Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Lets try this again

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Lets try this again

Unread postby BostonBulldog » December 7th, 2011, 8:13 pm

My browser keeps redirecting to malware sites and my malwarebytes says that my computer keeps sending out requests even when I'm doing nothing. My cable provider sent me an e-mail saying I had a bot using my computer to send out spam and porn.

I tried to post these logs together but it said I was over the character limit so I could not post them together so I am just going to post the first one and hopefully I can get some help. I have the second one available if needed.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Chris at 19:26:07 on 2011-12-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3965.2417 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
TCP: Interfaces\{1C4C76BD-ADF8-4605-883D-FBB144CF0A22} : DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
TCP: Interfaces\{44B10B9C-D083-4523-AFE3-07767133C417} : DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\iok844hz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-25 366152]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-20 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2008-9-12 937984]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-5 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-5 136176]
S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
S4 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-07 00:08:24 -------- d-s---w- C:\ComboFix
2011-12-06 23:18:14 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5A0DB0E-A7D3-4C48-B633-8749FE4B153F}\offreg.dll
2011-12-06 15:46:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\AVG2012
2011-12-06 15:45:57 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-12-06 15:44:24 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-12-06 04:13:04 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3041333E-ADCC-401B-BAF4-EBE5AC749FEE}\gapaengine.dll
2011-12-06 04:12:54 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5A0DB0E-A7D3-4C48-B633-8749FE4B153F}\mpengine.dll
2011-12-06 03:56:33 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-12-06 03:55:00 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-12-02 06:39:19 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{54E7B415-100E-4436-9807-586555A4AEDB}\mpengine.dll
2011-11-30 21:07:20 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-30 20:56:13 -------- d-----w- C:\Users\Chris\AppData\Local\temp
2011-11-30 11:54:28 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-29 07:42:51 98816 ----a-w- C:\Windows\sed.exe
2011-11-29 07:42:51 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-29 07:42:51 256000 ----a-w- C:\Windows\PEV.exe
2011-11-29 07:42:51 208896 ----a-w- C:\Windows\MBR.exe
2011-11-26 04:45:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2011-11-26 04:45:11 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-26 04:45:08 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-26 04:45:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-26 00:20:36 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-26 00:16:24 -------- d-----w- C:\e8d0c2412901bff4c5
2011-11-25 06:48:47 388096 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-24 21:09:37 -------- d-----w- C:\ProgramData\IObit
2011-11-24 21:07:06 -------- d-----w- C:\Users\Chris\AppData\Roaming\IObit
2011-11-24 21:07:01 -------- d-----w- C:\Program Files (x86)\IObit
2011-11-24 20:04:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\Unity
2011-11-24 19:59:54 -------- d-----w- C:\Users\Chris\AppData\Local\Unity
2011-11-10 03:41:49 -------- d-----w- C:\$AVG
2011-11-10 02:55:27 -------- d-----w- C:\ProgramData\AVG2012
2011-11-10 02:43:10 -------- d--h--w- C:\ProgramData\Common Files
2011-11-10 02:42:18 -------- d-----w- C:\Program Files (x86)\AVG
2011-11-10 02:34:25 -------- d-----w- C:\ProgramData\MFAData
2011-11-10 02:15:22 -------- d-----w- C:\Users\Chris\AppData\Roaming\zL07tak4k4jDZvR
2011-11-10 02:15:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\NTigcEPHlHl
2011-11-10 02:15:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\f07tak4k4j
2011-11-10 02:15:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\xwvftmjS7lFh2T
2011-11-10 02:15:06 -------- d-----w- C:\Users\Chris\AppData\Roaming\KP5ji8zaYbLP5jS
2011-11-10 02:15:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\rSJZA6kDqcJInZy
2011-11-10 02:15:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZyNI0QqPEl2WwAQ
2011-11-10 02:15:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\p84yb7Ui9Nn9On8
2011-11-10 02:15:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\jg4yb7Ui9Nn9On8
2011-11-10 02:13:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\E1sZexbJwy5gk
2011-11-10 02:12:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\qWLqjINcDmEjzvn
2011-11-10 02:11:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\esGFScxBIeqTg8Z
2011-11-10 02:10:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\OdpxZphfKH3aDm2
2011-11-10 02:09:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\WhByvipskNuGLCO
2011-11-10 01:36:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\omH6sWJ7fLgZhCk
2011-11-10 01:36:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\PZqhYkrBPciDoF
2011-11-10 01:36:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\sS1ivD3on4m5W7E
2011-11-10 01:36:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\T5sWJ7dELgXU
2011-11-10 01:36:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\AelOBtzP0c1v2n4
2011-11-10 01:36:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\WpmH5sQJ7E8R9Yw
2011-11-10 01:36:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\pAAA1ivD2onFpm5
2011-11-10 01:36:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\rUVVVelOBtzP0c1
2011-11-10 01:36:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\e444ammH5sWdLR
2011-11-10 01:36:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZJJ77dEL8gRZqYw
2011-11-10 01:34:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\ejjUUCeelIr
2011-11-10 01:34:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\azzzPNNyv2b3m
2011-11-10 01:34:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\IsJJ6ddEK
2011-11-10 01:34:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\FPPPNNycA1uv
2011-11-10 01:34:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\qzzPPNyycA1v
2011-11-10 01:34:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\BwwjjUVVelBtzNy
2011-11-10 01:34:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\EvDpG68RZ9
2011-11-10 01:34:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\BPP00ucbDo4m6W7
2011-11-10 01:34:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\illlONNtxP
2011-11-10 01:34:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\mTTZZYwIrOt0ciG
2011-11-10 01:34:06 -------- d-----w- C:\Users\Chris\AppData\Roaming\b11iibDD3oG4aH
2011-11-10 01:34:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\NTTXXqjYeIrNx0c
2011-11-10 01:33:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\b77ffRLL9gT
2011-11-10 01:33:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\JyyccA11uvDobpG
2011-11-10 01:33:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\ottzzP0yyA1iv2n
2011-11-10 01:33:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\LxxxySoasJd8RqY
2011-11-10 01:33:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\IOucD3onG4am67T
2011-11-10 01:33:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\hjjYYCeeVzNxu23
2011-11-10 01:33:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\UWWWK77fRL9TXjC
2011-11-10 01:33:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\CkIIIzNASDn4Q6
2011-11-10 01:33:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\txAAA0ucS2ibDpG
2011-11-10 01:33:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\gLLL9ggTXqjYztA
2011-11-10 01:33:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\fllOONtxxPucSib
2011-11-10 01:31:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\OzzzPNNyxA1vS2b
2011-11-10 01:31:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\s1uuvvS2obF3pGa
2011-11-10 01:31:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\hxAA11uvS2ob3pG
2011-11-10 01:31:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\uWKKKLhXq
2011-11-10 01:31:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\gTTTXqqjUCe
2011-11-10 01:31:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\TUeIrzOON
2011-11-10 01:31:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\euuvvS22ib3pn5a
2011-11-10 01:31:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\VWWWKK7fRgXj
2011-11-10 01:31:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\nCCeekIIBrzAuSi
2011-11-10 01:31:14 -------- d-----w- C:\Users\Chris\AppData\Roaming\vRRLL9hhTXqUC
2011-11-10 01:31:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\U22oob5d8R9TjC
2011-11-10 01:31:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\WwwjjUCCelIrzNu
2011-11-10 01:29:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\B33ppmGG5aQ6d
2011-11-10 01:29:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\jyyyxAA1uvob3aJ
2011-11-10 01:29:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\QRZZ99hTXwjUelB
2011-11-10 01:29:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\CQQJJ6dWWKfRLhT
2011-11-10 01:29:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\uNNx1SoFp
2011-11-10 01:29:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\ummmG55aQJ6dK8R
2011-11-10 01:29:27 -------- d-----w- C:\Users\Chris\AppData\Roaming\YrrzNx0v2b3n5H6
2011-11-10 01:29:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\KxxAuFGHW7LgXjC
2011-11-10 01:29:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\EoobbF3ppm5aJ6W
2011-11-10 01:29:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\aPPPNAuSoFp5J
2011-11-10 01:29:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\TzzzPNNyx
2011-11-10 01:29:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\UhTUlBzNAuSoF3
2011-11-10 01:28:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\gJJJ6d8RhTXwUCl
2011-11-10 01:28:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\ehhjjUCCekIrzNy
2011-11-10 01:28:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\y111uvvS2obFpm5
2011-11-10 01:28:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\PqqhYYkOzyA24m
2011-11-10 01:28:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\olOBySS3onH5dqY
2011-11-10 01:28:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\WnQ7ZwIxc1GsLhr
2011-11-10 01:28:06 -------- d-----w- C:\Users\Chris\AppData\Roaming\e3n4Q6KfLgZkrlN
2011-11-10 01:27:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\YycDH8wzvHKXt12
2011-11-10 01:27:44 -------- d-----w- C:\Users\Chris\AppData\Roaming\WRRZZ99hTXwUClB
2011-11-10 01:27:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\T6sWWJf8qYrlBxy
2011-11-10 01:27:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\j444pmmG5sQJdE8
2011-11-10 01:27:14 -------- d-----w- C:\Users\Chris\AppData\Roaming\rhhYV0vnJZeyv4Q
2011-11-10 01:27:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\jPP00yccA1iD2nF
2011-11-10 01:26:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\QOciipHW7ETqkVO
2011-11-10 01:26:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\oIrOuDn4QK7Tqk
2011-11-10 01:26:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\a1uS2o35KRLhCkO
2011-11-10 01:26:10 -------- d-----w- C:\Users\Chris\AppData\Roaming\AggTTZqqhYCkUrl
2011-11-10 01:26:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\VeeelIIBrzPyxAu
2011-11-10 01:25:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\WWWKfL9gZ
2011-11-10 01:25:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\eSS22ibbF3pG5QH
2011-11-10 01:25:40 -------- d-----w- C:\Users\Chris\AppData\Roaming\SHH66sWWJ7EL8
2011-11-10 01:25:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\lKK77fRLLgTXqYe
2011-11-10 01:25:27 -------- d-----w- C:\Users\Chris\AppData\Roaming\QkkkUVVelOB
2011-11-10 01:25:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\Q12Gd8LUrx0vb5Q
2011-11-10 01:25:06 -------- d-----w- C:\Users\Chris\AppData\Roaming\ceVzNx0uuc2ib3a
2011-11-10 01:25:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\nmmJ8fwCIxbJRXj
2011-11-10 01:24:52 -------- d-----w- C:\Users\Chris\AppData\Roaming\waammH66sWJfE8g
2011-11-10 01:24:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\E7fLTZwlO0
2011-11-10 01:24:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\a888gRRqhX
2011-11-10 01:24:27 -------- d-----w- C:\Users\Chris\AppData\Roaming\oKKfELLgTZq
2011-11-10 01:24:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\YttxxP0yyS1iv3F
2011-11-10 01:24:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\JEELL9gTqwOtx0c
2011-11-10 01:23:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\rhhwUlBx0c1v
2011-11-10 01:23:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\rS57qzt2afqk
2011-11-10 01:23:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\t5JEhCezP1FaKhe
2011-11-10 01:23:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\X1iibb4sWZVOS47
2011-11-10 01:23:01 -------- d-----w- C:\Users\Chris\AppData\Roaming\f3oonnF4amH5WJd
2011-11-10 01:22:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\cG55W9Cz0baK
2011-11-10 01:22:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\nPPNNyccA
2011-11-10 01:22:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\uRZYYXwklOBtci2
2011-11-10 01:22:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\b3QfXeekV0b4W7T
2011-11-10 01:22:06 -------- d-----w- C:\Users\Chris\AppData\Roaming\bWWWK77fEL9gZqY
2011-11-10 01:21:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZJJJ7ddELRqhXkU
2011-11-10 01:21:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\VrrllOBttx0c1iD
2011-11-10 01:21:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\B8ggTThCkVlBPyS
2011-11-10 01:21:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\G33oonFF4am5sJ7
2011-11-10 01:21:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\QOBBtt0c1Dn
2011-11-10 01:21:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\moonnF44amHsW7d
2011-11-10 01:21:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\Niiiv3naHsJ
2011-11-10 01:21:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\xUVVrllOBtxPyc
2011-11-10 01:21:14 -------- d-----w- C:\Users\Chris\AppData\Roaming\t111iv3mWE8ZhXk
2011-11-10 01:21:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\oHHH5ssWJ7dE8gZ
2011-11-10 01:21:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\yvvDD22onFm5Qd
2011-11-10 01:19:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\HffEEL99gTZjYwk
2011-11-10 01:19:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\raaaQHH6s
2011-11-10 01:19:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\P66ssWWEL9gTqjC
2011-11-10 01:19:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\TkIIVVrlONtx0uS
2011-11-10 01:19:36 -------- d-----w- C:\Users\Chris\AppData\Roaming\XVVrrlONtxP0u
2011-11-10 01:19:31 -------- d-----w- C:\Users\Chris\AppData\Roaming\u1iiibD3onG4aHs
2011-11-10 01:19:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZmmHH6ssW
2011-11-10 01:19:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\phYYYCwkUVrlOtP
2011-11-10 01:19:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\U33oonF44aH
2011-11-10 01:19:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\F55ssWJJ7dE8
2011-11-10 01:19:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\qddEEL8ggRqh
2011-11-10 01:19:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\U88ggRZZ9hX
2011-11-10 01:18:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\P00yycAA1iv2o4H
2011-11-10 01:18:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\wXwwkkUVelOBt
2011-11-10 01:18:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\GiivvD33on
2011-11-10 01:18:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\AooonFF4a
2011-11-10 01:18:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\vBBttxPP0yS1i
2011-11-10 01:18:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\GqqqhYYCwkUVlOt
2011-11-10 01:18:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\ammHH5sWWJdELgR
2011-11-10 01:18:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\LVVVrrlOPc1vF57
2011-11-10 01:18:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\h77ffEL88
2011-11-10 01:18:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\LammHH6sWJ7fL8T
2011-11-10 01:18:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\zNNttxPP0uS1iD3
2011-11-10 01:18:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\UCwwkkIVrlO
2011-11-10 01:16:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\A000uccS1ibDon4
2011-11-10 01:16:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\eOOOBttxP0ySDon
2011-11-10 01:16:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\hYwwkUUVrlOBxPy
2011-11-10 01:16:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\bOBBttxPySi3nHJ
2011-11-10 01:16:36 -------- d-----w- C:\Users\Chris\AppData\Roaming\AYYCCwkkU
2011-11-10 01:16:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\r4aams7dEL8gRqY
2011-11-10 01:16:27 -------- d-----w- C:\Users\Chris\AppData\Roaming\qAAiDn4m5Q7E
2011-11-10 01:16:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZjjjUVVelIBt
2011-11-10 01:16:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\qJJJ7ddEK8gR9hX
2011-11-10 01:16:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\NBBBtzzyAiDoFp
2011-11-10 01:16:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\RgRRZZ9hYXwjVe
2011-11-10 01:16:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\sH55ssQJ7dEKgR9
2011-11-10 01:14:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\vUVVeelOBtzPyc1
2011-11-10 01:14:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\NjjjUCCelIBzPy1
2011-11-10 01:14:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\bPPNNyxxA1u
2011-11-10 01:14:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\H88ffRLL9hjCeIB
2011-11-10 01:14:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\fjjjUCCekI
2011-11-10 01:14:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\wyyyxAA0uvSFp
2011-11-10 01:14:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\NUUCCekkIBzONxA
2011-11-10 01:14:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\PUUCCekrxv2FpGa
2011-11-10 01:14:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\QSb3G5aHW7R
2011-11-10 01:14:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\VUUCCekIIrzONx0
2011-11-10 01:14:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\IUCCIrOyAvFG
2011-11-10 01:14:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\vXqqjjUCekIBzOy
2011-11-10 01:12:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\QvvS22ibF3pnGa
2011-11-10 01:12:52 -------- d-----w- C:\Users\Chris\AppData\Roaming\CNttxxA0ucS2bDp
2011-11-10 01:12:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\uKK77fEEL9gZqYC
2011-11-10 01:12:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\snnnGG4amH6sJ7T
2011-11-10 01:12:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\uIIIVrrlONtP0uS
2011-11-10 01:12:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\IttxxP00uc1ib3o
2011-11-10 01:12:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\YCCwwkIIVrlNt
2011-11-10 01:12:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\nggTTZqjjYwkIrO
2011-11-10 01:12:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\SW77f8gTZqhCw
2011-11-10 01:12:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\b1iibbD3onG4mHs
2011-11-10 01:12:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\cOOONttxP
2011-11-10 01:12:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\mbbbD3oonG4mH
2011-11-10 01:10:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\O33oonG44a
2011-11-10 01:10:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\IELLL8gTZqhYCkV
2011-11-10 01:10:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\aqqhhYCCwkUrlBt
2011-11-10 01:10:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\nDDD3oonF4am5sJ
2011-11-10 01:10:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\DVVVellOBtz0yc
2011-11-10 01:10:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\iUUVVellOB
2011-11-10 01:10:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\hPP00yiD2on4
2011-11-10 01:10:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\LeellOBttzA1iD2
2011-11-10 01:10:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\x444HsQJ7dE
2011-11-10 01:10:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\CQQQJ66dEK8
2011-11-10 01:10:05 -------- d-----w- C:\Users\Chris\AppData\Roaming\WLLL9hhUC
2011-11-10 01:10:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\qeeekIIBrzON
2011-11-10 01:08:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\j1v2b4m5QJ
2011-11-10 01:08:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\XgRRZZ9hYX
2011-11-10 01:08:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\LAAA1v2npHsJdKg
2011-11-10 01:08:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\wWWWJ77dEL8gZqY
2011-11-10 01:08:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\LdddELL8RqYkVlB
2011-11-10 01:08:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\RJ7ddELL8gRqhXw
2011-11-10 01:08:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\HRhhhYklBzyAiDo
2011-11-10 01:08:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\bffEEL8ggqYwUrB
2011-11-10 01:08:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\d444aQQH6sW7
2011-11-10 01:08:10 -------- d-----w- C:\Users\Chris\AppData\Roaming\yKK77fLgZYwIrO
2011-11-10 01:08:05 -------- d-----w- C:\Users\Chris\AppData\Roaming\I4aammH6sWJ7ELg
2011-11-10 01:08:01 -------- d-----w- C:\Users\Chris\AppData\Roaming\fqqCkOxySiDoF
2011-11-10 01:06:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\vLgZYwIrOtPuS
2011-11-10 01:06:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\LcccDoGa6W7TYwU
2011-11-10 01:06:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\C77ffELL9gTqjCw
2011-11-10 01:06:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\HD3oGamH6sWJfE8
2011-11-10 01:06:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\J33oonGG4aH6sJ7
2011-11-10 01:06:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\wkkUUVrllOtxPyS
2011-11-10 01:06:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\l8TqYwVlB
2011-11-10 01:06:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\pPP00yiD3oF4aH5
2011-11-10 01:06:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\a000yccS1ivDon4
2011-11-10 01:06:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\sOtxP00ucS1iD3
2011-11-10 01:06:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\h000yycv3
2011-11-10 01:06:05 -------- d-----w- C:\Users\Chris\AppData\Roaming\KiivvDD3on
2011-11-10 01:06:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\QQQJJ7dEE8gRZh
2011-11-10 01:04:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\j22oonFF4pm5sJ7
2011-11-10 01:04:52 -------- d-----w- C:\Users\Chris\AppData\Roaming\dgRRZZ9hYXUeIBz
2011-11-10 01:04:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\E999hhYXwjUVl
2011-11-10 01:04:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\SGG55sQQJ6dK8
2011-11-10 01:04:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\B666dEEK8fR9h
2011-11-10 01:04:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\JZZZ9hhTXwjUelB
2011-11-10 01:04:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\xSS22obbF3pG5Q
2011-11-10 01:04:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\j888fRRL9hTqjCe
2011-11-10 01:04:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\TAA11uvSS2bF3m5
2011-11-10 01:04:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\tPPPNyyxA1vS2bF
2011-11-10 01:04:10 -------- d-----w- C:\Users\Chris\AppData\Roaming\fTTXXqjjUCeIBzO
2011-11-10 01:04:05 -------- d-----w- C:\Users\Chris\AppData\Roaming\YJJ66dWWK8fL9TX
2011-11-10 01:04:01 -------- d-----w- C:\Users\Chris\AppData\Roaming\CddWWK88fR9hTqU
2011-11-10 01:02:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\PwwjjUVVelBtzNy
2011-11-10 01:02:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\kEKK88gRZ9hYwj
2011-11-10 01:02:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\fkkkUUVelOBtP0c
2011-11-10 01:02:40 -------- d-----w- C:\Users\Chris\AppData\Roaming\gdddL8gZhXU
2011-11-10 01:02:36 -------- d-----w- C:\Users\Chris\AppData\Roaming\sggRRZqhhYw
2011-11-10 01:02:31 -------- d-----w- C:\Users\Chris\AppData\Roaming\vtPiDoF4amH5WJd
2011-11-10 01:02:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\m444ammH6sWJfZh
2011-11-10 01:02:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\D1iivvD3onF4mHs
2011-11-10 01:02:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\a777fEEL8gTqhCw
2011-11-10 01:02:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZkkkUVVrl
2011-11-10 01:02:06 -------- d-----w- C:\Users\Chris\AppData\Roaming\NCwwkkUVrlOBtPy
2011-11-10 01:02:01 -------- d-----w- C:\Users\Chris\AppData\Roaming\R111ivvD3on
2011-11-10 01:00:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\PNNttxA0ucS2iD
2011-11-10 01:00:52 -------- d-----w- C:\Users\Chris\AppData\Roaming\g44aaQ6KfLgZjwI
2011-11-10 01:00:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\znnGG4aamH6WJfE
2011-11-10 01:00:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\SrrrlOOBtxP0c
2011-11-10 01:00:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\cPPP0uucS1ib3oG
2011-11-10 01:00:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\UgggTqYkVlNx0Si
2011-11-10 01:00:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\I44aaQH66
2011-11-10 01:00:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\NDD33onGG46W7f
2011-11-10 01:00:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\fhhhYCwUOtxPn
2011-11-10 01:00:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\h999gTTZqjYw
2011-11-10 01:00:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\C77ffEL8gTZqhVr
2011-11-10 01:00:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZGGaHsJf8
2011-11-10 01:00:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\WllOOx0c1voFaHd
2011-11-10 00:59:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\dlllOBBtxP0cS1v
2011-11-10 00:59:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\q1iivvD3onF4mHs
2011-11-10 00:59:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\IlOOBBtzP0yc
2011-11-10 00:59:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\XXkUUVeOtPyAv2n
2011-11-10 00:59:36 -------- d-----w- C:\Users\Chris\AppData\Roaming\sXXwwkUVVlOBtPy
2011-11-10 00:59:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\aHH55sQQJ7EKZhY
2011-11-10 00:59:27 -------- d-----w- C:\Users\Chris\AppData\Roaming\gpp5Q7EK8gR
2011-11-10 00:59:22 -------- d-----w- C:\Users\Chris\AppData\Roaming\b22oonF44pH5sJd
2011-11-10 00:59:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\wyyccA11uvDob
2011-11-10 00:59:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\SyyccA1uuv
2011-11-10 00:59:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\bXXwwjUUVelBtP
2011-11-10 00:59:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\URRZ99hYXwjUelB
2011-11-10 00:57:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\affRRXjUkr
2011-11-10 00:57:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\sRR9TqqjUCekBrO
2011-11-10 00:57:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\W999hTTXqjUCkIr
2011-11-10 00:57:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\TVVrrzONt
2011-11-10 00:57:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\JttxxA00u
2011-11-10 00:57:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\hbD3pnG44aH6
2011-11-10 00:57:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\g777fEEL9gjYwkV
2011-11-10 00:57:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\QgggTZZqjYCwIVl
2011-11-10 00:57:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\JkkUUVrlBtxPyc1
2011-11-10 00:57:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\InFF44amH
2011-11-10 00:57:10 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZH5sEK88g
2011-11-10 00:57:05 -------- d-----w- C:\Users\Chris\AppData\Roaming\ollOOyvn4msJdKg
2011-11-10 00:57:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\VUUUVeelOBtz0yA
2011-11-10 00:56:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\GvvvDD3nF4am5
2011-11-10 00:56:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\c33oonFF4am5
2011-11-10 00:56:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\cooonnF4a
2011-11-10 00:56:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\z00yycAA1iv2oF4
2011-11-10 00:56:36 -------- d-----w- C:\Users\Chris\AppData\Roaming\gF4aa5W7LgqYwUe
2011-11-10 00:56:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\yOOOBttxP0y
2011-11-10 00:56:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\EiivvFaH5sWJd
2011-11-10 00:56:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\q77EgZhCk
2011-11-10 00:56:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\sOOBtPy1v3n4msJ
2011-11-10 00:56:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\nYYCCwkkU
2011-11-10 00:56:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\RqhYwUlPyAiFmsQ
2011-11-10 00:56:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\pXXXwkkUVelBtz0
2011-11-10 00:54:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\fuuvvS2oob3pm5Q
2011-11-10 00:54:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\EZZ99hTTjClBzyA
2011-11-10 00:54:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\z1uvv2mJW8
2011-11-10 00:54:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\jIIBBrzzPNyA1vS
2011-11-10 00:54:36 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZXXqjUUCe
2011-11-10 00:54:31 -------- d-----w- C:\Users\Chris\AppData\Roaming\mzPPNNyxA1uv2oF
2011-11-10 00:54:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\hffRR9TjCzxvb3m
2011-11-10 00:54:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\DzzzPPNycA1uD2
2011-11-10 00:54:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\ARRRZqqhkUVeOBz
2011-11-10 00:54:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\NFFF4ppmH5sJ7EK
2011-11-10 00:54:06 -------- d-----w- C:\Users\Chris\AppData\Roaming\ovvvD22obF4pG5
2011-11-10 00:52:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\zVlNxPP0ucSib
2011-11-10 00:52:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\i00uucSS1ib3oG4
2011-11-10 00:52:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\PbDD33onG4am6sJ
2011-11-10 00:52:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\chhYYCwwkUrl
2011-11-10 00:52:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\FWWJJ7ffEL8TZhY
2011-11-10 00:52:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\K5ssWWJ7dEZqh
2011-11-10 00:52:27 -------- d-----w- C:\Users\Chris\AppData\Roaming\VmmmWJ7E8
2011-11-10 00:52:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\A8ggRRZqhYXw
2011-11-10 00:52:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\JoonnHsJd8RqYwU
2011-11-10 00:52:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\mVVVellOBtzPy
2011-11-10 00:52:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\AnnmH5sQJ7dEKgZ
2011-11-10 00:52:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\d5ssQQJ7dEK8RZh
2011-11-10 00:52:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\LJJJ6KfZhXjeIrP
2011-11-10 00:51:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\j99hhTXwwUCelBz
2011-11-10 00:51:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\dBBttzPyAv2b4m5
2011-11-10 00:51:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\BhhhYXXwjUVeIBz
2011-11-10 00:51:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\UnnFF4HsJdL
2011-11-10 00:51:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\nsssWJJ7dELg
2011-11-10 00:51:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\hkUUVVelOBPyAiD
2011-11-10 00:51:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\I777ddEL8RZq
2011-11-10 00:51:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\qBBBtxxPc
2011-11-10 00:51:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\oiibbD33pn4aH6W
2011-11-10 00:51:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\lYYCCeVzNx0c2bp
2011-11-10 00:51:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\dKKK8ffRL9qBOyA
2011-11-10 00:50:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZJJJ6ddWK8fRhXU
2011-11-10 00:50:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\FDD22obFF
2011-11-10 00:50:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\qvDD22FpH
2011-11-10 00:50:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\QkkkUUVelOB
2011-11-10 00:50:36 -------- d-----w- C:\Users\Chris\AppData\Roaming\liiv3FaHsJE8RqY
2011-11-10 00:50:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\uoG4ammH6
2011-11-10 00:50:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\L88gTZZqhYCwUVl
2011-11-10 00:50:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\KcccS11i4s7E8Zh
2011-11-10 00:50:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\kVVVrzNx2pGaHs
2011-11-10 00:50:10 -------- d-----w- C:\Users\Chris\AppData\Roaming\tRRRL99gTXqjCeI
2011-11-10 00:50:05 -------- d-----w- C:\Users\Chris\AppData\Roaming\szOONNyAv3GaHW
2011-11-10 00:49:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\BEEEK88fRZ9hXwU
2011-11-10 00:49:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\WxxxA11uvS2o3Ga
2011-11-10 00:49:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\HlllIIBrzPN
2011-11-10 00:49:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\rKKK8ggwUlBzyAu
2011-11-10 00:49:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\NVVVtPP0ycA
2011-11-10 00:49:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\TyccSS1ivD3oF4m
2011-11-10 00:49:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZLLL8gghCwkVlBx
2011-11-10 00:49:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\s44aamHH5sW7dL8
2011-11-10 00:49:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\OqhhYYCwkUVrBPF
2011-11-10 00:49:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\lrrzzONyxA0uSF3
2011-11-10 00:49:05 -------- d-----w- C:\Users\Chris\AppData\Roaming\YBBrryA1uvS2bFp
2011-11-10 00:49:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\J22oobF44pG5
2011-11-10 00:48:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\SwwjjUVVelItz
2011-11-10 00:48:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\L11uoF4pmG5sJ6E
2011-11-10 00:48:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\xssQQJ7dEK8gR9Y
2011-11-10 00:48:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\nLLL9gYwO0ciDn4
2011-11-10 00:48:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\QGGG4Q6KfLgTjkl
2011-11-10 00:48:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\OKK77fEL9gTZYwI
2011-11-10 00:48:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\eggTqCkVzNx
2011-11-10 00:48:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZwkkkIVrlONt
2011-11-10 00:48:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\WEELL9gTTqjYCkV
2011-11-10 00:48:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\wWWKK7ffEL9jY
2011-11-10 00:48:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\gnnnG4aaQH6WKfE
2011-11-10 00:46:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\t333pnnG5aH6dK7
2011-11-10 00:45:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\G0uuvvS2ibF3nGa
2011-11-10 00:44:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\jWWWK77fEL9gZjY
2011-11-10 00:44:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\g222oobF4pm5sJ6
2011-11-10 00:44:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\EllIIBtzPNyc1uD
2011-11-10 00:44:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\D77ffEEL8gT
2011-11-10 00:44:31 -------- d-----w- C:\Users\Chris\AppData\Roaming\KWWWJ77fEL8TZhY
2011-11-10 00:44:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\oRRZZ9hhTXjUClI
2011-11-10 00:44:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\QooonF44pmHsQ7
2011-11-10 00:44:06 -------- d-----w- C:\Users\Chris\AppData\Roaming\FnGG44amH6sWJfL
2011-11-10 00:43:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\mooobFF3pmG5Q
2011-11-10 00:43:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\j88ggRZqqhXwkVl
2011-11-10 00:43:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\OaammH55sWJdE8g
2011-11-10 00:43:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\X44aamHH6sJ7fL8
2011-11-10 00:43:36 -------- d-----w- C:\Users\Chris\AppData\Roaming\LiiibbD3pnG4QHs
2011-11-10 00:43:31 -------- d-----w- C:\Users\Chris\AppData\Roaming\lYYCCekkI
2011-11-10 00:43:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\ciiibFF3pnGaQ6d
2011-11-10 00:43:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\eJJJ6ddWK8fL9h
2011-11-10 00:43:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\s2oobbF4pmG5QJd
2011-11-10 00:43:10 -------- d-----w- C:\Users\Chris\AppData\Roaming\HXXXwwClBzNAuSo
2011-11-10 00:43:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\dWWWJ77dEL8RZhY
2011-11-10 00:41:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\IGG44aQHH
2011-11-10 00:40:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\b00yycSS1iv3oF4
2011-11-10 00:39:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\xkkIIVVrlONxPuc
2011-11-10 00:38:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\loonnG44amHsW7f
2011-11-10 00:37:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\PFFF4ppmG5sQ6dK
2011-11-10 00:37:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\QhhhwUeIrNx1v2F
2011-11-10 00:37:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\x55aaQQJ6dW8fL9
2011-11-10 00:37:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\vPPP0yc1adLghOA
2011-11-10 00:37:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\eoonnG44amHsW7f
2011-11-10 00:37:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\KvDoFm5Q7ER9XUP
2011-11-10 00:37:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\ROOONNtxA0uS2b
2011-11-10 00:37:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\WjjjYYCekIVrONx
2011-11-10 00:37:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\gppnnG44aQ6sW7E
2011-11-10 00:37:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\iSSSiD3pn4
2011-11-10 00:37:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\b555aQQH6dW7fL9
2011-11-10 00:35:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\RSSS1iibD3on4a
2011-11-10 00:35:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\nmmHH6sWJ7fE8gZ
2011-11-10 00:35:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\kffLL8ggTZqYCkU
2011-11-10 00:35:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\I5ssWWJ7dEL8
2011-11-10 00:35:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\vJJ77dEEK8gZ9YX
2011-11-10 00:35:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\QKKK8ffRZ9hTwjC
2011-11-10 00:35:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\b666dWWK8fR9hXq
2011-11-10 00:35:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\I2bbF3pnG
2011-11-10 00:35:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\HbbbDD3onG4aH6W
2011-11-10 00:35:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\JPPP0yycS1iv3oF
2011-11-10 00:35:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\nOBBttzP0ycA
2011-11-10 00:35:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\lJJJ7dEEL8gZ
2011-11-10 00:35:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\EyyccS1ivD3on
2011-11-10 00:33:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\xZZZ9hhTXwjUeIB
2011-11-10 00:32:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\BDDD3onGGamH6W7
2011-11-10 00:32:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\bBBBtxxP0ycSiv3
2011-11-10 00:32:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\jBtttzP0ycA1i
2011-11-10 00:32:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\qoobbF4pmG5sQ6E
2011-11-10 00:32:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\obFF33pmG5a
2011-11-10 00:32:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\DOyxxA23pnG
2011-11-10 00:32:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\q9YrxA0uu
2011-11-10 00:32:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\A77fRRL9gTXqYCI
2011-11-10 00:32:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\DJJdKfLhqUeIrON
2011-11-10 00:32:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\WiibbD33pnGaQ6s
2011-11-10 00:32:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\XWWK7ffE9T
2011-11-10 00:32:06 -------- d-----w- C:\Users\Chris\AppData\Roaming\JIVVltPuSiDoGmH
2011-11-10 00:32:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\EmmHH6ssWJ7EL
2011-11-10 00:30:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\cRLL9hhTXqUCkIr
2011-11-10 00:29:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\zG44aaWgqY
2011-11-10 00:29:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\KDD3nHfqCwUVrOt
2011-11-10 00:29:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\eOOBBtxxP0yS1vD
2011-11-10 00:29:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\TlllOBBtzP0y
2011-11-10 00:29:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\yppmmG55sQJdE8f
2011-11-10 00:29:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\hBzNc1DoFpmGsQ6
2011-11-10 00:29:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\mZZZ99TTXwjCeIB
2011-11-10 00:29:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\Q666dWWK8fR
2011-11-10 00:29:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\qiibbF33pnGa
2011-11-10 00:29:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\ctttxxA0ucS2bDp
2011-11-10 00:29:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\CjjYYCwkkIrlOtP
2011-11-10 00:29:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\HnnnG44amsLqhl0
2011-11-10 00:29:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\TDasW7fqhUtx
2011-11-10 00:27:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\q44ppmH5QJ7dE8R
2011-11-10 00:27:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\XhXjVlBPyA
2011-11-10 00:27:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\IobbFF4pmG5sJ6E
2011-11-10 00:27:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\PClBzNxuuv2ob3m
2011-11-10 00:27:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\jeellIBPyvpJ6W8
2011-11-10 00:27:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\h2oobbF59Uz1b5d
2011-11-10 00:27:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\w2pmH55sQJ7dK
2011-11-10 00:27:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\VvDDn4m5sJdK
2011-11-10 00:27:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\e11vo5K8ghXjUel
2011-11-10 00:27:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\FtzzPNNycA1v
2011-11-10 00:27:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\lpmmG5sQJ6dEKfZ
2011-11-10 00:27:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\KoFpGaQ6W8LhX
2011-11-10 00:25:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\zLL88gTZZhYCwUr
2011-11-10 00:25:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\HcccSS1iv3oF4ms
2011-11-10 00:25:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\KVlBPy1vD3oFWdL
2011-11-10 00:25:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\VwwwkkUVrlOBxyS
2011-11-10 00:25:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\dSS11ivvD
2011-11-10 00:25:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\AP00yycS1iv3oF4
2011-11-10 00:25:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\cPPP0yyc1ivDo4m
2011-11-10 00:25:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\WjUUCCekIBrzNyA
2011-11-10 00:25:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\djUUCCekIBrzOyu
2011-11-10 00:25:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\DiiibFnGG5Q
2011-11-10 00:25:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\KdLjUCeBxA0u2iF
2011-11-10 00:25:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\UF33pmmG5aQ
2011-11-10 00:24:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\ndKfZhTwjIAoadK
2011-11-10 00:24:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\F99hhYXXwjUe
2011-11-10 00:24:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\n999hYYXw
2011-11-10 00:24:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\EBtzPPycA1uv2
2011-11-10 00:24:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\uRRZZqhhYXkUVlB
2011-11-10 00:24:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\wD33oonFmH5WJdL
2011-11-10 00:24:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\FCCCwVrlOx0y
2011-11-10 00:24:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\FIIIrzzONtxAuSi
2011-11-10 00:24:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\KNNNycA1uD2FQJE
2011-11-10 00:24:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\rggRRZ9hYwjUVlB
2011-11-10 00:24:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\JhwVOz0AiDoFsQd
2011-11-10 00:22:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\rjjUUVeelIBzPyc
2011-11-10 00:21:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\Q000uvvS2ib3pG5
2011-11-10 00:20:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\EhhYYCwwkU
2011-11-10 00:19:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\TdddWK8fRL9hXqU
2011-11-10 00:19:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\lXqjjUCekIBONx0
2011-11-10 00:19:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\r777RRL9g
2011-11-10 00:19:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\gPSS1ibD3on4aH6
2011-11-10 00:19:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\tEgZZqjYCwkIrlx
2011-11-10 00:19:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\csWJJ7fEE
2011-11-10 00:19:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\vFF44ammH5WJ7
2011-11-10 00:19:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\JLL88gRZqhYwkeO
2011-11-10 00:19:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\KsssQJJ7dEKgR9Y
2011-11-10 00:19:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\aPPPNyycA1uv2oF
2011-11-10 00:19:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\CWWWKK8fRL9hXq
2011-11-10 00:19:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\n999hTTXqjCekBz
2011-11-10 00:19:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\VTTXXqjjY
2011-11-10 00:17:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\i6W7RL9gXqjYekV
2011-11-10 00:16:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\PR9TqUCekIBrONv
2011-11-10 00:15:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\yoo4m5Q6E8R9XwU
2011-11-10 00:14:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\n77ddEKK8gZ9hXw
2011-11-10 00:14:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\pppmG55sQJ6EKfZ
2011-11-10 00:14:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\VKK88fRRZ
2011-11-10 00:14:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\JssQQJ6dEK8fZ9T
2011-11-10 00:14:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\ErzzPPNxv2m6K
2011-11-10 00:14:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\EFF3pmG55aJ6W8f
2011-11-10 00:14:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\xDDD3ppnG4a
2011-11-10 00:14:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\u0uucS1ibD3nGam
2011-11-10 00:14:22 -------- d-----w- C:\Users\Chris\AppData\Roaming\rtttxPP0ycS1vDo
2011-11-10 00:14:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\GZhVxivD3o
2011-11-10 00:14:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\svvvDD3onF4aH5W
2011-11-10 00:14:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\xyyycSS1vD3oF4
2011-11-10 00:14:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\bTwOy3mdqBtPyc1
2011-11-10 00:12:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\KCCCwkkUVrlBtP0
2011-11-10 00:12:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\aaamHH5sWJ7dLgR
2011-11-10 00:12:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\YiiivDD2onF4mHQ
2011-11-10 00:12:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\LtttzPP0ycAiv2
2011-11-10 00:12:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\o44ppmH5sQJ7dKg
2011-11-10 00:12:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\OXXXwjjUVelIt
2011-11-10 00:12:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\UGGG5ssQJ6d
2011-11-10 00:12:27 -------- d-----w- C:\Users\Chris\AppData\Roaming\uFFF3ppmG5aQ6dK
2011-11-10 00:12:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\l5aaQQJ6dWK8RLh
2011-11-10 00:12:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\oNxx1uvvS2bFpm5
2011-11-10 00:12:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\DK88ffZ9hTXwjCl
2011-11-10 00:12:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\rffRZZ9hTwjUClB
2011-11-10 00:12:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\OzPNNyAA1uv2o
2011-11-10 00:10:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\X1ivvD3onF4aH
2011-11-10 00:09:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\EPPPNyycA1uD2bF
2011-11-10 00:08:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\eggTTZqqjYwkIrO
2011-11-10 00:08:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\rTTTZqqhYCkUrlB
2011-11-10 00:08:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\jFF44amH5sJ7dLg
2011-11-10 00:08:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\wF44aamH5s7dL
2011-11-10 00:08:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\EYXXwkUUVelBtPy
2011-11-10 00:08:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\vsQQ7dEE8gRZ9Yw
2011-11-10 00:08:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\LtttzPPNycAuv2b
2011-11-10 00:08:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\YJJ66dEEK8RZ9
2011-11-10 00:08:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\uBBttzPNNyA1uDo
2011-11-10 00:08:14 -------- d-----w- C:\Users\Chris\AppData\Roaming\aDDD2oobF4pG5sJ
2011-11-10 00:08:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\N1uuvvobF5sdKf
2011-11-10 00:08:05 -------- d-----w- C:\Users\Chris\AppData\Roaming\BQJJ66dK8fRZhTw
2011-11-10 00:08:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\uRRRZ99hTXwUClI
2011-11-10 00:06:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\hHHH6sWK7fELgTq
2011-11-10 00:06:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\j66KTkONtxP0cSi
2011-11-10 00:06:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\qCkVrx0ibD3on4m
2011-11-10 00:06:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\mWJJJ7dEL8gRZhX
2011-11-10 00:06:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\r111ivDD2on4pH5
2011-11-10 00:06:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\xPPPNyycA1u
2011-11-10 00:06:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\iEEEK88fRZ9hXwU
2011-11-10 00:06:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\UF33ppmG5aQJdKf
2011-11-10 00:06:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\qKKK8fRRL9hX
2011-11-10 00:06:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\TAA11uSooF3m
2011-11-10 00:06:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\AXXqqjUUCekBrON
2011-11-10 00:06:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\qA00uvS2ib3nGaH
2011-11-10 00:06:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\WibbF33n5aH6dK7
2011-11-10 00:04:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\YEEEL8gTZqhYwUr
2011-11-10 00:04:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\vPPP0yycS1iv3
2011-11-10 00:04:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\TDDD3oonF4mHsW7
2011-11-10 00:04:44 -------- d-----w- C:\Users\Chris\AppData\Roaming\vmmmH55sWJ7dL8R
2011-11-10 00:04:40 -------- d-----w- C:\Users\Chris\AppData\Roaming\RVVVelIIBzP
2011-11-10 00:04:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\u99hYYXwjUVlItz
2011-11-10 00:04:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\geeelIIBtzPycAu
2011-11-10 00:04:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\j888gR9hYX
2011-11-10 00:04:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\NDDD2bF4pm5QJdK
2011-11-10 00:04:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\XFFF4pmsQJ6EKfR
2011-11-10 00:04:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\EyuD2FF4pmG5Q
2011-11-10 00:04:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\K5aaaQJ6dWK8RLh
2011-11-10 00:04:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\TBBBrzzONyx0uS2
2011-11-10 00:02:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\dhhhXwUeIrPy
2011-11-10 00:02:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\b1uuvvS2ob3pG5Q
2011-11-10 00:02:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\jzPPNNyxA1vSo
2011-11-10 00:02:44 -------- d-----w- C:\Users\Chris\AppData\Roaming\RUUUCeelIBrzNyA
2011-11-10 00:02:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\LpQ8RTXwwjCelBr
2011-11-10 00:02:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\akkIIBrzONyxAuS
2011-11-10 00:02:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\TvvSSib3pnG5aHd
2011-11-10 00:02:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\dqqjjYCeeIONxc2
2011-11-10 00:02:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\pgggTZZqj
2011-11-10 00:02:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\ujYYCCwkI
2011-11-10 00:02:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\taammWJ7fEL8gZh
2011-11-10 00:02:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\Z2iibb3ppG4aQ6W
2011-11-10 00:02:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\shhhYCkUUrlOtx
2011-11-10 00:00:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\iAA11ivvD2oF4mH
2011-11-10 00:00:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\DJJ7ddEK8gRZ9Yw
2011-11-10 00:00:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\eUUUVeelIBtPNc
2011-11-10 00:00:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\foobbF44pm5sQ6d
2011-11-10 00:00:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\lNNNyyxA1
2011-11-10 00:00:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\dTTXXqjjU
2011-11-10 00:00:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\z2bbDp4aHW7ELgZ
2011-11-10 00:00:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\YcccS11ibD
2011-11-10 00:00:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\wllOOBtxP0yc1
2011-11-10 00:00:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\w33oonF4amH5WJd
2011-11-10 00:00:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\NVellOBtzP0yA1v
2011-11-10 00:00:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\n88ggRZ9hYXjUel
2011-11-10 00:00:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\AhXUlBzNcvDob4m
2011-11-09 23:58:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\GxxxP0ycSvDon4a
2011-11-09 23:57:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\vhhhYXXwjUVeIBz
2011-11-09 23:57:52 -------- d-----w- C:\Users\Chris\AppData\Roaming\hhhTTXqqj
2011-11-09 23:57:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\jKK77fRL9gTXj
2011-11-09 23:57:44 -------- d-----w- C:\Users\Chris\AppData\Roaming\qeIzttxA0ucSiD3
2011-11-09 23:57:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\FAAA0ucSS2bD3n4
2011-11-09 23:57:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\fCCCwkIVVlONtPu
2011-11-09 23:57:31 -------- d-----w- C:\Users\Chris\AppData\Roaming\iWWJJ7fEL8gZqYC
2011-11-09 23:57:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\jvvDD3oonFamHsW
2011-11-09 23:57:22 -------- d-----w- C:\Users\Chris\AppData\Roaming\EFpmH55sQJ7dK8R
2011-11-09 23:57:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\pmHH55sQJ7dE8gZ
2011-11-09 23:57:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\TvvDD2obF
2011-11-09 23:57:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\qzzzPNNyxA1v
2011-11-09 23:57:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\F2oobbF3pmG5QJd
2011-11-09 23:55:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\KmmHH6sWW7fL8gZ
2011-11-09 23:55:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\JxxxP00cSiv3oF4
2011-11-09 23:55:50 -------- d-----w- C:\Users\Chris\AppData\Roaming\qhhhYYXwjUVeItP
2011-11-09 23:55:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\JvvDD2oobFpm
2011-11-09 23:55:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\IRRRZ99hTXwUClI
2011-11-09 23:55:36 -------- d-----w- C:\Users\Chris\AppData\Roaming\O6dWKK8fRL
2011-11-09 23:55:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\ihhTTXqjUCekB
2011-11-09 23:55:27 -------- d-----w- C:\Users\Chris\AppData\Roaming\wbbF3pmG5aQJd
2011-11-09 23:55:22 -------- d-----w- C:\Users\Chris\AppData\Roaming\k33pmGG5aQJ
2011-11-09 23:55:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\xTTXXqjUCekIrzN
2011-11-09 23:55:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\dkkIIBrzz
2011-11-09 23:55:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\t2oobb33pmGaQ6d
2011-11-09 23:55:02 -------- d-----w- C:\Users\Chris\AppData\Roaming\R1uvvS2ob3pmGa
2011-11-09 23:53:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\XOOONtxAAucSb
2011-11-09 23:53:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\T3pppnG4aQHsW7f
2011-11-09 23:53:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\wYYCCwkkVrlOt
2011-11-09 23:53:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\agggTZqqhCwUVlO
2011-11-09 23:53:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\grrrlOBBtxP
2011-11-09 23:53:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\AooonGG4amHJ7EL
2011-11-09 23:53:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\PrrllBttxP0cSiv
2011-11-09 23:53:23 -------- d-----w- C:\Users\Chris\AppData\Roaming\UZZZqhYCwkU
2011-11-09 23:53:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\QmH5sWWJ7dL
2011-11-09 23:53:14 -------- d-----w- C:\Users\Chris\AppData\Roaming\dyc2onF4pmHsQ7d
2011-11-09 23:53:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\VyyycAA1i2nF
2011-11-09 23:53:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\ikkUVrtv4WJ7ELg
2011-11-09 23:52:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\d888RRZqh
2011-11-09 23:52:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\m55sWJ7dE8qYXkU
2011-11-09 23:52:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\tBttxP0ycSn4aH5
2011-11-09 23:52:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\tnnFF4aaH5WJdLZ
2011-11-09 23:52:40 -------- d-----w- C:\Users\Chris\AppData\Roaming\jHH5sQJ7dK8RZhY
2011-11-09 23:52:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\xp5Q7E8R9XjVeIt
2011-11-09 23:52:31 -------- d-----w- C:\Users\Chris\AppData\Roaming\KVVeelIIBtPNc
2011-11-09 23:52:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\iyycAA1ivDp7E8g
2011-11-09 23:52:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\gWWJ77d8hYXwUV
2011-11-09 23:52:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\UivvnF44aJ7gRhX
2011-11-09 23:52:10 -------- d-----w- C:\Users\Chris\AppData\Roaming\J8ggTTZqhYrt0y1
2011-11-09 23:52:05 -------- d-----w- C:\Users\Chris\AppData\Roaming\GHH6JJEThwrBx
2011-11-09 23:50:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\kEEEL99gTCwVtu1
2011-11-09 23:50:52 -------- d-----w- C:\Users\Chris\AppData\Roaming\NWJJ77fEL8gTqhC
2011-11-09 23:50:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\VcccS11ivD3nFam
2011-11-09 23:50:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\bddEEL88gRqhYw
2011-11-09 23:50:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\fFF44pmmG5QJ6E8
2011-11-09 23:50:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\A6ddEEK8fRZ9TXj
2011-11-09 23:50:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\hvvvS22obF3mGaQ
2011-11-09 23:50:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\F2iibbF3pnG5
2011-11-09 23:50:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\DKK88fRRZ9T
2011-11-09 23:50:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\TwIVrlONtxP0cSi
2011-11-09 23:50:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\VHHH6ssWKfE9gZq
2011-11-09 23:50:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\vbFFF4pmG5
2011-11-09 23:49:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\NssWWJ7dEL8gZqY
2011-11-09 23:49:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\BNNtxAAuS2b3p
2011-11-09 23:49:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\Suuu2b4m5Q
2011-11-09 23:49:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\tOOOBttzP0
2011-11-09 23:49:27 -------- d-----w- C:\Users\Chris\AppData\Roaming\keeekkIBrzONxAu
2011-11-09 23:49:22 -------- d-----w- C:\Users\Chris\AppData\Roaming\mIIIBrrzPNy1v2o
2011-11-09 23:49:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\m1ivvD3oon4am5W
2011-11-09 23:49:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\YyxxAA0uvS2bF
2011-11-09 23:49:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\c99ggTXXqjCekVz
2011-11-09 23:48:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\RllIIBrzNyx
2011-11-09 23:48:52 -------- d-----w- C:\Users\Chris\AppData\Roaming\hQQQJ77dEK8gZ9Y
2011-11-09 23:48:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\bkkkUVVelOB
2011-11-09 23:48:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\JAAA1iivD2oFpH5
2011-11-09 23:48:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\KVVzx0ci3n5Q6W7
2011-11-09 23:48:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\z55aadK8fR
2011-11-09 23:48:22 -------- d-----w- C:\Users\Chris\AppData\Roaming\VnnnF44pmH5Q
2011-11-09 23:48:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\GWWJJ7fEL8gTqhC
2011-11-09 23:48:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\ZnnGG4aQQ6sWKfL
2011-11-09 23:48:06 -------- d-----w- C:\Users\Chris\AppData\Roaming\TnnnG44aQH6sK7E
2011-11-09 23:48:01 -------- d-----w- C:\Users\Chris\AppData\Roaming\NooonGG4amH
2011-11-09 23:47:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\EppnnG4aaH6sW
2011-11-09 23:47:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\JeellIBBrzNyx1u
2011-11-09 23:47:42 -------- d-----w- C:\Users\Chris\AppData\Roaming\GEEEL88gTZqYCwU
2011-11-09 23:47:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\JnnGG4amH6sW
2011-11-09 23:47:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\mYCCCwkIVr
2011-11-09 23:47:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\lyyyxAA1uvS2
2011-11-09 23:47:14 -------- d-----w- C:\Users\Chris\AppData\Roaming\nKKK8gRRZ9jUVlB
2011-11-09 23:47:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\qeOOBBtzP
2011-11-09 23:47:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\gqqqhYYXwkUVlOt
2011-11-09 23:47:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\jobbFF4pmG5sJ
2011-11-09 23:46:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\nWWJJ7ddE
2011-11-09 23:46:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\E555ssWJ7dELgRq
2011-11-09 23:46:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\cL888gRZqhYXwUe
2011-11-09 23:46:40 -------- d-----w- C:\Users\Chris\AppData\Roaming\AOOOBttzP0yc
2011-11-09 23:46:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\wtzzPP0ycA
2011-11-09 23:46:31 -------- d-----w- C:\Users\Chris\AppData\Roaming\kPP00yccA1vD2n4
2011-11-09 23:46:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\OwwkkUVrrlBtPyc
2011-11-09 23:46:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\H11iibDD3oG4aH6
2011-11-09 23:46:15 -------- d-----w- C:\Users\Chris\AppData\Roaming\sBBBttxP0ycSivo
2011-11-09 23:46:10 -------- d-----w- C:\Users\Chris\AppData\Roaming\mwwwkUUVrlOtx
2011-11-09 23:46:05 -------- d-----w- C:\Users\Chris\AppData\Roaming\hHHH66sWJ7fE8gZ
2011-11-09 23:46:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\xaammssWJ7E
2011-11-09 23:45:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\DOOBBtzzP0cA1vD
2011-11-09 23:45:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\CBrrzzONyxAuviF
2011-11-09 23:45:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\tzzzyxAA1uS2oFp
2011-11-09 23:45:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\rJJJ6dEK8fRZhTw
2011-11-09 23:45:33 -------- d-----w- C:\Users\Chris\AppData\Roaming\vXwwjUUCel
2011-11-09 23:45:27 -------- d-----w- C:\Users\Chris\AppData\Roaming\KQQQJ77dEK8gZqY
2011-11-09 23:45:22 -------- d-----w- C:\Users\Chris\AppData\Roaming\ndddKK8gRZ9hXwU
2011-11-09 23:45:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\EwjjUUVelI
2011-11-09 23:45:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\lEEKK8ffZ9hT
2011-11-09 23:45:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\T999hhTXwjUC
2011-11-09 23:45:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\EF333pmG5a
2011-11-09 23:45:00 -------- d-----w- C:\Users\Chris\AppData\Roaming\LpppmGG5aQJdW8f
2011-11-09 23:43:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\j999hTTXqjUCkIr
2011-11-09 23:43:52 -------- d-----w- C:\Users\Chris\AppData\Roaming\tIIVVrzOONxAuc2
2011-11-09 23:43:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\v66ssWK7fEL9gZj
2011-11-09 23:43:44 -------- d-----w- C:\Users\Chris\AppData\Roaming\jSS11ibbD3oG4mH
2011-11-09 23:43:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\uYYYCwwkIrOtx0u
2011-11-09 23:43:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\gONNttxP0ucSib3
2011-11-09 23:43:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\WrrrlOOBtxP0
2011-11-09 23:43:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\tVVVellOBtzPyc1
2011-11-09 23:43:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\G99hhTXwjUCelBz
2011-11-09 23:43:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\wjjjUCCelIBzPyA
2011-11-09 23:43:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\tmmmG55aQJ6WKfR
2011-11-09 23:43:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\mvvSS2iibFpnGaQ
2011-11-09 23:43:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\KXXqqjYYCekVrOt
2011-11-09 23:41:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\oVVrrlOOBtx
2011-11-09 23:40:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\NsssQJJ6dEKfR9h
2011-11-09 23:40:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\ArrzzPNNyxAu
2011-11-09 23:40:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\P88ffRLL9hX
2011-11-09 23:40:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\fbbDD3pnnG
2011-11-09 23:40:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\oLLL9ggTZqjYwIV
2011-11-09 23:40:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\ennGG4amH6sWJE8
2011-11-09 23:40:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\tUUVVrllOBtP0
2011-11-09 23:40:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\HZZZqhhYXwkUelB
2011-11-09 23:40:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\zppmmH5ssJ7dE8R
2011-11-09 23:40:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\uellIIBtzPNy
2011-11-09 23:40:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\fmGGG5aQJ6dWKfL
2011-11-09 23:40:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\cG55aaQH6dWKfR9
2011-11-09 23:40:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\dCCCekkIV
2011-11-09 23:38:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\obbbF33pnG5aH6W
2011-11-09 23:38:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\TqqqjYYCekVrzNt
2011-11-09 23:38:47 -------- d-----w- C:\Users\Chris\AppData\Roaming\OwwkkIVrrl
2011-11-09 23:38:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\t888gTTZqhYCk
2011-11-09 23:38:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\KUUUVVelOBtz0yA
2011-11-09 23:38:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\b33oonGmH6sW7fL
2011-11-09 23:38:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\t11iivDD3on4aH5
2011-11-09 23:38:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\o222onnF4pmHsQ7
2011-11-09 23:38:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\JUVVeelIBtzPNc1
2011-11-09 23:38:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\CfffRZZ9hTXjUel
2011-11-09 23:38:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\LWWKK8ffRLhTXjC
2011-11-09 23:38:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\u66ssWK7fEL9TZY
2011-11-09 23:38:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\bGGG4aamH6sW7fL
2011-11-09 23:36:58 -------- d-----w- C:\Users\Chris\AppData\Roaming\BCCeekIBBrONy
2011-11-09 23:35:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\GaaamHH6sWJ7Tqh
2011-11-09 23:35:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\O000yccS1ivDon4
2011-11-09 23:35:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\rivvDD2onF4H5QJ
2011-11-09 23:35:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\lmmmH55sWJ7EL8R
2011-11-09 23:35:38 -------- d-----w- C:\Users\Chris\AppData\Roaming\WoonnF4aaH5sW7E
2011-11-09 23:35:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\xoonnF4ppH5sQ7E
2011-11-09 23:35:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\eCCCellIBrzNyx1
2011-11-09 23:35:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\OcAA11uvD2obF
2011-11-09 23:35:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\DNNNyccA1uvDoF4
2011-11-09 23:35:16 -------- d-----w- C:\Users\Chris\AppData\Roaming\SZZ99hTTXwUCeIB
2011-11-09 23:35:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\QaaQQ66dRLhTXjU
2011-11-09 23:35:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\LONNyyxA0uvSib3
2011-11-09 23:35:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\hssWWK7ffE9gTqY
2011-11-09 23:33:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\Q1uuvvD2obF4mGs
2011-11-09 23:33:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\fZZZ9hhTXwjUe
2011-11-09 23:33:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\dzzzPNNyxA1vSoF
2011-11-09 23:33:44 -------- d-----w- C:\Users\Chris\AppData\Roaming\X88ffRL99hXqjCk
2011-11-09 23:33:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\ESSS2iibF3pn5
2011-11-09 23:33:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\RxxxAA1uvS2
2011-11-09 23:33:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\lOOONyyxA0uv2iF
2011-11-09 23:33:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\sOOONtxxA0uS2b
2011-11-09 23:33:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\GeeelBzPyxA1vSo
2011-11-09 03:49:07 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2011-11-09 03:49:07 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 03:49:06 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-09 03:49:06 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 03:49:05 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 03:49:05 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 03:49:05 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-11-07 01:32:48 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2011-11-07 01:32:47 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
2011-11-07 01:32:47 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-11-07 01:32:47 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-11-07 01:32:47 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-11-07 01:32:47 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-11-07 01:32:45 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
.
==================== Find3M ====================
.
2011-10-26 03:46:01 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 11:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-13 11:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 19:27:27.68 ===============


Thanks for any help

-Bulldog
BostonBulldog
Regular Member
 
Posts: 16
Joined: December 6th, 2011, 8:17 pm
Advertisement
Register to Remove

Re: Lets try this again

Unread postby Gary R » December 9th, 2011, 10:50 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Lets try this again

Unread postby Gary R » December 9th, 2011, 11:00 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi BostonBulldog

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


You have a seriously infected machine, and it's probably going to take a while to get it fully clean. It may be quicker and simpler for you to just re-format your hard drive and re-install Windows.

If you want to proceed with attempting a clean up, please do the following .....

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.

**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt) If it will not fit into one post, you will have to split it up and post it in sections.

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Lets try this again

Unread postby BostonBulldog » December 10th, 2011, 1:17 am

Thanks for helping me

I was able to disable all the protections ( malwarebytes and microsoft security essentials no problem but the AVG 2012 only allowed me to disable it for a maximum of 15 minutes so I had to disable it several times until combofix was finally completed. )

Here is that log :

ComboFix 11-12-09.04 - Chris 12/09/2011 23:30:54.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3965.2509 [GMT -5:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 04:48 . 2011-12-10 04:49 -------- d-----w- c:\users\Chris\AppData\Local\temp
2011-12-10 04:48 . 2011-12-10 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-10 04:48 . 2011-12-10 04:48 -------- d-----w- c:\users\L\AppData\Local\temp
2011-12-10 00:45 . 2011-12-10 00:45 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F58CFB1E-245C-4F66-A878-11F0A826F723}\offreg.dll
2011-12-10 00:45 . 2011-11-21 08:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F58CFB1E-245C-4F66-A878-11F0A826F723}\mpengine.dll
2011-12-10 00:36 . 2011-12-10 00:36 -------- d-----w- c:\windows\system32\Macromed
2011-12-08 22:48 . 2011-12-08 22:48 -------- d-----w- C:\found.000
2011-12-07 21:09 . 2011-11-21 08:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-07 20:59 . 2011-12-07 20:59 -------- d-----w- c:\users\L\AppData\Roaming\AVG2012
2011-12-06 15:46 . 2011-12-06 15:46 -------- d-----w- c:\users\Chris\AppData\Roaming\AVG2012
2011-12-06 15:45 . 2011-12-06 15:45 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-12-06 15:44 . 2011-12-10 00:38 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-06 04:13 . 2011-12-06 04:12 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3041333E-ADCC-401B-BAF4-EBE5AC749FEE}\gapaengine.dll
2011-12-06 03:56 . 2011-12-06 03:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-06 03:55 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-02 06:39 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54E7B415-100E-4436-9807-586555A4AEDB}\mpengine.dll
2011-11-30 21:09 . 2011-11-30 21:09 -------- d-----w- c:\users\L\AppData\Local\Mozilla
2011-11-30 11:54 . 2011-11-30 11:54 -------- d-----w- c:\program files (x86)\ESET
2011-11-26 04:45 . 2011-11-26 04:45 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2011-11-26 04:45 . 2011-11-26 04:45 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 04:45 . 2011-11-26 04:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-26 04:45 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 04:03 . 2011-11-26 04:03 -------- d-----w- c:\users\L\AppData\Roaming\IObit
2011-11-26 00:20 . 2011-12-06 03:56 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-26 00:16 . 2011-11-26 06:40 -------- d-----w- C:\e8d0c2412901bff4c5
2011-11-25 06:48 . 2011-11-25 06:48 388096 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-24 21:09 . 2011-11-24 21:09 -------- d-----w- c:\programdata\IObit
2011-11-24 21:07 . 2011-11-24 21:07 -------- d-----w- c:\users\Chris\AppData\Roaming\IObit
2011-11-24 21:07 . 2011-11-24 21:07 -------- d-----w- c:\program files (x86)\IObit
2011-11-24 20:04 . 2011-11-24 20:04 -------- d-----w- c:\users\Chris\AppData\Roaming\Unity
2011-11-24 19:59 . 2011-11-30 11:50 -------- d-----w- c:\users\Chris\AppData\Local\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 00:36 . 2011-07-03 17:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-28 08:00 . 2011-11-07 01:32 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-10-07 11:23 . 2011-10-07 11:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-10-03 10:06 . 2010-05-23 02:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-20 21:06 . 2011-11-09 03:49 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-20 14:04 . 2011-11-09 03:49 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-09-13 11:30 . 2011-09-13 11:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-29_08.06.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2011-12-10 00:36 77442 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-12-10 00:36 84562 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-22 06:25 . 2011-12-10 00:36 11744 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1181517193-3524019295-1311160477-1002_UserData.bin
+ 2008-11-29 01:19 . 2011-12-07 21:01 20910 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1181517193-3524019295-1311160477-1000_UserData.bin
+ 2011-05-23 06:03 . 2011-05-23 06:03 48992 c:\windows\system32\DriverStore\FileRepository\avgfwfd6.inf_85b84ac1\avgfwd6a.sys
+ 2011-04-27 20:25 . 2011-04-27 20:25 84864 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2011-04-18 18:18 . 2011-04-18 18:18 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2011-08-08 11:08 . 2011-08-08 11:08 46672 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-07-11 06:13 . 2011-07-11 06:13 29776 c:\windows\system32\drivers\AVGIDSFilter.sys
+ 2011-07-11 06:13 . 2011-07-11 06:13 26704 c:\windows\system32\drivers\AVGIDSEH.sys
+ 2011-05-23 06:03 . 2011-05-23 06:03 48992 c:\windows\system32\drivers\avgfwd6a.sys
- 2008-11-29 01:14 . 2011-11-29 01:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-29 01:14 . 2011-12-06 18:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-29 01:14 . 2011-11-29 01:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-29 01:14 . 2011-12-06 18:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-29 01:14 . 2011-12-06 18:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-29 01:14 . 2011-11-29 01:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 12:40 . 2011-12-06 15:44 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2011-07-22 15:31 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2011-07-22 15:31 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2011-12-06 15:44 51200 c:\windows\inf\infpub.dat
- 2008-12-13 04:55 . 2011-11-11 07:15 6580 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2008-12-13 04:55 . 2011-12-06 06:15 6580 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2011-12-10 00:34 . 2011-12-10 00:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-29 08:05 . 2011-11-29 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-29 08:05 . 2011-11-29 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-10 00:34 . 2011-12-10 00:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-10 00:36 . 2011-12-10 00:36 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2008-01-21 03:20 . 2011-12-05 14:55 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-11-29 08:03 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-29 01:19 . 2011-12-08 04:59 295014 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:46 . 2011-12-06 03:56 609506 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-12-06 03:56 106014 c:\windows\system32\perfc009.dat
+ 2009-10-03 01:27 . 2010-10-19 20:51 270720 c:\windows\system32\MpSigStub.exe
- 2009-10-03 01:27 . 2011-05-24 23:14 270720 c:\windows\system32\MpSigStub.exe
+ 2011-12-10 00:36 . 2011-12-10 00:36 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe
+ 2011-04-18 18:18 . 2011-04-18 18:18 189440 c:\windows\system32\drivers\MpFilter.sys
+ 2011-07-11 06:14 . 2011-07-11 06:14 375376 c:\windows\system32\drivers\avgtdia.sys
+ 2011-07-11 06:13 . 2011-07-11 06:13 120400 c:\windows\system32\drivers\AVGIDSDriver.sys
- 2011-02-13 04:04 . 2011-11-29 08:04 382712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-13 04:04 . 2011-12-09 06:28 382712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-22 08:27 . 2011-12-07 03:10 873498 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1181517193-3524019295-1311160477-1002-8192.dat
+ 2011-12-06 03:56 . 2011-12-06 03:56 907776 c:\windows\Installer\c65232.msi
+ 2011-12-06 03:56 . 2011-12-06 03:56 585216 c:\windows\Installer\c6522c.msi
- 2006-11-02 12:40 . 2011-07-22 15:31 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 12:40 . 2011-12-06 15:44 143360 c:\windows\inf\infstrng.dat
+ 2009-07-18 03:21 . 2011-12-10 00:36 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
- 2008-01-21 03:20 . 2011-11-29 08:03 4112384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-12-05 14:55 4112384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-13 04:26 . 2011-11-29 08:04 2346232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-09-13 04:26 . 2011-12-09 06:28 2346232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-22 08:27 . 2011-12-07 03:10 1204508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1181517193-3524019295-1311160477-1002-12288.dat
- 2011-07-22 08:27 . 2011-11-27 17:55 1204508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1181517193-3524019295-1311160477-1002-12288.dat
+ 2011-12-06 15:46 . 2011-12-06 15:46 7575040 c:\windows\Installer\3dc1ff.msi
+ 2011-12-06 15:43 . 2011-12-06 15:43 2830336 c:\windows\Installer\3dc1ee.msi
- 2008-01-21 03:20 . 2011-11-29 08:03 13549568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-12-05 14:55 13549568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 12:33 . 2011-12-06 03:57 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2011-11-27 17:55 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-12-10 00:36 . 2011-12-10 00:36 11336864 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-10-25 2398512]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 136176]
R4 KR10I64;KR10I64;c:\windows\system32\drivers\kr10i64.sys [x]
R4 KR10N64;KR10N64;c:\windows\system32\drivers\kr10n64.sys [x]
R4 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 175104]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 18:35]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 18:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\iok844hz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG2012\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:30,05,73,db,cf,ab,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,73,1d,72,0f,b7,56,47,a6,a6,d6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,73,1d,72,0f,b7,56,47,a6,a6,d6,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-12-10 00:09:39
ComboFix-quarantined-files.txt 2011-12-10 05:09
ComboFix2.txt 2011-11-30 20:56
.
Pre-Run: 135,907,475,456 bytes free
Post-Run: 135,981,268,992 bytes free
.
- - End Of File - - 1E8CD70EE7538EF87443A9ABC36B9D3D
BostonBulldog
Regular Member
 
Posts: 16
Joined: December 6th, 2011, 8:17 pm

Re: Lets try this again

Unread postby Gary R » December 10th, 2011, 3:11 am

Please look to see if Combofix has created the following log ..... C:\Qoobox\ComboFix2.txt ..... if it has please post me that log.

If not, please let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Lets try this again

Unread postby BostonBulldog » December 10th, 2011, 6:55 pm

I checked and don't see that file anywhere.
BostonBulldog
Regular Member
 
Posts: 16
Joined: December 6th, 2011, 8:17 pm

Re: Lets try this again

Unread postby Gary R » December 10th, 2011, 7:09 pm

In that case can you do the following for me .....

First

I see you have Malwarebytes Anti-malware installed on your computer.

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Summary of the logs I need from you in your next post:
  • MBAM log
  • OTL.txt
  • Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Lets try this again

Unread postby BostonBulldog » December 10th, 2011, 8:42 pm

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8349

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/10/2011 7:40:50 PM
mbam-log-2011-12-10 (19-40-50).txt

Scan type: Quick scan
Objects scanned: 196355
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
BostonBulldog
Regular Member
 
Posts: 16
Joined: December 6th, 2011, 8:17 pm

Re: Lets try this again

Unread postby BostonBulldog » December 10th, 2011, 8:58 pm

OTL logfile created on: 12/10/2011 7:45:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 47.63% Memory free
7.96 Gb Paging File | 5.16 Gb Available in Paging File | 64.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.42 Gb Total Space | 126.22 Gb Free Space | 54.54% Space Free | Partition Type: NTFS

Computer Name: LAURIE | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/10 19:43:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/11/03 11:21:58 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/24 20:29:34 | 002,398,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/12/25 15:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/09 19:36:38 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 11:22:00 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/02/06 15:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 13:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 19:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2007/07/28 00:25:44 | 000,787,968 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2011/10/24 20:29:34 | 002,398,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 06:43:50 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/12/25 15:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/10/30 02:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:13:56 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:13:54 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:52 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/07/12 03:55:39 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/12 17:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 17:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/08/14 10:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/08/06 08:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/29 05:05:00 | 001,146,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/06/23 10:50:32 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/02/29 16:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/21 17:42:26 | 000,531,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2007/12/20 18:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/08/31 19:43:38 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/07/28 00:38:32 | 003,544,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/09 01:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 01:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/11/07 12:30:56 | 000,016,656 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 3F AF 8D 0B 9F CC 01 [binary data]
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/11/10 02:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/12/06 10:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/15 23:10:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 23:10:09 | 000,000,000 | ---D | M]

[2011/11/12 20:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/12/10 00:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\iok844hz.default\extensions
[2011/11/12 20:37:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\iok844hz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/29 02:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/13 21:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/11/13 21:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/11/13 21:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/11/29 02:35:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/06 10:44:39 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========


O1 HOSTS File: ([2011/11/25 06:29:35 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 217.23.4.166 www.google-analytics.com.
O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
O1 - Hosts: 217.23.4.166 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C4C76BD-ADF8-4605-883D-FBB144CF0A22}: DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44B10B9C-D083-4523-AFE3-07767133C417}: DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 19:43:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/12/10 09:27:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/10 00:10:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/10 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/12/09 19:50:52 | 004,334,372 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2011/12/09 19:36:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/08 17:48:04 | 000,000,000 | ---D | C] -- C:\found.000
[2011/12/06 19:25:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2011/12/06 10:46:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\AVG2012
[2011/12/06 10:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/12/06 10:45:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/12/06 10:44:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/12/05 22:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/12/05 22:55:00 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/11/30 06:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/29 02:42:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/29 02:42:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/29 02:42:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/29 02:42:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/29 02:41:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/29 02:35:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/29 02:35:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/29 02:35:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/26 22:05:48 | 000,000,000 | R--D | C] -- C:\Users\Chris\Desktop\Documents
[2011/11/25 23:45:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/11/25 23:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 23:45:08 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/25 23:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/25 19:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/25 19:16:24 | 000,000,000 | ---D | C] -- C:\e8d0c2412901bff4c5
[2011/11/24 18:17:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Books Etc
[2011/11/24 16:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/11/24 16:07:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\IObit
[2011/11/24 16:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/11/24 15:04:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Unity
[2011/11/24 14:59:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Unity
[2011/11/15 23:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 19:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/10 19:43:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/12/10 19:36:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/10 19:36:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/10 15:37:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/10 15:36:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/10 09:30:11 | 111,777,817 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/12/09 19:51:16 | 004,334,372 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2011/12/09 19:38:36 | 000,619,742 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/12/09 19:36:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/06 19:25:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2011/12/06 19:21:29 | 000,726,194 | ---- | M] () -- C:\Users\Chris\AppData\Local\census.cache
[2011/12/06 19:21:23 | 000,169,155 | ---- | M] () -- C:\Users\Chris\AppData\Local\ars.cache
[2011/12/06 19:11:22 | 000,002,519 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/12/06 10:46:02 | 000,000,843 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/06 10:45:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/12/06 10:45:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/12/06 10:45:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/12/05 22:56:48 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/05 22:56:39 | 000,725,768 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/05 22:56:39 | 000,609,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/05 22:56:39 | 000,106,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/30 23:48:48 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/30 14:21:01 | 000,000,036 | ---- | M] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/11/30 14:09:10 | 000,002,025 | ---- | M] () -- C:\Users\Chris\Desktop\MyBookWorld (192.168.1.100).lnk
[2011/11/26 22:55:32 | 000,015,360 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/26 18:02:30 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/11/25 23:39:46 | 000,398,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/25 23:34:27 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2011/11/25 19:18:11 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2011/11/25 18:46:35 | 000,000,112 | ---- | M] () -- C:\ProgramData\r7VfnLPV.dat
[2011/11/25 18:43:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\wIrUw.com.b
[2011/11/25 06:29:35 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/15 23:10:10 | 000,001,773 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/10 09:30:11 | 111,777,817 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/12/09 19:38:36 | 000,619,742 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/12/06 10:46:02 | 000,000,843 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/06 10:45:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/12/06 10:45:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/12/06 10:45:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/12/05 22:56:48 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/05 22:56:25 | 000,001,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/30 14:30:26 | 000,726,194 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2011/11/30 14:30:15 | 000,169,155 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2011/11/30 14:21:01 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/11/29 02:42:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/29 02:42:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/29 02:42:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/29 02:42:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/29 02:42:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/26 23:28:59 | 000,002,025 | ---- | C] () -- C:\Users\Chris\Desktop\MyBookWorld (192.168.1.100).lnk
[2011/11/25 19:18:11 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2011/11/25 18:43:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\wIrUw.com.b
[2011/11/25 18:39:35 | 000,000,112 | ---- | C] () -- C:\ProgramData\r7VfnLPV.dat
[2011/11/15 23:10:10 | 000,001,773 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/06 20:32:48 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/11/06 20:32:47 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/06 20:32:47 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/11/06 20:32:47 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/05 14:00:29 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/07/22 01:33:18 | 000,015,360 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/23 20:58:27 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/23 20:58:27 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/01/11 12:59:53 | 000,725,768 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/25 20:42:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/24 13:51:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/24 13:50:56 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/24 13:50:05 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/12 16:48:19 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2009/06/23 19:22:48 | 000,150,627 | ---- | C] () -- C:\Windows\hpoins33.dat
[2008/12/10 15:49:10 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
[2008/11/28 20:52:04 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/28 20:17:41 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2008/09/12 22:38:49 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2008/09/12 22:38:49 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2008/09/12 22:38:49 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/09/12 22:31:09 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/08/20 15:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/20 13:44:41 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/12/06 10:46:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG2012
[2011/08/02 19:41:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\calibre
[2011/11/10 02:03:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GlarySoft
[2011/11/24 16:07:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IObit
[2011/11/24 15:04:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unity
[2011/12/08 23:38:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/11/09 20:55:04 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\A9nFzU8mv
[2011/11/09 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\AcKPaCbTcWki7BF
[2011/11/09 20:54:02 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\AfIx13GHWf8ZYkr
[2011/11/09 21:04:03 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\AG5ZBaEr1eKR
[2011/11/09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\AhPFfvdUApWX
[2011/11/09 21:03:49 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\aibDonG4aHsJf
[2011/11/09 20:56:47 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ANa9PGElid9j
[2011/11/09 20:44:41 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\aRNGTxawDg0Wk
[2011/11/09 20:45:55 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\aRODdjP2sR
[2011/11/09 20:56:49 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ASR2XDwslGC3
[2009/11/21 13:26:04 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Avery
[2011/12/07 15:59:55 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\AVG2012
[2011/11/09 20:47:18 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\axSiDbp6W63tENQ
[2011/11/09 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\aZeA4dYBcD
[2011/11/09 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\b4TODJC0FdYBvH
[2011/11/09 20:44:40 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\B6ISHYcswb
[2011/11/09 20:56:36 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\B8AQ9IcmfB
[2011/11/09 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\b9bOX2LjZqE
[2011/11/09 20:57:22 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\BA3sZOZr1m
[2011/11/09 21:03:10 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\bbEN5CDTy5W
[2011/11/09 20:57:01 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\bbRDXbZvRAaYvhi
[2011/11/09 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\BBseFh07NQYcsU3
[2011/11/09 21:03:15 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\BCYXRGcXGV
[2011/11/09 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\bEcKPaCbTcWki7B
[2011/11/09 20:44:26 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\BFXv7OaCbZcsw
[2011/11/09 21:03:30 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\BG9riH9YrA49l
[2011/11/09 20:57:27 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\BhYrlOBPc1Dom5W
[2011/11/09 21:06:21 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\BIRnzKNGTx
[2011/11/09 20:47:31 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Biv2FmsQ7KZYjeB
[2011/11/09 20:45:44 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\bnlsPWx7x7xJtJP
[2011/11/09 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\bQd8ZYjeAEroWN
[2011/11/09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\BSmdXkNv3Q7Tj
[2011/11/09 21:03:51 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\bUVrlOomWEgqwV
[2011/11/09 20:44:55 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\BvLS9c91Zv
[2011/11/09 20:57:01 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\C777JJJWWK88dQ5
[2011/11/09 21:06:59 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\CAjYVCjBy0czeq
[2011/11/09 21:03:27 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\cECtbsTVcF7hBAV
[2011/11/09 20:55:04 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\cfb3OXdFA
[2011/11/09 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\cFjbTi9vWKWspNC
[2011/11/09 20:47:34 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\CGB8QPfvqbWBva
[2011/11/09 21:06:08 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\CHEjVyIbGa77QR
[2011/11/09 21:06:16 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Cjh9gfJQ5Q5bxk
[2011/11/09 20:55:03 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\cocw5NLFSYgJ1tT
[2011/11/09 20:54:56 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\cpGoqxnS6jxnEUS
[2011/11/09 20:53:58 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\CqtpZN37wcWV17w
[2011/11/09 20:56:49 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\cSR2XDwslGC3
[2011/11/09 20:45:11 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\CtVlCXg8dJ532cu
[2011/11/09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\cVzuFsKTlSmd
[2011/11/09 20:56:42 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Cwv5EkcpLxEx4Zr
[2011/11/09 21:03:50 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\CYkVrlOomWE
[2011/11/09 20:53:55 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\D0k7iR1EIFR
[2011/11/09 21:06:34 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\D3pnGQHs7E9
[2011/11/09 20:44:55 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\dExdzHrQrWtW
[2011/11/09 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\DGTOogCrxuy0Pu3
[2011/11/09 21:06:49 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\dKjV0iDNPzA0
[2011/11/09 20:53:55 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\DLI9GBsOphcsjSW
[2011/11/09 20:47:34 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Dmyhdc9oepfOb6g
[2011/11/09 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\dP5e0nKqzcG7qIt
[2011/11/09 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Dx7VAp45FPV
[2011/11/09 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\e4TODJC0ndYBvH8
[2011/11/09 21:06:25 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\E6x9dNn4n22zjKp
[2011/11/09 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\E8bt7cfuTDXigc8
[2011/11/09 21:06:16 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Eejh9gfJQ5Q5bxk
[2011/11/09 21:03:48 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\efjBxb5W9UkzA2b
[2011/11/09 21:03:52 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\EgqXVOypsdIyuR2
[2011/11/09 21:06:24 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\eNfnAKVlkUYR52z
[2011/11/09 21:01:57 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\eNlVCWFuOeT7n1
[2011/11/09 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ERISHZxnLV
[2011/11/09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\eSmdXkNv3Q7
[2011/11/09 20:55:03 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Esw1JXymