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/15 13:38:15 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/12 01:32:32 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/07 19:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/30 11:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/01/14 11:57:01 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/01/14 11:57:01 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/17 15:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/08/21 01:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/01/21 18:45:00 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007/06/26 09:45:14 | 000,362,496 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WMP54Gv41x64.sys -- (rt61x64)
DRV - [2010/03/13 12:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/12 02:24:05] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 74 A4 AC 0C F0 3B F1 4C 81 7B 43 B1 BB FC 14 84 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 74 A4 AC 0C F0 3B F1 4C 81 7B 43 B1 BB FC 14 84 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 74 A4 AC 0C F0 3B F1 4C 81 7B 43 B1 BB FC 14 84 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 74 A4 AC 0C F0 3B F1 4C 81 7B 43 B1 BB FC 14 84 [binary data]

IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 76 19 AF 18 14 CB 01 [binary data]
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/07 15:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 09:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/13 21:51:23 | 000,000,000 | ---D | M]

[2010/04/11 21:27:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2011/10/07 19:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3pcn1rg6.default\extensions
[2011/07/13 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/01 04:15:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/07 15:39:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3PCN1RG6.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011/10/05 09:04:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/01 04:15:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/05 09:04:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/05 06:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/10/08 13:26:16 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000..\Run: [oDesk Team] C:\Program Files (x86)\oDesk\oDeskTeam.exe (oDesk Corporation)
O4 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000..\Run: [Steam] E:\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2228E5B4-283C-4B18-9A08-6E685799DDBD}: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED954E1E-9734-4080-997A-B0ECD040F76D}: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 01:39:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0ca5b687-45d4-11df-aef3-00248c3f6f27}\Shell - "" = AutoRun
O33 - MountPoints2\{0ca5b687-45d4-11df-aef3-00248c3f6f27}\Shell\AutoRun\command - "" = L:\StartHere.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/08 13:26:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 19:13:45 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:07:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\GooredFix Backups
[2011/10/07 19:07:12 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/07 19:05:24 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 19:01:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/07 18:59:43 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2011/10/07 17:34:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
[2011/10/07 17:17:18 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/10/07 15:40:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/07 15:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/07 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/07 15:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/04 23:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic
[2011/10/02 23:02:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Crash Test Dummies (6 Albums)
[2011/10/02 23:01:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Hot Action Cop - Hot Action Cop
[2011/10/02 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\A Beautiful Mind Soundtrack
[2011/10/02 19:37:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Corpse Bride Soundtrack
[2011/10/01 21:30:07 | 000,000,000 | R--D | C] -- C:\Users\Michael\Dropbox
[2011/10/01 21:27:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/10/01 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ATI
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ATI
[2011/09/30 00:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/09/30 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/09/30 00:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/09/29 23:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/09/29 23:52:32 | 000,000,000 | ---D | C] -- C:\ATI
[2011/09/29 22:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/09/28 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\SWTOR
[2011/09/27 01:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ 3D
[2011/09/26 21:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Poser
[2011/09/26 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/09/26 21:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Poser 8 Content
[2011/09/22 17:51:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/09/19 01:31:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\RCT3
[2011/09/19 01:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
[2011/09/13 16:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine
[2011/09/13 06:30:08 | 000,037,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/08 13:35:00 | 000,782,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/08 13:35:00 | 000,662,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/08 13:35:00 | 000,121,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/08 13:29:28 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/08 13:29:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/08 13:28:51 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/08 13:26:16 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/10/08 13:03:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/07 19:35:03 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 19:35:03 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:05:25 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 18:59:44 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:02:29 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/10/07 15:42:37 | 069,229,383 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/07 12:46:24 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/05 18:33:46 | 000,328,971 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/05 09:05:12 | 000,002,052 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/01 21:30:07 | 000,001,042 | ---- | M] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | M] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/22 15:57:35 | 000,437,695 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111007-174841.backup
[2011/09/19 01:31:42 | 000,001,089 | ---- | M] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | M] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | M] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2011/09/08 22:24:50 | 000,437,405 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110922-155735.backup
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/01 21:30:07 | 000,001,042 | ---- | C] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | C] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/19 01:31:42 | 000,001,089 | ---- | C] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | C] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | C] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/07/12 01:06:43 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/14 09:44:10 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/01/27 17:30:55 | 000,000,507 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/12/19 01:18:21 | 000,003,879 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Perfmon.PerfmonCfg
[2010/12/18 20:10:10 | 000,007,601 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2010/10/05 18:24:34 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/05 18:24:34 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/15 13:38:16 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/15 13:38:15 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/15 13:38:15 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/06/13 22:10:43 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/06/11 18:25:27 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/05/25 10:09:14 | 000,011,776 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 04:31:24 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/05/02 02:51:19 | 000,221,608 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/05/01 03:31:38 | 000,776,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/12 08:47:02 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2010/04/12 04:42:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/04/12 02:58:26 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/12 02:54:31 | 004,902,912 | ---- | C] () -- C:\Windows\SysWow64\qt-mt335.dll
[2010/04/11 22:56:18 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/11 22:37:03 | 000,121,753 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2010/04/11 18:37:03 | 000,052,864 | R--- | C] () -- C:\Windows\SysWow64\SetupWizard.exe
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/12/28 00:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/06/12 08:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== LOP Check ==========

[2011/09/08 19:52:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.purple
[2011/09/19 01:31:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Atari
[2010/04/12 03:54:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Autodesk
[2011/10/07 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/07 22:52:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Azureus
[2010/09/04 03:31:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BoneTown
[2011/02/22 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Braid
[2010/06/08 14:06:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2010/09/06 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Chime
[2010/04/12 04:29:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.ExMan
[2010/08/16 22:42:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ContentGuard
[2010/05/06 04:32:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cYo
[2011/01/28 05:03:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAZ 3D
[2011/05/18 13:30:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DisneyInteractiveStudios
[2011/10/08 13:30:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FreeAudioPack
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2011/04/29 12:30:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ice-pick Lodge
[2010/04/12 08:47:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ImgBurn
[2011/07/11 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\jAlbum
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Juniper Networks
[2011/09/22 17:51:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/04/12 14:15:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LucasArts
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Luxology
[2010/06/28 12:10:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Need for Speed World
[2011/05/27 14:14:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Notepad++
[2010/05/06 04:55:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PlayFirst
[2010/07/27 18:11:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Pmcc
[2011/09/26 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/02/22 02:52:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RenPy
[2011/01/06 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Rovio
[2011/03/10 17:17:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\runic games
[2010/11/24 23:32:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SEGA Corporation
[2011/03/10 16:07:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\The Creative Assembly
[2010/04/12 03:10:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thinstall
[2011/02/22 00:45:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\thriXXX
[2010/06/20 18:12:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Twilight
[2010/09/02 06:11:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ubisoft
[2010/10/21 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WB Games
[2010/07/16 07:36:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WindSolutions
[2010/04/12 04:55:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2009/07/13 22:08:49 | 000,030,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

And here is the ComboFix Log:

ComboFix 11-10-08.04 - Michael 10/08/2011 13:42:00.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6134.4067 [GMT -7:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Internet Explorer\8832.tmp
C:\Thumbs.db
c:\users\Michael\AppData\Local\oDesk\oDeskUpdate\oDeskupdt32.dll
c:\users\Michael\AppData\Roaming\Adobe\plugs
c:\users\Michael\AppData\Roaming\Adobe\shed
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
H:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))
.
.
2011-10-08 20:46 . 2011-10-08 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- C:\_OTL
2011-10-08 02:01 . 2011-10-08 02:01 -------- d-----w- C:\_OTM
2011-10-08 01:00 . 2011-10-08 01:00 -------- d-----w- c:\programdata\WSTB
2011-10-07 22:38 . 2011-10-07 22:38 -------- d-----w- c:\users\Michael\AppData\Roaming\AVG2012
2011-10-07 22:38 . 2011-10-07 22:45 -------- d-----w- c:\programdata\AVG2012
2011-10-02 04:30 . 2011-10-08 20:30 -------- d-----r- c:\users\Michael\Dropbox
2011-10-02 04:27 . 2011-10-08 20:49 -------- d-----w- c:\users\Michael\AppData\Roaming\Dropbox
2011-09-30 07:25 . 2011-09-30 07:25 -------- d-----w- c:\users\Michael\AppData\Roaming\ATI
2011-09-30 07:25 . 2011-09-30 07:25 -------- d-----w- c:\users\Michael\AppData\Local\ATI
2011-09-30 07:23 . 2011-09-30 07:23 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-09-30 07:23 . 2011-09-30 07:24 -------- d-----w- c:\program files\ATI Technologies
2011-09-30 07:21 . 2011-09-30 07:21 0 ----a-w- c:\windows\ativpsrm.bin
2011-09-30 06:52 . 2011-09-30 06:52 -------- d-----w- c:\program files\ATI
2011-09-30 06:52 . 2011-09-30 06:52 -------- d-----w- C:\ATI
2011-09-30 05:57 . 2011-09-30 05:57 -------- d-----w- c:\programdata\ATI
2011-09-30 05:56 . 2011-09-30 05:56 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-09-30 05:56 . 2011-09-30 05:56 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-09-29 01:02 . 2011-09-29 01:02 -------- d-----w- c:\users\Michael\AppData\Local\SWTOR
2011-09-27 08:52 . 2011-09-27 08:52 -------- d-----w- c:\program files (x86)\DAZ 3D
2011-09-27 04:52 . 2011-09-27 04:52 -------- d-----w- c:\programdata\Poser
2011-09-27 04:51 . 2011-09-27 04:51 -------- d-----w- c:\users\Michael\AppData\Roaming\Poser
2011-09-27 04:41 . 2011-09-27 04:41 -------- d-----w- c:\program files (x86)\Smith Micro
2011-09-23 00:51 . 2011-09-23 00:51 -------- d-----w- c:\users\Michael\AppData\Roaming\Leadertech
2011-09-14 18:47 . 2011-09-14 18:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 18:47 . 2011-09-14 18:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 18:47 . 2011-09-14 18:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 18:46 . 2011-09-14 18:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 18:38 . 2011-09-14 18:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 18:38 . 2011-09-14 18:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-13 13:30 . 2011-09-13 13:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 04:29 . 2011-08-17 07:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 00:00 . 2010-04-12 05:37 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-08 13:08 . 2011-08-08 13:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-07-11 08:14 . 2011-07-11 08:14 375376 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2011-07-11 08:14 . 2011-07-11 08:14 29776 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 08:14 . 2011-07-11 08:14 26704 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 08:14 . 2011-07-11 08:14 120400 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 08:13 . 2011-07-11 08:13 282704 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\Steam.exe" [2011-08-02 1242448]
"oDesk Team"="c:\program files (x86)\oDesk\oDeskTeam.exe" [2011-07-13 288280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-19 124256]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-12 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-12 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-12 136176]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/12 02:24];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 19:58 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-12 10:26]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-12 10:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"combofix"="c:\combofix\CF9044.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3pcn1rg6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_apb.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3316169067-378679097-3071490368-1000\Software\SecuROM\License information*]
"datasecu"=hex:cc,ad,f8,23,48,1a,04,13,9b,7a,22,3f,01,82,42,81,11,ec,ab,b1,60,
4f,84,3a,2e,89,fe,74,f7,c6,b9,0f,68,bc,24,c9,49,e4,1c,51,a2,9b,1e,1e,c4,e5,\
"rkeysecu"=hex:83,44,37,69,a4,ab,e0,16,e6,4d,00,e4,36,74,8b,83
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\oDesk\oDeskHelper.exe
.
**************************************************************************
.
Completion time: 2011-10-08 13:54:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-08 20:53
.
Pre-Run: 39,638,589,440 bytes free
Post-Run: 39,119,958,016 bytes free
.
- - End Of File - - 909A31B53CE214B56BD0BDD138B173AA

Thanks in advance.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get rid of the last bits and check for orphans :) Once this run is complete can you check for redirects and let me know of any remaining problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 74 A4 AC 0C F0 3B F1 4C 81 7B 43 B1 BB FC 14 84 [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 74 A4 AC 0C F0 3B F1 4C 81 7B 43 B1 BB FC 14 84 [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 74 A4 AC 0C F0 3B F1 4C 81 7B 43 B1 BB FC 14 84 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 74 A4 AC 0C F0 3B F1 4C 81 7B 43 B1 BB FC 14 84 [binary data]

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
mjwalters0716

mjwalters0716

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Alright, after both scans, and an attempt to visit bleepingcomputer.com on a topic of how to remove tdss virus, there was no redirect and that was a sure fire target for a redirect before. I was also able to go to a malware removal info page at microsoft.com with no redirect, so at the moment things look buttoned up. Here is the OTL log:

OTL logfile created on: 10/8/2011 2:14:40 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Michael\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.20 Gb Available Physical Memory | 70.07% Memory free
11.98 Gb Paging File | 9.89 Gb Available in Paging File | 82.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.32 Gb Total Space | 36.37 Gb Free Space | 18.62% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 102.45 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Drive E: | 341.80 Gb Total Space | 79.92 Gb Free Space | 23.38% Space Free | Partition Type: NTFS
Drive F: | 394.40 Gb Total Space | 24.88 Gb Free Space | 6.31% Space Free | Partition Type: NTFS
Drive G: | 341.80 Gb Total Space | 34.94 Gb Free Space | 10.22% Space Free | Partition Type: NTFS
Drive H: | 394.40 Gb Total Space | 7.51 Gb Free Space | 1.90% Space Free | Partition Type: NTFS
Drive I: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 4.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VCHOMENET | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011/10/05 09:04:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/01 17:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/01 23:27:50 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Steam\steam.exe
PRC - [2011/07/12 17:48:23 | 000,288,280 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskTeam.exe
PRC - [2011/07/12 17:48:23 | 000,218,648 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskHelper.exe
PRC - [2011/06/07 20:54:05 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/15 13:38:15 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/01/18 21:43:02 | 000,124,256 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/05 09:04:54 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/01 21:29:24 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 22:00:28 | 014,410,024 | ---- | M] () -- E:\Steam\bin\libcef.dll
MOD - [2011/09/29 22:00:28 | 000,914,216 | ---- | M] () -- E:\Steam\bin\avcodec-52.dll
MOD - [2011/09/29 22:00:28 | 000,190,248 | ---- | M] () -- E:\Steam\bin\chromehtml.dll
MOD - [2011/09/29 22:00:28 | 000,155,432 | ---- | M] () -- E:\Steam\bin\avformat-52.dll
MOD - [2011/09/29 22:00:28 | 000,091,432 | ---- | M] () -- E:\Steam\bin\avutil-50.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/07 20:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/12 04:09:58 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/02 02:43:15 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/15 13:38:15 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/12 01:32:32 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/07 19:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/30 11:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/01/14 11:57:01 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/01/14 11:57:01 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/17 15:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/08/21 01:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/01/21 18:45:00 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007/06/26 09:45:14 | 000,362,496 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WMP54Gv41x64.sys -- (rt61x64)
DRV - [2010/03/13 12:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/12 02:24:05] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 76 19 AF 18 14 CB 01 [binary data]
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/07 15:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 09:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/13 21:51:23 | 000,000,000 | ---D | M]

[2010/04/11 21:27:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2011/10/07 19:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3pcn1rg6.default\extensions
[2011/07/13 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/01 04:15:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/07 15:39:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3PCN1RG6.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011/10/05 09:04:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/01 04:15:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/05 09:04:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/05 06:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/10/08 14:10:51 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000..\Run: [oDesk Team] C:\Program Files (x86)\oDesk\oDeskTeam.exe (oDesk Corporation)
O4 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000..\Run: [Steam] E:\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\rsvpsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\rsvpsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2228E5B4-283C-4B18-9A08-6E685799DDBD}: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED954E1E-9734-4080-997A-B0ECD040F76D}: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 01:39:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/08 13:54:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/08 13:49:22 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/10/08 13:49:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/08 13:39:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/08 13:39:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/08 13:39:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/08 13:39:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/08 13:37:40 | 004,250,279 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/10/08 13:26:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 19:13:45 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:07:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\GooredFix Backups
[2011/10/07 19:07:12 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/07 19:05:24 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 19:01:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/07 18:59:43 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2011/10/07 15:40:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/07 15:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/07 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/07 15:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/04 23:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic
[2011/10/02 23:02:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Crash Test Dummies (6 Albums)
[2011/10/02 23:01:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Hot Action Cop - Hot Action Cop
[2011/10/02 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\A Beautiful Mind Soundtrack
[2011/10/02 19:37:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Corpse Bride Soundtrack
[2011/10/01 21:30:07 | 000,000,000 | R--D | C] -- C:\Users\Michael\Dropbox
[2011/10/01 21:27:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/10/01 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ATI
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ATI
[2011/09/30 00:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/09/30 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/09/30 00:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/09/29 23:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/09/29 23:52:32 | 000,000,000 | ---D | C] -- C:\ATI
[2011/09/29 22:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/09/28 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\SWTOR
[2011/09/27 01:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ 3D
[2011/09/26 21:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Poser
[2011/09/26 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/09/26 21:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Poser 8 Content
[2011/09/22 17:51:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/09/19 01:31:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\RCT3
[2011/09/19 01:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
[2011/09/13 16:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine
[2011/09/13 06:30:08 | 000,037,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/08 14:12:42 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/08 14:12:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/08 14:12:18 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/08 14:10:51 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/10/08 14:03:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/08 13:57:23 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 13:57:23 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 13:55:28 | 000,782,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/08 13:55:28 | 000,662,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/08 13:55:28 | 000,121,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/08 13:37:56 | 004,250,279 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:05:25 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 18:59:44 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:02:29 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/10/07 15:42:37 | 069,229,383 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/07 12:46:24 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/05 18:33:46 | 000,328,971 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/05 09:05:12 | 000,002,052 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/01 21:30:07 | 000,001,042 | ---- | M] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | M] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/22 15:57:35 | 000,437,695 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111007-174841.backup
[2011/09/19 01:31:42 | 000,001,089 | ---- | M] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | M] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | M] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2011/09/08 22:24:50 | 000,437,405 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110922-155735.backup
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/08 13:39:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/08 13:39:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/08 13:39:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/08 13:39:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/08 13:39:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/01 21:30:07 | 000,001,042 | ---- | C] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | C] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/19 01:31:42 | 000,001,089 | ---- | C] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | C] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | C] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/07/12 01:06:43 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/14 09:44:10 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/01/27 17:30:55 | 000,000,507 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/12/19 01:18:21 | 000,003,879 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Perfmon.PerfmonCfg
[2010/12/18 20:10:10 | 000,007,601 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2010/10/05 18:24:34 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/05 18:24:34 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/15 13:38:16 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/15 13:38:15 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/15 13:38:15 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/06/13 22:10:43 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/06/11 18:25:27 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/05/25 10:09:14 | 000,011,776 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 04:31:24 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/05/02 02:51:19 | 000,221,608 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/05/01 03:31:38 | 000,776,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/12 08:47:02 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2010/04/12 04:42:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/04/12 02:58:26 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/12 02:54:31 | 004,902,912 | ---- | C] () -- C:\Windows\SysWow64\qt-mt335.dll
[2010/04/11 22:56:18 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/11 22:37:03 | 000,121,753 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2010/04/11 18:37:03 | 000,052,864 | R--- | C] () -- C:\Windows\SysWow64\SetupWizard.exe
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/12/28 00:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/06/12 08:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== LOP Check ==========

[2011/09/08 19:52:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.purple
[2011/09/19 01:31:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Atari
[2010/04/12 03:54:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Autodesk
[2011/10/07 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/07 22:52:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Azureus
[2010/09/04 03:31:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BoneTown
[2011/02/22 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Braid
[2010/06/08 14:06:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2010/09/06 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Chime
[2010/04/12 04:29:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.ExMan
[2010/08/16 22:42:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ContentGuard
[2010/05/06 04:32:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cYo
[2011/01/28 05:03:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAZ 3D
[2011/05/18 13:30:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DisneyInteractiveStudios
[2011/10/08 14:13:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FreeAudioPack
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2011/04/29 12:30:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ice-pick Lodge
[2010/04/12 08:47:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ImgBurn
[2011/07/11 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\jAlbum
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Juniper Networks
[2011/09/22 17:51:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/04/12 14:15:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LucasArts
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Luxology
[2010/06/28 12:10:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Need for Speed World
[2011/05/27 14:14:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Notepad++
[2010/05/06 04:55:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PlayFirst
[2010/07/27 18:11:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Pmcc
[2011/09/26 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/02/22 02:52:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RenPy
[2011/01/06 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Rovio
[2011/03/10 17:17:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\runic games
[2010/11/24 23:32:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SEGA Corporation
[2011/03/10 16:07:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\The Creative Assembly
[2010/04/12 03:10:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thinstall
[2011/02/22 00:45:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\thriXXX
[2010/06/20 18:12:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Twilight
[2010/09/02 06:11:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ubisoft
[2010/10/21 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WB Games
[2010/07/16 07:36:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WindSolutions
[2010/04/12 04:55:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2009/07/13 22:08:49 | 000,031,156 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

And here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7904

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/8/2011 2:19:51 PM
mbam-log-2011-10-08 (14-19-51).txt

Scan type: Quick scan
Objects scanned: 186407
Time elapsed: 1 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :yes:
  • 0

#7
mjwalters0716

mjwalters0716

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Alright, I was gone most of the weekend, but after running some things yesterday I seemed to be getting an awful lot of AVG warnings. Most had the descriptions concerning Blackhole Exploits? I did a full system scan using AVG, which came up with one unknown infection that it sent to the virus vault and a Malwarebytes quickscan came up empty. I'm getting a new tab popup from the-consumer-reporter.org and the redirects don't seems completely gone. Sorry to ask for help again, but it looks like we missed something.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - that is why I ask for a 24 hour run, just to be sure. Blackhole exploits are usually Java related. Cache clearance instructions are here

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#9
mjwalters0716

mjwalters0716

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The OTL scan didn't seem to create a new Extras.txt. The one I found was still from 10/7. Here is the aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-10 10:08:09
-----------------------------
10:08:09.605 OS Version: Windows x64 6.1.7600
10:08:09.605 Number of processors: 8 586 0x1A04
10:08:09.606 ComputerName: VCHOMENET UserName: Michael
10:08:10.309 Initialize success
10:08:45.902 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
10:08:45.905 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
10:08:45.907 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-7
10:08:45.909 Disk 1 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
10:08:45.916 Disk 1 MBR read successfully
10:08:45.919 Disk 1 MBR scan
10:08:45.922 Disk 1 Windows XP default MBR code
10:08:45.925 Service scanning
10:08:48.292 Modules scanning
10:08:48.296 Disk 1 trace - called modules:
10:08:48.315 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:08:48.319 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006606060]
10:08:48.324 3 CLASSPNP.SYS[fffff8800187c43f] -> nt!IofCallDriver -> [0xfffffa8006322520]
10:08:48.328 5 ACPI.sys[fffff88000f5f781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-7[0xfffffa8006336680]
10:08:48.335 Scan finished successfully
10:08:58.888 Disk 1 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
10:08:58.892 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

And here is the OTL.txt:

OTL logfile created on: 10/10/2011 10:10:35 AM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Michael\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.71 Gb Available Physical Memory | 61.94% Memory free
11.98 Gb Paging File | 9.21 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.32 Gb Total Space | 32.98 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 102.45 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Drive E: | 341.80 Gb Total Space | 80.18 Gb Free Space | 23.46% Space Free | Partition Type: NTFS
Drive F: | 394.40 Gb Total Space | 23.35 Gb Free Space | 5.92% Space Free | Partition Type: NTFS
Drive G: | 341.80 Gb Total Space | 34.94 Gb Free Space | 10.22% Space Free | Partition Type: NTFS
Drive H: | 394.40 Gb Total Space | 7.51 Gb Free Space | 1.90% Space Free | Partition Type: NTFS
Drive I: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 4.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 244.59 Mb Total Space | 101.84 Mb Free Space | 41.64% Space Free | Partition Type: FAT

Computer Name: VCHOMENET | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/01 17:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/01 23:27:50 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Steam\steam.exe
PRC - [2011/07/12 17:48:23 | 000,288,280 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskTeam.exe
PRC - [2011/07/12 17:48:23 | 000,218,648 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskHelper.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/15 13:38:15 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/01/18 21:43:02 | 000,124,256 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2009/07/13 18:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/01 21:29:24 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 22:00:28 | 014,410,024 | ---- | M] () -- E:\Steam\bin\libcef.dll
MOD - [2011/09/29 22:00:28 | 000,914,216 | ---- | M] () -- E:\Steam\bin\avcodec-52.dll
MOD - [2011/09/29 22:00:28 | 000,190,248 | ---- | M] () -- E:\Steam\bin\chromehtml.dll
MOD - [2011/09/29 22:00:28 | 000,155,432 | ---- | M] () -- E:\Steam\bin\avformat-52.dll
MOD - [2011/09/29 22:00:28 | 000,091,432 | ---- | M] () -- E:\Steam\bin\avutil-50.dll
MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/07 20:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/12 04:09:58 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/02 02:43:15 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/15 13:38:15 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/12 01:32:32 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/07 19:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/30 11:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/01/14 11:57:01 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/01/14 11:57:01 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/17 15:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/08/21 01:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/01/21 18:45:00 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007/06/26 09:45:14 | 000,362,496 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WMP54Gv41x64.sys -- (rt61x64)
DRV - [2010/03/13 12:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/12 02:24:05] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 76 19 AF 18 14 CB 01 [binary data]
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/07 15:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 09:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/13 21:51:23 | 000,000,000 | ---D | M]

[2010/04/11 21:27:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2011/10/07 19:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3pcn1rg6.default\extensions
[2011/07/13 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/01 04:15:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/07 15:39:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3PCN1RG6.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011/10/05 09:04:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/01 04:15:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/05 09:04:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/05 06:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/10/08 16:58:04 | 000,437,101 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15060 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000..\Run: [oDesk Team] C:\Program Files (x86)\oDesk\oDeskTeam.exe (oDesk Corporation)
O4 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000..\Run: [Steam] E:\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000026 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000027 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000028 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000029 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2228E5B4-283C-4B18-9A08-6E685799DDBD}: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED954E1E-9734-4080-997A-B0ECD040F76D}: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 01:39:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 10:07:03 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2011/10/08 16:42:31 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/10/08 14:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/10/08 13:54:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/08 13:49:22 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/10/08 13:49:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/08 13:39:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/08 13:39:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/08 13:39:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/08 13:39:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/08 13:37:40 | 004,250,279 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/10/08 13:26:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 19:13:45 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:07:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\GooredFix Backups
[2011/10/07 19:07:12 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/07 19:05:24 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 19:01:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/07 18:59:43 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2011/10/07 15:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/07 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/07 15:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/04 23:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic
[2011/10/02 23:02:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Crash Test Dummies (6 Albums)
[2011/10/02 23:01:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Hot Action Cop - Hot Action Cop
[2011/10/02 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\A Beautiful Mind Soundtrack
[2011/10/02 19:37:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Corpse Bride Soundtrack
[2011/10/01 21:30:07 | 000,000,000 | R--D | C] -- C:\Users\Michael\Dropbox
[2011/10/01 21:27:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/10/01 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ATI
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ATI
[2011/09/30 00:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/09/30 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/09/30 00:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/09/29 23:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/09/29 23:52:32 | 000,000,000 | ---D | C] -- C:\ATI
[2011/09/29 22:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/09/28 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\SWTOR
[2011/09/27 01:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ 3D
[2011/09/26 21:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Poser
[2011/09/26 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/09/26 21:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Poser 8 Content
[2011/09/22 17:51:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/09/19 01:31:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\RCT3
[2011/09/19 01:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
[2011/09/13 16:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine
[2011/09/13 06:30:08 | 000,037,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/10 10:08:58 | 000,000,512 | ---- | M] () -- C:\Users\Michael\Desktop\MBR.dat
[2011/10/10 10:07:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2011/10/10 10:03:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/10 09:46:12 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 09:46:12 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 09:45:06 | 000,783,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/10 09:45:06 | 000,663,130 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/10 09:45:06 | 000,121,998 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/10 09:39:18 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/10 09:38:29 | 003,068,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/10 09:38:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/10 09:37:53 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 09:24:44 | 000,769,866 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/09 20:15:22 | 000,002,052 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/08 16:58:04 | 000,437,101 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/08 13:37:56 | 004,250,279 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:05:25 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 18:59:44 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:02:29 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/10/07 15:42:37 | 069,229,383 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/07 12:46:24 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/05 18:33:46 | 000,328,971 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/01 21:30:07 | 000,001,042 | ---- | M] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | M] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/22 15:57:35 | 000,437,695 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111007-174841.backup
[2011/09/19 01:31:42 | 000,001,089 | ---- | M] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | M] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | M] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 10:08:58 | 000,000,512 | ---- | C] () -- C:\Users\Michael\Desktop\MBR.dat
[2011/10/08 13:39:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/08 13:39:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/08 13:39:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/08 13:39:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/08 13:39:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/01 21:30:07 | 000,001,042 | ---- | C] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | C] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/19 01:31:42 | 000,001,089 | ---- | C] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | C] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | C] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/07/12 01:06:43 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/14 09:44:10 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/01/27 17:30:55 | 000,000,507 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/12/19 01:18:21 | 000,003,879 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Perfmon.PerfmonCfg
[2010/12/18 20:10:10 | 000,007,601 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2010/10/05 18:24:34 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/05 18:24:34 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/15 13:38:16 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/15 13:38:15 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/15 13:38:15 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/06/13 22:10:43 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/06/11 18:25:27 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/05/25 10:09:14 | 000,011,776 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 04:31:24 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/05/02 02:51:19 | 000,221,608 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/05/01 03:31:38 | 000,769,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/12 08:47:02 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2010/04/12 04:42:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/04/12 02:58:26 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/12 02:54:31 | 004,902,912 | ---- | C] () -- C:\Windows\SysWow64\qt-mt335.dll
[2010/04/11 22:56:18 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/11 22:37:03 | 000,121,753 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2010/04/11 18:37:03 | 000,052,864 | R--- | C] () -- C:\Windows\SysWow64\SetupWizard.exe
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/12/28 00:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/06/12 08:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== LOP Check ==========

[2011/09/08 19:52:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.purple
[2011/09/19 01:31:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Atari
[2010/04/12 03:54:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Autodesk
[2011/10/07 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/10 09:40:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Azureus
[2010/09/04 03:31:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BoneTown
[2011/02/22 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Braid
[2010/06/08 14:06:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2010/09/06 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Chime
[2010/04/12 04:29:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.ExMan
[2010/08/16 22:42:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ContentGuard
[2010/05/06 04:32:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cYo
[2011/01/28 05:03:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAZ 3D
[2011/05/18 13:30:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DisneyInteractiveStudios
[2011/10/10 09:39:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FreeAudioPack
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2011/04/29 12:30:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ice-pick Lodge
[2010/04/12 08:47:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ImgBurn
[2011/07/11 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\jAlbum
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Juniper Networks
[2011/09/22 17:51:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/04/12 14:15:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LucasArts
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Luxology
[2010/06/28 12:10:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Need for Speed World
[2011/05/27 14:14:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Notepad++
[2010/05/06 04:55:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PlayFirst
[2010/07/27 18:11:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Pmcc
[2011/09/26 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/02/22 02:52:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RenPy
[2011/01/06 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Rovio
[2011/03/10 17:17:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\runic games
[2010/11/24 23:32:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SEGA Corporation
[2011/03/10 16:07:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\The Creative Assembly
[2010/04/12 03:10:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thinstall
[2011/02/22 00:45:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\thriXXX
[2010/06/20 18:12:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Twilight
[2010/09/02 06:11:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ubisoft
[2010/10/21 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WB Games
[2010/07/16 07:36:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WindSolutions
[2010/04/12 04:55:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2009/07/13 22:08:49 | 000,031,910 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\system64\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\system64\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U /s >
[1 C:\Windows\assembly\tmp\*.tmp files -> C:\Windows\assembly\tmp\*.tmp -> ]

< End of report >
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I am seeing something there that Combofix appeared to fix last time around, so I would like you to run combofix again please, allow it to update. If that does not get it this time I will take a different tack as this appears to be a variation
  • 0

Advertisements


#11
mjwalters0716

mjwalters0716

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix log:

ComboFix 11-10-10.02 - Michael 10/10/2011 10:37:57.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6134.3981 [GMT -7:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))
.
.
2011-10-10 17:41 . 2011-10-10 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-10 16:18 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-10 16:18 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-10-10 16:18 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-10-10 16:15 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-10-10 16:15 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-10-10 16:15 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-10-10 16:15 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-10-10 16:15 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-10-10 16:15 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-10-10 16:15 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-10-10 16:15 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-10-10 16:15 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-10-10 16:15 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-10-10 16:15 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-10 16:15 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-10-10 16:15 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-10-10 16:13 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-10-08 21:18 . 2011-10-08 23:47 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- C:\_OTL
2011-10-08 02:01 . 2011-10-08 02:01 -------- d-----w- C:\_OTM
2011-10-08 01:00 . 2011-10-08 01:00 -------- d-----w- c:\programdata\WSTB
2011-10-07 22:38 . 2011-10-07 22:38 -------- d-----w- c:\users\Michael\AppData\Roaming\AVG2012
2011-10-07 22:38 . 2011-10-08 23:45 -------- d-----w- c:\programdata\AVG2012
2011-10-02 04:30 . 2011-10-10 16:39 -------- d-----r- c:\users\Michael\Dropbox
2011-10-02 04:27 . 2011-10-10 16:39 -------- d-----w- c:\users\Michael\AppData\Roaming\Dropbox
2011-09-30 07:25 . 2011-09-30 07:25 -------- d-----w- c:\users\Michael\AppData\Roaming\ATI
2011-09-30 07:25 . 2011-09-30 07:25 -------- d-----w- c:\users\Michael\AppData\Local\ATI
2011-09-30 07:23 . 2011-09-30 07:23 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-09-30 07:23 . 2011-09-30 07:24 -------- d-----w- c:\program files\ATI Technologies
2011-09-30 07:21 . 2011-09-30 07:21 0 ----a-w- c:\windows\ativpsrm.bin
2011-09-30 06:52 . 2011-09-30 06:52 -------- d-----w- c:\program files\ATI
2011-09-30 06:52 . 2011-09-30 06:52 -------- d-----w- C:\ATI
2011-09-30 05:57 . 2011-09-30 05:57 -------- d-----w- c:\programdata\ATI
2011-09-30 05:56 . 2011-09-30 05:56 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-09-30 05:56 . 2011-09-30 05:56 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-09-29 01:02 . 2011-09-29 01:02 -------- d-----w- c:\users\Michael\AppData\Local\SWTOR
2011-09-27 08:52 . 2011-09-27 08:52 -------- d-----w- c:\program files (x86)\DAZ 3D
2011-09-27 04:52 . 2011-09-27 04:52 -------- d-----w- c:\programdata\Poser
2011-09-27 04:51 . 2011-09-27 04:51 -------- d-----w- c:\users\Michael\AppData\Roaming\Poser
2011-09-27 04:41 . 2011-09-27 04:41 -------- d-----w- c:\program files (x86)\Smith Micro
2011-09-23 00:51 . 2011-09-23 00:51 -------- d-----w- c:\users\Michael\AppData\Roaming\Leadertech
2011-09-14 18:47 . 2011-09-14 18:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 18:47 . 2011-09-14 18:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 18:47 . 2011-09-14 18:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 18:46 . 2011-09-14 18:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 18:38 . 2011-09-14 18:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 18:38 . 2011-09-14 18:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-13 13:30 . 2011-09-13 13:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 04:29 . 2011-08-17 07:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 00:00 . 2010-04-12 05:37 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-08 13:08 . 2011-08-08 13:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-07-16 04:32 . 2011-10-10 16:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-08_20.49.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-10 16:19 . 2011-07-16 04:31 25600 c:\windows\SysWOW64\setup16.exe
- 2009-07-13 23:16 . 2009-07-14 01:14 25600 c:\windows\SysWOW64\setup16.exe
- 2009-07-14 00:12 . 2009-07-14 01:16 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-10-10 16:19 . 2011-06-15 09:04 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-10-10 16:19 . 2011-06-15 09:04 81920 c:\windows\SysWOW64\odbccr32.dll
- 2009-07-13 23:15 . 2009-07-14 01:16 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2011-10-10 16:19 . 2011-07-16 04:36 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2010-12-23 00:05 . 2010-11-04 05:49 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-10-10 16:16 . 2011-06-21 05:35 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-10-10 16:16 . 2011-06-21 05:32 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2010-12-23 00:05 . 2010-11-04 05:46 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2010-12-23 00:05 . 2010-11-04 05:49 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-10-10 16:16 . 2011-06-21 05:35 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2010-12-23 00:05 . 2010-11-04 05:52 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-10-10 16:16 . 2011-06-21 05:36 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-10-10 16:16 . 2011-06-21 05:35 44544 c:\windows\SysWOW64\licmgr10.dll
- 2010-12-23 00:05 . 2010-11-04 05:48 44544 c:\windows\SysWOW64\licmgr10.dll
- 2010-12-23 00:05 . 2010-11-04 05:48 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2011-10-10 16:16 . 2011-06-21 05:34 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2011-10-10 16:19 . 2011-03-03 05:27 28672 c:\windows\SysWOW64\dnscacheugc.exe
- 2009-07-13 23:38 . 2009-07-14 01:14 28672 c:\windows\SysWOW64\dnscacheugc.exe
- 2009-07-13 23:16 . 2009-07-14 01:15 44544 c:\windows\SysWOW64\devrtl.dll
+ 2011-10-10 16:19 . 2011-05-24 10:34 44544 c:\windows\SysWOW64\devrtl.dll
+ 2011-10-10 16:19 . 2011-05-24 10:34 64512 c:\windows\SysWOW64\devobj.dll
- 2009-07-13 23:16 . 2009-07-14 01:15 64512 c:\windows\SysWOW64\devobj.dll
+ 2011-10-09 01:28 . 2011-10-09 01:28 91998 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin
+ 2011-10-10 16:23 . 2011-10-10 17:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011101020111011\index.dat
+ 2011-10-10 16:23 . 2011-10-10 16:20 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011100320111010\index.dat
+ 2010-11-08 20:51 . 2011-10-10 17:29 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-10-10 16:19 . 2011-02-19 05:32 34304 c:\windows\SysWOW64\atmlib.dll
- 2010-12-23 00:05 . 2010-10-20 04:54 34304 c:\windows\SysWOW64\atmlib.dll
+ 2011-10-10 16:19 . 2011-07-16 05:26 13312 c:\windows\system32\wow64cpu.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 13312 c:\windows\system32\wow64cpu.dll
+ 2010-04-12 11:43 . 2011-10-10 16:40 49826 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-08 20:31 34884 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-10 16:40 34884 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-12 01:40 . 2011-10-10 16:40 13780 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3316169067-378679097-3071490368-1000_UserData.bin
+ 2011-10-10 16:19 . 2011-07-16 05:24 16384 c:\windows\system32\ntvdm64.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 16384 c:\windows\system32\ntvdm64.dll
- 2010-12-23 00:05 . 2010-11-04 06:32 97280 c:\windows\system32\mshtmled.dll
+ 2011-10-10 16:16 . 2011-06-21 06:20 97280 c:\windows\system32\mshtmled.dll
- 2010-12-23 00:05 . 2010-11-04 06:28 12288 c:\windows\system32\msfeedssync.exe
+ 2011-10-10 16:16 . 2011-06-21 06:17 12288 c:\windows\system32\msfeedssync.exe
+ 2011-10-10 16:16 . 2011-06-21 06:20 82944 c:\windows\system32\msfeedsbs.dll
- 2010-12-23 00:05 . 2010-11-04 06:32 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-10-10 16:16 . 2011-06-21 06:20 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2010-12-23 00:05 . 2010-11-04 06:35 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2010-12-23 00:05 . 2010-11-04 06:31 57856 c:\windows\system32\licmgr10.dll
+ 2011-10-10 16:16 . 2011-06-21 06:20 57856 c:\windows\system32\licmgr10.dll
+ 2011-10-10 16:19 . 2011-02-05 12:41 20352 c:\windows\system32\kdusb.dll
+ 2011-10-10 16:19 . 2011-02-05 12:41 17792 c:\windows\system32\kdcom.dll
+ 2011-10-10 16:19 . 2011-02-05 12:41 19328 c:\windows\system32\kd1394.dll
- 2010-12-23 00:05 . 2010-11-04 06:31 64512 c:\windows\system32\jsproxy.dll
+ 2011-10-10 16:16 . 2011-06-21 06:19 64512 c:\windows\system32\jsproxy.dll
+ 2011-10-10 16:19 . 2011-03-03 06:14 30208 c:\windows\system32\dnscacheugc.exe
- 2009-07-13 23:54 . 2009-07-14 01:39 30208 c:\windows\system32\dnscacheugc.exe
- 2010-04-12 00:11 . 2011-10-08 20:29 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-12 00:11 . 2011-10-10 16:38 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-08 23:43 . 2011-10-10 16:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-08 02:29 . 2011-10-08 20:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-08 20:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-10 16:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-23 00:05 . 2010-10-20 05:20 46080 c:\windows\system32\atmlib.dll
+ 2011-10-10 16:19 . 2011-02-19 06:36 46080 c:\windows\system32\atmlib.dll
+ 2011-10-10 16:19 . 2011-07-09 05:16 49664 c:\windows\servicing\GC64\tzupd.exe
- 2010-04-14 23:13 . 2010-02-02 08:39 49664 c:\windows\servicing\GC64\tzupd.exe
+ 2009-07-14 04:46 . 2011-10-10 16:41 72376 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-04-12 02:05 . 2011-10-10 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-12 02:05 . 2011-10-08 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-12 02:05 . 2011-10-10 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-12 02:05 . 2011-10-08 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-13 05:16 . 2011-04-13 05:16 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- 2010-03-18 21:27 . 2010-03-18 21:27 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-04-12 22:11 . 2011-04-12 22:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2010-03-18 20:16 . 2010-03-18 20:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2011-03-30 03:51 . 2011-03-30 03:51 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2011-03-30 03:49 . 2011-03-30 03:49 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-03-30 03:49 . 2011-03-30 03:49 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-04-12 11:15 . 2011-06-17 03:56 25214 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Distiller.exe
+ 2010-04-12 11:15 . 2011-10-10 16:13 25214 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Distiller.exe
+ 2010-04-12 11:15 . 2011-10-10 16:13 36294 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat_Standard.exe
- 2010-04-12 11:15 . 2011-06-17 03:56 36294 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat_Standard.exe
+ 2010-04-12 11:15 . 2011-10-10 16:13 38926 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat_3D.exe
- 2010-04-12 11:15 . 2011-06-17 03:56 38926 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat_3D.exe
+ 2010-04-12 11:15 . 2011-10-10 16:13 38926 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat.exe
- 2010-04-12 11:15 . 2011-06-17 03:56 38926 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat.exe
+ 2011-10-10 16:42 . 2011-10-10 16:42 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\a2e905d32dfe6fffd542c88fc2ced3a7\PresentationCFFRasterizer.ni.dll
+ 2011-10-10 16:41 . 2011-10-10 16:41 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\462b524ff0c8c0a764db439f7e65cb69\Microsoft.VisualC.ni.dll
+ 2011-10-10 17:16 . 2011-10-10 17:16 33280 c:\windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\c3f6d69bd6661f8f6935b370863f61ce\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\c2168c88a30bf127c60151d55a5c22be\Accessibility.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\c23f8386031ea70eb7bdb59367fe2f0f\UIAutomationProvider.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8395f4672c4fe938a6db7dfa19dd1bf4\PresentationCFFRasterizer.ni.dll
+ 2011-10-10 16:39 . 2011-10-10 16:39 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ea183e8b958908d26680bb6e88d4fbb0\Microsoft.VisualC.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5c6e1a094b1e65c69b528151cc19b1ee\Accessibility.ni.dll
+ 2011-10-10 16:19 . 2011-07-16 04:30 5120 c:\windows\SysWOW64\wow32.dll
- 2009-07-13 23:15 . 2009-07-14 01:11 5120 c:\windows\SysWOW64\wow32.dll
+ 2011-10-10 16:19 . 2011-07-16 02:26 2048 c:\windows\SysWOW64\user.exe
- 2009-07-13 23:15 . 2009-07-13 23:15 2048 c:\windows\SysWOW64\user.exe
+ 2011-10-10 16:19 . 2011-07-09 04:30 2048 c:\windows\SysWOW64\tzres.dll
- 2010-12-23 00:05 . 2010-10-27 04:32 2048 c:\windows\SysWOW64\tzres.dll
+ 2011-10-10 16:19 . 2011-07-16 02:26 7680 c:\windows\SysWOW64\instnm.exe
- 2009-07-13 23:16 . 2009-07-13 23:16 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-10-10 16:19 . 2011-07-16 02:21 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 02:21 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 02:21 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 02:21 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
- 2010-12-23 00:05 . 2010-10-27 05:06 2048 c:\windows\system32\tzres.dll
+ 2011-10-10 16:19 . 2011-07-09 05:14 2048 c:\windows\system32\tzres.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-10-10 16:19 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-10-10 17:43 . 2011-10-10 17:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-08 20:48 . 2011-10-08 20:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-10 17:43 . 2011-10-10 17:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-08 20:48 . 2011-10-08 20:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-12 11:15 . 2011-10-10 16:13 7278 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_ELEMENTS_DT.exe
- 2010-04-12 11:15 . 2011-06-17 03:56 7278 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_ELEMENTS_DT.exe
+ 2011-10-10 16:16 . 2011-06-21 05:36 981504 c:\windows\SysWOW64\wininet.dll
+ 2011-10-10 16:19 . 2011-02-18 05:36 428032 c:\windows\SysWOW64\vbscript.dll
+ 2011-10-10 16:16 . 2011-06-21 05:36 132096 c:\windows\SysWOW64\url.dll
- 2009-07-14 00:06 . 2009-07-14 01:16 850432 c:\windows\SysWOW64\sbe.dll
+ 2011-10-10 16:19 . 2010-12-23 05:28 850432 c:\windows\SysWOW64\sbe.dll
+ 2011-10-10 16:19 . 2011-04-09 05:56 123904 c:\windows\SysWOW64\poqexec.exe
- 2009-07-13 23:22 . 2009-07-14 01:14 123904 c:\windows\SysWOW64\poqexec.exe
- 2009-07-13 23:44 . 2009-07-14 01:16 571904 c:\windows\SysWOW64\oleaut32.dll
+ 2011-10-10 16:19 . 2010-12-18 05:31 571904 c:\windows\SysWOW64\oleaut32.dll
- 2009-07-14 00:11 . 2009-07-14 01:16 163840 c:\windows\SysWOW64\odbctrac.dll
+ 2011-10-10 16:19 . 2011-06-15 09:04 163840 c:\windows\SysWOW64\odbctrac.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 319488 c:\windows\SysWOW64\odbcjt32.dll
+ 2011-10-10 16:19 . 2011-06-15 09:04 319488 c:\windows\SysWOW64\odbcjt32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2011-10-10 16:19 . 2011-06-15 09:04 122880 c:\windows\SysWOW64\odbccp32.dll
- 2010-12-23 00:05 . 2010-11-04 05:49 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-10-10 16:16 . 2011-06-21 05:35 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-10-10 16:16 . 2011-06-21 05:35 599552 c:\windows\SysWOW64\msfeeds.dll
+ 2011-10-10 16:19 . 2011-07-16 04:30 272384 c:\windows\SysWOW64\KernelBase.dll
- 2009-07-13 23:35 . 2009-07-14 01:15 541184 c:\windows\SysWOW64\kerberos.dll
+ 2011-10-10 16:19 . 2010-12-18 05:29 541184 c:\windows\SysWOW64\kerberos.dll
+ 2011-10-10 16:19 . 2011-02-18 05:35 716800 c:\windows\SysWOW64\jscript.dll
- 2010-04-14 23:12 . 2009-12-02 08:17 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-10-10 16:19 . 2011-07-27 04:30 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
- 2010-12-23 00:05 . 2010-11-04 05:48 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-10-10 16:16 . 2011-06-21 05:34 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-10-10 16:16 . 2011-06-21 05:34 185856 c:\windows\SysWOW64\iepeers.dll
- 2010-12-23 00:05 . 2010-11-04 05:48 185856 c:\windows\SysWOW64\iepeers.dll
- 2010-12-23 00:05 . 2010-11-04 05:48 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-10-10 16:16 . 2011-06-21 05:34 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-10-10 16:19 . 2010-12-23 05:28 534528 c:\windows\SysWOW64\EncDec.dll
- 2009-07-14 00:41 . 2009-07-14 01:16 534528 c:\windows\SysWOW64\EncDec.dll
+ 2011-10-10 16:19 . 2011-05-24 10:32 252928 c:\windows\SysWOW64\drvinst.exe
- 2009-07-13 23:16 . 2009-07-14 01:14 252928 c:\windows\SysWOW64\drvinst.exe
+ 2011-10-10 16:19 . 2011-03-03 05:29 269824 c:\windows\SysWOW64\dnsapi.dll
- 2009-07-13 23:12 . 2009-07-14 01:15 269824 c:\windows\SysWOW64\dnsapi.dll
+ 2011-10-10 16:19 . 2010-12-23 05:28 642048 c:\windows\SysWOW64\CPFilters.dll
+ 2010-04-12 11:42 . 2011-10-10 17:36 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-04-12 11:42 . 2011-10-08 20:39 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2011-10-10 17:36 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-13 23:16 . 2009-07-14 01:15 145920 c:\windows\SysWOW64\cfgmgr32.dll
+ 2011-10-10 16:19 . 2011-05-24 10:34 145920 c:\windows\SysWOW64\cfgmgr32.dll
+ 2011-10-10 16:19 . 2011-02-19 03:37 294912 c:\windows\SysWOW64\atmfd.dll
+ 2011-10-10 16:19 . 2011-07-16 05:26 362496 c:\windows\system32\wow64win.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 243200 c:\windows\system32\wow64.dll
+ 2011-10-10 16:19 . 2011-07-16 05:26 243200 c:\windows\system32\wow64.dll
+ 2011-10-10 16:19 . 2011-07-16 05:26 214528 c:\windows\system32\winsrv.dll
+ 2011-10-10 16:19 . 2011-02-05 12:39 518160 c:\windows\system32\winresume.exe
+ 2011-10-10 16:19 . 2011-02-05 12:39 603976 c:\windows\system32\winload.exe
+ 2011-10-10 16:19 . 2011-02-18 06:37 612352 c:\windows\system32\vbscript.dll
- 2010-04-14 23:13 . 2010-03-08 21:59 612352 c:\windows\system32\vbscript.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 134144 c:\windows\system32\url.dll
+ 2011-10-10 16:16 . 2011-06-21 06:20 134144 c:\windows\system32\url.dll
+ 2011-10-10 16:19 . 2011-05-24 11:21 404992 c:\windows\system32\umpnpmgr.dll
- 2009-07-13 23:34 . 2009-07-14 01:39 142336 c:\windows\system32\poqexec.exe
+ 2011-10-10 16:19 . 2011-04-09 06:58 142336 c:\windows\system32\poqexec.exe
+ 2009-07-14 02:36 . 2011-10-10 16:45 663130 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-10 16:45 121998 c:\windows\system32\perfc009.dat
- 2009-07-13 23:59 . 2009-07-14 01:41 861184 c:\windows\system32\oleaut32.dll
+ 2011-10-10 16:19 . 2010-12-18 06:13 861184 c:\windows\system32\oleaut32.dll
+ 2011-10-10 16:19 . 2011-06-15 09:58 212992 c:\windows\system32\odbctrac.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 212992 c:\windows\system32\odbctrac.dll
+ 2011-10-10 16:19 . 2011-06-15 09:58 106496 c:\windows\system32\odbccu32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccu32.dll
+ 2011-10-10 16:19 . 2011-06-15 09:58 106496 c:\windows\system32\odbccr32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccr32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 163840 c:\windows\system32\odbccp32.dll
+ 2011-10-10 16:19 . 2011-06-15 09:58 163840 c:\windows\system32\odbccp32.dll
- 2010-12-23 00:05 . 2010-11-04 06:32 703488 c:\windows\system32\msfeeds.dll
+ 2011-10-10 16:16 . 2011-06-21 06:20 703488 c:\windows\system32\msfeeds.dll
+ 2011-10-10 16:19 . 2011-07-16 05:21 422400 c:\windows\system32\KernelBase.dll
+ 2011-10-10 16:19 . 2010-12-18 06:11 714752 c:\windows\system32\kerberos.dll
+ 2011-10-10 16:19 . 2011-02-18 06:36 852480 c:\windows\system32\jscript.dll
- 2010-04-14 23:12 . 2009-12-02 09:15 852480 c:\windows\system32\jscript.dll
+ 2011-10-10 16:19 . 2011-07-27 05:31 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
- 2010-12-23 00:05 . 2010-11-04 06:31 247808 c:\windows\system32\ieui.dll
+ 2011-10-10 16:16 . 2011-06-21 06:19 247808 c:\windows\system32\ieui.dll
+ 2011-10-10 16:16 . 2011-06-21 06:19 256000 c:\windows\system32\iepeers.dll
- 2010-12-23 00:05 . 2010-11-04 06:31 256000 c:\windows\system32\iepeers.dll
+ 2011-10-10 16:16 . 2011-06-21 06:19 445952 c:\windows\system32\iedkcs32.dll
- 2010-12-23 00:05 . 2010-11-04 06:31 445952 c:\windows\system32\iedkcs32.dll
+ 2011-10-10 16:19 . 2011-02-12 06:14 267776 c:\windows\system32\FXSCOVER.exe
+ 2011-10-10 16:19 . 2010-12-23 06:07 723968 c:\windows\system32\EncDec.dll
+ 2011-10-10 16:19 . 2011-04-29 03:12 161792 c:\windows\system32\drivers\srvnet.sys
- 2010-12-23 00:03 . 2010-08-27 03:37 161792 c:\windows\system32\drivers\srvnet.sys
+ 2011-10-10 16:19 . 2011-04-29 03:12 399872 c:\windows\system32\drivers\srv2.sys
+ 2011-10-10 16:19 . 2011-04-29 03:13 461312 c:\windows\system32\drivers\srv.sys
+ 2011-10-10 16:19 . 2011-05-04 02:51 126464 c:\windows\system32\drivers\mrxsmb20.sys
+ 2011-10-10 16:19 . 2011-07-09 02:44 287744 c:\windows\system32\drivers\mrxsmb10.sys
+ 2011-10-10 16:19 . 2011-05-04 02:51 157696 c:\windows\system32\drivers\mrxsmb.sys
- 2010-04-14 23:13 . 2010-02-27 07:52 157696 c:\windows\system32\drivers\mrxsmb.sys
- 2009-07-13 23:23 . 2009-07-13 23:23 102400 c:\windows\system32\drivers\dfsc.sys
+ 2011-10-10 16:19 . 2011-04-27 02:57 102400 c:\windows\system32\drivers\dfsc.sys
+ 2011-10-10 16:19 . 2011-04-25 02:44 499712 c:\windows\system32\drivers\afd.sys
+ 2011-10-10 16:19 . 2011-03-03 06:17 182272 c:\windows\system32\dnsrslvr.dll
- 2009-07-13 23:21 . 2009-07-14 01:40 182272 c:\windows\system32\dnsrslvr.dll
- 2009-07-13 23:21 . 2009-07-14 01:40 356352 c:\windows\system32\dnsapi.dll
+ 2011-10-10 16:19 . 2011-03-03 06:17 356352 c:\windows\system32\dnsapi.dll
+ 2011-10-10 16:19 . 2010-12-23 06:07 961024 c:\windows\system32\CPFilters.dll
- 2009-07-13 23:38 . 2009-07-14 01:39 338432 c:\windows\system32\conhost.exe
+ 2011-10-10 16:19 . 2011-07-16 05:17 338432 c:\windows\system32\conhost.exe
+ 2009-07-14 05:12 . 2011-10-08 23:48 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-10-08 02:45 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-10 16:19 . 2011-02-05 12:39 518160 c:\windows\system32\Boot\winresume.exe
+ 2011-10-10 16:19 . 2011-02-05 12:39 603976 c:\windows\system32\Boot\winload.exe
+ 2011-10-10 16:19 . 2011-02-19 04:13 367104 c:\windows\system32\atmfd.dll
- 2010-12-23 00:05 . 2010-10-20 03:05 367104 c:\windows\system32\atmfd.dll
+ 2010-04-20 21:33 . 2011-10-10 17:42 913936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-04-20 21:33 . 2011-10-08 20:47 913936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-10-10 17:42 516388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-08 20:47 516388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-13 05:16 . 2011-04-13 05:16 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
- 2010-03-18 21:27 . 2010-03-18 21:27 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
- 2010-12-23 00:06 . 2010-05-20 22:38 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-10-10 16:19 . 2011-03-29 22:26 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-04-12 22:11 . 2011-04-12 22:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2010-03-18 20:16 . 2010-03-18 20:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2010-03-18 20:16 . 2010-03-18 20:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-04-12 22:11 . 2011-04-12 22:11 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-04-12 22:11 . 2011-04-12 22:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
- 2010-03-18 20:16 . 2010-03-18 20:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-10-10 16:19 . 2011-03-29 22:31 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2010-12-23 00:06 . 2010-05-20 22:49 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-10-10 16:19 . 2011-03-29 22:31 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-10-10 16:19 . 2011-03-29 22:31 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2010-12-23 00:06 . 2010-05-20 22:49 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-11-25 16:12 . 2010-11-25 16:12 510464 c:\windows\Installer\16b52.msp
- 2010-04-12 11:15 . 2011-06-17 03:56 335872 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2010-04-12 11:15 . 2011-10-10 16:13 335872 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2011-10-10 16:10 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-10-2011\ERDNT.EXE
- 2011-10-08 00:20 . 2011-10-08 20:29 208896 c:\windows\assembly\tmp\kwrd.dll
+ 2011-10-08 00:20 . 2011-10-10 16:38 208896 c:\windows\assembly\tmp\kwrd.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\cbb93497a3dddc9ab32316cc54dfb16a\System.Security.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\6bff4a4db9703b01e7495f5f9e0f2baf\System.Numerics.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\c87031ba66d6a1809ac68142397eeddf\System.Dynamic.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 224768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\12cc1614c47e403fe7df608567e97212\System.Drawing.Design.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\15f169fe8bb8f4cf564093b812c46959\System.ComponentModel.Composition.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b61b31d1f518e9663fc204e7de21215a\PresentationFramework.Aero.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a348b36756a7be813df69750717dd563\PresentationFramework.Luna.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9c37ac442a730e335146d5a82c52ed39\PresentationFramework.Royale.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7da6438d5b963b85283a2b793e60aadf\PresentationFramework.Classic.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\3037924076c4aaaa6fab19a9308e5d54\UIAutomationTypes.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\fc2c67900e0ace0d072de3eb7a31cce3\UIAutomationProvider.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\ff799052f4f3962c66da546e1c80a72a\System.Web.RegularExpressions.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\9bffa8b698c20fea7159e8d741fbbcc0\System.Transactions.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\ada1563bb5401c23224f92fb889dd3b0\System.ServiceProcess.ni.dll
+ 2011-10-10 16:41 . 2011-10-10 16:41 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\a8cc4c9d7e89736252e9a6c007a2bc6c\System.Security.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\01d803ac45cb10235986fc0691f39478\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\cbdabc2bd3c01ca7a74e2fa111a1554d\System.EnterpriseServices.Wrapper.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\696f84834a9b3e611a8bc539d6679c67\System.Drawing.Design.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\2c975a56f5251b08c9b39f5669df823c\System.DirectoryServices.Protocols.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\61dbdc6161bdeec022fff0879167e981\System.Configuration.Install.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\edca8014d1697965106444d30a6c620e\PresentationFramework.Aero.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\663635921157c0446658f6790d1f76e9\PresentationFramework.Classic.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\55c4babb0c929d9e972e0a53380d469f\PresentationFramework.Luna.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\46ff3573ca0908e25fdaaeed3cd6df87\PresentationFramework.Royale.ni.dll
+ 2011-10-10 17:16 . 2011-10-10 17:16 680960 c:\windows\assembly\NativeImages_v2.0.50727_64\ICSharpCode.SharpZi#\b36d45e4e252f911e1859e3b236add6b\ICSharpCode.SharpZipLib.ni.dll
+ 2011-10-10 17:16 . 2011-10-10 17:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\ec1e763fd7195ebc18834cf283e8989c\BDATunePIA.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\efadc7a54e78f3755da53c95bdc293fd\UIAutomationTypes.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\76828271cbe1d370ec313ad1821a27bb\System.Web.RegularExpressions.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\6b2029e6f8913d6507ec608de3fa605c\System.Transactions.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\45e8faf9163d342297c46813373d8f74\System.ServiceProcess.ni.dll
+ 2011-10-10 16:39 . 2011-10-10 16:39 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\21cc2572fbb5a3a7e0ef085d7bf27eca\System.Security.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\69eae47315bb993ef0d3a92ddb0c8671\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c6211b345bc0c618d5669daae118a43a\System.EnterpriseServices.Wrapper.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c6211b345bc0c618d5669daae118a43a\System.EnterpriseServices.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\0fb34b9054c6a2491e48b8be259a5b43\System.Drawing.Design.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3f27834a4c28383c6fbaed3a974e3478\System.DirectoryServices.Protocols.ni.dll
+ 2011-10-10 16:39 . 2011-10-10 16:39 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\03cfd2ea8fe3b80eadf81f1a82bed246\System.Configuration.Install.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f7c9cfd3c76cd34d0057e03c691ab7a1\PresentationFramework.Classic.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bf0fdbe3e86b6b622f53caf11e55780b\PresentationFramework.Royale.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\869dedfb597fd2cee5596e7670154a82\PresentationFramework.Luna.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll
+ 2011-10-10 16:16 . 2011-06-21 05:36 1230336 c:\windows\SysWOW64\urlmon.dll
+ 2011-10-10 16:19 . 2010-10-27 04:40 1293120 c:\windows\SysWOW64\ntdll.dll
+ 2011-10-10 16:19 . 2010-12-18 05:30 2690560 c:\windows\SysWOW64\mstscax.dll
+ 2011-10-10 16:19 . 2010-12-18 05:26 1034240 c:\windows\SysWOW64\mstsc.exe
+ 2011-10-10 16:16 . 2011-07-22 06:38 5989376 c:\windows\SysWOW64\mshtml.dll
+ 2011-10-10 16:19 . 2011-03-11 05:40 1164288 c:\windows\SysWOW64\mfc42u.dll
+ 2011-10-10 16:19 . 2011-03-11 05:40 1137664 c:\windows\SysWOW64\mfc42.dll
+ 2011-10-10 16:19 . 2011-07-16 04:30 1048576 c:\windows\SysWOW64\kernel32.dll
+ 2011-10-10 16:16 . 2011-06-21 05:34 2072576 c:\windows\SysWOW64\iertutil.dll
+ 2009-07-14 04:54 . 2011-10-10 17:36 3129344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-10 17:36 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-10 16:16 . 2011-06-21 06:20 1197056 c:\windows\system32\wininet.dll
+ 2011-10-10 16:19 . 2011-06-11 02:56 3134464 c:\windows\system32\win32k.sys
+ 2011-10-10 16:16 . 2011-06-21 06:20 1499648 c:\windows\system32\urlmon.dll
+ 2011-10-10 16:19 . 2010-12-23 06:07 1118720 c:\windows\system32\sbe.dll
- 2009-07-14 00:21 . 2009-07-14 01:41 1118720 c:\windows\system32\sbe.dll
+ 2011-10-10 16:19 . 2010-10-27 05:16 1739176 c:\windows\system32\ntdll.dll
+ 2011-10-10 16:19 . 2010-12-18 06:12 3138048 c:\windows\system32\mstscax.dll
+ 2011-10-10 16:19 . 2010-12-18 06:08 1097216 c:\windows\system32\mstsc.exe
- 2010-12-23 00:05 . 2010-11-04 06:32 1026560 c:\windows\system32\mstime.dll
+ 2011-10-10 16:16 . 2011-06-21 06:20 1026560 c:\windows\system32\mstime.dll
+ 2011-10-10 16:16 . 2011-07-22 07:34 9322496 c:\windows\system32\mshtml.dll
+ 2011-10-10 16:19 . 2011-03-11 06:19 1359872 c:\windows\system32\mfc42u.dll
+ 2011-10-10 16:19 . 2011-03-11 06:19 1395712 c:\windows\system32\mfc42.dll
+ 2011-10-10 16:19 . 2011-07-16 05:21 1162240 c:\windows\system32\kernel32.dll
- 2009-07-13 23:28 . 2009-07-14 01:41 1162240 c:\windows\system32\kernel32.dll
+ 2011-10-10 16:16 . 2011-06-21 06:19 2458624 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2011-07-25 23:28 3068328 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-10-10 16:38 3068328 c:\windows\system32\FNTCACHE.DAT
+ 2011-10-10 16:19 . 2011-06-21 06:27 1896832 c:\windows\system32\drivers\tcpip.sys
- 2010-12-23 00:06 . 2010-06-14 06:37 1896832 c:\windows\system32\drivers\tcpip.sys
- 2009-07-14 04:45 . 2011-03-02 00:22 3614507 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-10-10 16:41 3614507 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-12 22:11 . 2011-04-12 22:11 5028200 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2010-09-22 12:55 . 2010-09-22 12:55 1836904 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.dll
- 2010-03-18 23:47 . 2010-03-18 23:47 1836904 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.dll
+ 2010-09-22 13:21 . 2010-09-22 13:21 5146960 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll
+ 2011-04-28 18:06 . 2011-04-28 18:06 1749880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.dll
+ 2011-03-23 05:01 . 2011-03-23 05:01 3510600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-04-13 05:16 . 2011-04-13 05:16 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
- 2010-03-18 21:27 . 2010-03-18 21:27 1453392 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-04-13 05:16 . 2011-04-13 05:16 1453392 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-04-13 05:16 . 2011-04-13 05:16 1513816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-04-13 05:16 . 2011-04-13 05:16 1525064 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
+ 2011-04-13 05:16 . 2011-04-13 05:16 9800008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- 2009-07-13 20:37 . 2009-06-10 20:40 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2011-10-10 16:19 . 2011-03-29 22:26 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2011-10-10 16:19 . 2011-05-04 22:29 3178496 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
- 2009-07-13 20:37 . 2009-06-10 20:40 3178496 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
- 2010-12-23 00:06 . 2010-05-20 22:38 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2011-10-10 16:19 . 2011-03-29 22:26 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2011-10-10 16:19 . 2011-03-29 22:26 1576784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
- 2010-12-23 00:06 . 2010-05-20 22:38 1764184 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2011-10-10 16:19 . 2011-03-29 22:26 1764184 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2011-04-12 22:11 . 2011-04-12 22:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2010-09-22 12:55 . 2010-09-22 12:55 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
- 2010-03-18 23:47 . 2010-03-18 23:47 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2010-09-22 12:55 . 2010-09-22 12:55 5176144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
+ 2011-04-28 18:06 . 2011-04-28 18:06 1749880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll
+ 2011-03-23 05:01 . 2011-03-23 05:01 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-04-12 22:11 . 2011-04-12 22:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-04-12 22:11 . 2011-04-12 22:11 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-04-12 22:11 . 2011-04-12 22:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-10-10 16:19 . 2011-03-29 22:31 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 3178496 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-10-10 16:19 . 2011-05-04 22:34 3178496 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-10-10 16:19 . 2011-03-29 22:31 5915984 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2010-12-23 00:06 . 2010-05-20 22:49 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-10-10 16:19 . 2011-03-29 22:31 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 1749880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
- 2011-03-30 03:51 . 2011-03-30 03:51 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 5146960 c:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 3111768 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 3111768 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 3453792 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 3453792 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-10 16:24 . 2011-10-10 16:24 5176144 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-03-30 03:49 . 2011-03-30 03:49 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-03-25 16:16 . 2011-03-25 16:16 5135872 c:\windows\Installer\16b6c.msp
+ 2010-09-22 22:16 . 2010-09-22 22:16 7013888 c:\windows\Installer\16b60.msp
+ 2011-04-29 00:35 . 2011-04-29 00:35 1375744 c:\windows\Installer\16b48.msp
+ 2011-10-10 16:14 . 2011-10-10 16:14 2830336 c:\windows\Installer\16b30.msi
+ 2011-10-10 16:10 . 2011-10-10 16:10 8335360 c:\windows\ERDNT\AutoBackup\10-10-2011\Users\00000001\ntuser.dat
+ 2011-10-10 16:30 . 2011-10-10 16:30 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 9085440 c:\windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e6f321459aa81611031cfb582e77cc6\System.Data.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\dcdaf1644fb3aabdbea894f05d55e1ba\System.Data.SqlXml.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\b11b842599889fe730da493d0c5e1857\System.Data.Linq.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\fcccb5e4d4bd338c678efcfa2b3e1058\Microsoft.CSharp.ni.dll
+ 2011-10-10 16:41 . 2011-10-10 16:41 4927488 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\26c2afe61f099017c4e70bbcb2142ffd\WindowsBase.ni.dll
+ 2011-10-10 16:41 . 2011-10-10 16:41 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\9f514e225bac2a8368c6c8c1f1b3fec8\System.Xml.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 2707456 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\04bbd3aee57cc7389cbfceeb7c671c38\System.Workflow.Runtime.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 5955072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\04114e4034cc0a4ff5f32ac99f8e071d\System.Workflow.ComponentModel.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\58edfdc84774acc6ffd7c1a470ad231c\System.Workflow.Activities.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\20e151b21c0de28e3598a6cd99620df9\System.Web.Services.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\a998c92418ead4aba1f24a651c44d026\System.Runtime.Remoting.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\741545409644f3c2b9ea41c1a124afba\System.Printing.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\cbdabc2bd3c01ca7a74e2fa111a1554d\System.EnterpriseServices.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\d88df8c5fbeb107d81ccceeb6674afc8\System.Drawing.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\758d89744f82fc7ae39a1d6c778d26ba\System.DirectoryServices.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\cf8a63f7d9dda35ee70b4750c57aa6c4\System.Deployment.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 8692736 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\cf7695a50e1838d542ca8d9a14d31d3a\System.Data.ni.dll
+ 2011-10-10 16:41 . 2011-10-10 16:41 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\d25da61acc271a371c7545eb9672dc9d\System.Data.SqlXml.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\770b278be35defe092471384f45a474b\System.Data.OracleClient.ni.dll
+ 2011-10-10 17:16 . 2011-10-10 17:16 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\f95f65500e36892ad9ecf8e4636acae2\System.Core.ni.dll
+ 2011-10-10 16:41 . 2011-10-10 16:41 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\04b8fccfed1cbcd3234570b869f33e9c\System.Configuration.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\5b77fc8e6e640dfa801f9d9962f04f52\ReachFramework.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\c690e4ecea1a0a34bb3be6e37243dee7\PresentationUI.ni.dll
+ 2011-10-10 17:16 . 2011-10-10 17:16 2506240 c:\windows\assembly\NativeImages_v2.0.50727_64\cYo.Common\f0f1355fef34dd70da2a3312e19742af\cYo.Common.ni.dll
+ 2011-10-10 17:16 . 2011-10-10 17:16 1881600 c:\windows\assembly\NativeImages_v2.0.50727_64\cYo.Common.Windows\5495edd6327ace30ae64b5abbe54d09b\cYo.Common.Windows.ni.dll
+ 2011-10-10 17:16 . 2011-10-10 17:16 5573632 c:\windows\assembly\NativeImages_v2.0.50727_64\ComicRack\328b073f31a18b9956131a297a8fd4f2\ComicRack.ni.exe
+ 2011-10-10 16:39 . 2011-10-10 16:39 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
+ 2011-10-10 16:39 . 2011-10-10 16:39 7949312 c:\windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
+ 2011-10-10 16:39 . 2011-10-10 16:39 5452800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
+ 2011-10-10 16:41 . 2011-10-10 16:41 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5b19559c40917af8970f5370edd18b6d\System.Workflow.Runtime.ni.dll
+ 2011-10-10 16:41 . 2011-10-10 16:41 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\bc6d4b5141c12bc5313efdfa1d338357\System.Workflow.ComponentModel.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2be375376251b0276eba2dedb493bceb\System.Workflow.Activities.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f28bd40026e640601964b2b0bf38a6f0\System.Web.Services.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\2f382e5ba0f6eaab1fd06086640a1866\System.Printing.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 1586688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\49be109772bc911da9c5254e064d64a0\System.DirectoryServices.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e6262eb0590a960d18c79521c4c6ddfc\System.Deployment.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 6618624 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\86f429e0a23238cf277d464bd0433d86\System.Data.ni.dll
+ 2011-10-10 16:39 . 2011-10-10 16:39 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\1648b9bbfc86b5182a63b67a997b0f00\System.Data.SqlXml.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\2e7f78d794468689a493ede3def26fda\System.Data.OracleClient.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\7e02ce44d03bc0802d8061678feb3356\ReachFramework.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7ad55f43f985bf78b69a0011376c4e2f\PresentationUI.ni.dll
+ 2011-10-10 16:19 . 2011-05-04 22:34 3178496 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 3178496 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-10-10 16:19 . 2011-03-29 22:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-10-10 16:19 . 2011-03-29 22:26 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-12-23 00:06 . 2010-05-20 22:38 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-10 16:19 . 2011-03-29 22:31 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-12-23 00:06 . 2010-05-20 22:49 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-10 16:16 . 2011-06-21 05:34 10989568 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 02:34 . 2011-10-08 20:42 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-10-10 16:52 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-04-14 23:17 . 2011-09-16 18:02 49062856 c:\windows\system32\MRT.exe
+ 2011-10-10 16:16 . 2011-06-21 06:19 12371456 c:\windows\system32\ieframe.dll
+ 2010-04-12 01:37 . 2011-10-10 17:42 13236840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3316169067-378679097-3071490368-1000-12288.dat
+ 2011-10-10 16:19 . 2011-03-29 22:26 10007376 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2011-04-13 18:48 . 2011-04-13 18:48 35326464 c:\windows\Installer\16b86.msp
+ 2011-09-08 03:05 . 2011-09-08 03:05 55057920 c:\windows\Installer\16b23.msp
+ 2011-10-10 16:10 . 2011-10-10 16:10 10391552 c:\windows\ERDNT\AutoBackup\10-10-2011\Users\00000002\UsrClass.dat
+ 2011-10-10 16:29 . 2011-10-10 16:29 11872768 c:\windows\assembly\NativeImages_v4.0.30319_64\System\a99116941c69e4c693518d57b8c2a861\System.ni.dll
+ 2011-10-10 16:29 . 2011-10-10 16:29 19352064 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\086515902736035517c63126be04a3f4\mscorlib.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 10969088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\12505a092e34dd10bc84ca1cb5b36692\System.Design.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2250ddb1626087da27fb00f46a679ff5\PresentationFramework.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
+ 2011-10-10 16:30 . 2011-10-10 16:30 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
+ 2011-10-10 16:41 . 2011-10-10 16:41 10598400 c:\windows\assembly\NativeImages_v2.0.50727_64\System\0c198700bb87dd8fd1a127c28a0b64c5\System.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 17379328 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\b3f6bc2bf2e085a296d9d5f7af0f2cba\System.Windows.Forms.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 15232512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\cae385e7e9bb3cb69f410650dd107f83\System.Web.ni.dll
+ 2011-10-10 16:43 . 2011-10-10 16:43 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\263b5a2a8bfc47d0ed0c555ae86970c6\System.Design.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 19169792 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\627e4e9911a441995e181bce47a3522c\PresentationFramework.ni.dll
+ 2011-10-10 16:42 . 2011-10-10 16:42 16513024 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\25fce44a8ef6c886791c4d7f516268d0\PresentationCore.ni.dll
+ 2011-10-10 16:41 . 2011-10-10 16:41 15566848 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\b654f93b365c4463014d8b41152efd54\mscorlib.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 12431360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 11807744 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1f8e3dde1c848c4c5ee635aa0dcfcfdd\System.Web.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a87b99435541fab7c7a58782904030f3\System.Design.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 14322688 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll
+ 2011-10-10 16:40 . 2011-10-10 16:40 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
+ 2011-10-10 16:39 . 2011-10-10 16:39 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\Steam.exe" [2011-08-02 1242448]
"oDesk Team"="c:\program files (x86)\oDesk\oDeskTeam.exe" [2011-07-13 288280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-19 124256]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-12 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-12 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-12 136176]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/12 02:24];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 19:58 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-12 10:26]
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-12 10:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"combofix"="c:\combofix\CF13404.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3pcn1rg6.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3316169067-378679097-3071490368-1000\Software\SecuROM\License information*]
"datasecu"=hex:cc,ad,f8,23,48,1a,04,13,9b,7a,22,3f,01,82,42,81,11,ec,ab,b1,60,
4f,84,3a,2e,89,fe,74,f7,c6,b9,0f,68,bc,24,c9,49,e4,1c,51,a2,9b,1e,1e,c4,e5,\
"rkeysecu"=hex:83,44,37,69,a4,ab,e0,16,e6,4d,00,e4,36,74,8b,83
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\oDesk\oDeskHelper.exe
c:\program files (x86)\AVG\AVG2012\avgui.exe
.
**************************************************************************
.
Completion time: 2011-10-10 10:48:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-10 17:48
ComboFix2.txt 2011-10-08 20:54
.
Pre-Run: 36,307,042,304 bytes free
Post-Run: 36,027,949,056 bytes free
.
- - End Of File - - EF170AD7C2D3B37C666B9775698030D7
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm it took the same ones out again, could you run a quick OTL scan now to see if the indicators have gone
  • 0

#13
mjwalters0716

mjwalters0716

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry, didn't spot your latest reply. Here is the OTL log:

OTL logfile created on: 10/10/2011 11:41:53 AM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Michael\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 66.39% Memory free
11.98 Gb Paging File | 9.82 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.32 Gb Total Space | 33.63 Gb Free Space | 17.22% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 102.45 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Drive E: | 341.80 Gb Total Space | 80.18 Gb Free Space | 23.46% Space Free | Partition Type: NTFS
Drive F: | 394.40 Gb Total Space | 23.35 Gb Free Space | 5.92% Space Free | Partition Type: NTFS
Drive G: | 341.80 Gb Total Space | 34.94 Gb Free Space | 10.22% Space Free | Partition Type: NTFS
Drive H: | 394.40 Gb Total Space | 7.51 Gb Free Space | 1.90% Space Free | Partition Type: NTFS
Drive I: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 4.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 244.59 Mb Total Space | 101.84 Mb Free Space | 41.64% Space Free | Partition Type: FAT

Computer Name: VCHOMENET | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011/10/05 09:04:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/01 17:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/01 23:27:50 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Steam\steam.exe
PRC - [2011/07/12 17:48:23 | 000,288,280 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskTeam.exe
PRC - [2011/07/12 17:48:23 | 000,218,648 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskHelper.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/15 13:38:15 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/01/18 21:43:02 | 000,124,256 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/05 09:04:54 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/01 21:29:24 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 22:00:28 | 014,410,024 | ---- | M] () -- E:\Steam\bin\libcef.dll
MOD - [2011/09/29 22:00:28 | 000,914,216 | ---- | M] () -- E:\Steam\bin\avcodec-52.dll
MOD - [2011/09/29 22:00:28 | 000,190,248 | ---- | M] () -- E:\Steam\bin\chromehtml.dll
MOD - [2011/09/29 22:00:28 | 000,155,432 | ---- | M] () -- E:\Steam\bin\avformat-52.dll
MOD - [2011/09/29 22:00:28 | 000,091,432 | ---- | M] () -- E:\Steam\bin\avutil-50.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/07 20:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/12 04:09:58 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/02 02:43:15 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/15 13:38:15 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/12 01:32:32 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/07 19:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/30 11:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/01/14 11:57:01 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/01/14 11:57:01 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/17 15:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/08/21 01:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/01/21 18:45:00 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007/06/26 09:45:14 | 000,362,496 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WMP54Gv41x64.sys -- (rt61x64)
DRV - [2010/03/13 12:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/12 02:24:05] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 76 19 AF 18 14 CB 01 [binary data]
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/07 15:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 09:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/13 21:51:23 | 000,000,000 | ---D | M]

[2010/04/11 21:27:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2011/10/07 19:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3pcn1rg6.default\extensions
[2011/07/13 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/01 04:15:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/07 15:39:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3PCN1RG6.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011/10/05 09:04:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/01 04:15:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/05 09:04:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/05 06:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/10/10 10:43:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000..\Run: [oDesk Team] C:\Program Files (x86)\oDesk\oDeskTeam.exe (oDesk Corporation)
O4 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000..\Run: [Steam] E:\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2228E5B4-283C-4B18-9A08-6E685799DDBD}: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED954E1E-9734-4080-997A-B0ECD040F76D}: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 01:39:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 10:48:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/10 10:43:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/10 10:07:03 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2011/10/08 14:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/10/08 13:39:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/08 13:39:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/08 13:39:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/08 13:39:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/08 13:37:40 | 004,251,069 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/10/08 13:26:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 19:13:45 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:07:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\GooredFix Backups
[2011/10/07 19:07:12 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/07 19:05:24 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 19:01:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/07 18:59:43 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2011/10/07 15:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/07 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/07 15:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/04 23:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic
[2011/10/02 23:02:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Crash Test Dummies (6 Albums)
[2011/10/02 23:01:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Hot Action Cop - Hot Action Cop
[2011/10/02 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\A Beautiful Mind Soundtrack
[2011/10/02 19:37:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Corpse Bride Soundtrack
[2011/10/01 21:30:07 | 000,000,000 | R--D | C] -- C:\Users\Michael\Dropbox
[2011/10/01 21:27:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/10/01 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ATI
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ATI
[2011/09/30 00:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/09/30 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/09/30 00:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/09/29 23:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/09/29 23:52:32 | 000,000,000 | ---D | C] -- C:\ATI
[2011/09/29 22:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/09/28 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\SWTOR
[2011/09/27 01:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ 3D
[2011/09/26 21:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Poser
[2011/09/26 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/09/26 21:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Poser 8 Content
[2011/09/22 17:51:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/09/19 01:31:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\RCT3
[2011/09/19 01:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
[2011/09/13 16:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine
[2011/09/13 06:30:08 | 000,037,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/10 11:03:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/10 10:52:01 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 10:52:01 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 10:50:00 | 000,783,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/10 10:50:00 | 000,663,130 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/10 10:50:00 | 000,121,998 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/10 10:43:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/10 10:43:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/10 10:43:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/10 10:43:18 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 10:37:07 | 004,251,069 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/10/10 10:08:58 | 000,000,512 | ---- | M] () -- C:\Users\Michael\Desktop\MBR.dat
[2011/10/10 10:07:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2011/10/10 09:38:29 | 003,068,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/10 09:24:44 | 000,769,866 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/09 20:15:22 | 000,002,052 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:05:25 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 18:59:44 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:02:29 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/10/07 15:42:37 | 069,229,383 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/07 12:46:24 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/05 18:33:46 | 000,328,971 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/01 21:30:07 | 000,001,042 | ---- | M] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | M] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/22 15:57:35 | 000,437,695 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111007-174841.backup
[2011/09/19 01:31:42 | 000,001,089 | ---- | M] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | M] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | M] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 10:08:58 | 000,000,512 | ---- | C] () -- C:\Users\Michael\Desktop\MBR.dat
[2011/10/08 13:39:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/08 13:39:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/08 13:39:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/08 13:39:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/08 13:39:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/01 21:30:07 | 000,001,042 | ---- | C] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | C] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/19 01:31:42 | 000,001,089 | ---- | C] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | C] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | C] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/07/12 01:06:43 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/14 09:44:10 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/01/27 17:30:55 | 000,000,507 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/12/19 01:18:21 | 000,003,879 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Perfmon.PerfmonCfg
[2010/12/18 20:10:10 | 000,007,601 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2010/10/05 18:24:34 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/05 18:24:34 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/15 13:38:16 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/15 13:38:15 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/15 13:38:15 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/06/13 22:10:43 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/06/11 18:25:27 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/05/25 10:09:14 | 000,011,776 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 04:31:24 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/05/02 02:51:19 | 000,221,608 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/05/01 03:31:38 | 000,769,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/12 08:47:02 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2010/04/12 04:42:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/04/12 02:58:26 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/12 02:54:31 | 004,902,912 | ---- | C] () -- C:\Windows\SysWow64\qt-mt335.dll
[2010/04/11 22:56:18 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/11 22:37:03 | 000,121,753 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2010/04/11 18:37:03 | 000,052,864 | R--- | C] () -- C:\Windows\SysWow64\SetupWizard.exe
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/12/28 00:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/06/12 08:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== LOP Check ==========

[2011/09/08 19:52:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.purple
[2011/09/19 01:31:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Atari
[2010/04/12 03:54:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Autodesk
[2011/10/07 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/10 09:40:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Azureus
[2010/09/04 03:31:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BoneTown
[2011/02/22 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Braid
[2010/06/08 14:06:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2010/09/06 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Chime
[2010/04/12 04:29:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.ExMan
[2010/08/16 22:42:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ContentGuard
[2010/05/06 04:32:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cYo
[2011/01/28 05:03:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAZ 3D
[2011/05/18 13:30:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DisneyInteractiveStudios
[2011/10/10 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FreeAudioPack
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2011/04/29 12:30:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ice-pick Lodge
[2010/04/12 08:47:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ImgBurn
[2011/07/11 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\jAlbum
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Juniper Networks
[2011/09/22 17:51:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/04/12 14:15:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LucasArts
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Luxology
[2010/06/28 12:10:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Need for Speed World
[2011/05/27 14:14:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Notepad++
[2010/05/06 04:55:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PlayFirst
[2010/07/27 18:11:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Pmcc
[2011/09/26 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/02/22 02:52:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RenPy
[2011/01/06 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Rovio
[2011/03/10 17:17:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\runic games
[2010/11/24 23:32:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SEGA Corporation
[2011/03/10 16:07:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\The Creative Assembly
[2010/04/12 03:10:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thinstall
[2011/02/22 00:45:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\thriXXX
[2010/06/20 18:12:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Twilight
[2010/09/02 06:11:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ubisoft
[2010/10/21 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WB Games
[2010/07/16 07:36:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WindSolutions
[2010/04/12 04:55:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2009/07/13 22:08:49 | 000,032,164 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

This is what I was looking for in OTL, no longer apparent on this run. Combofix was updated today to combat this variant.
But to be on the safe side before you start the cleanup could you hold off until tomorrow and then post a fresh OTL so that I can confirm it really has gone
  • 0

#15
mjwalters0716

mjwalters0716

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
You got it. I appreciate the diligence.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP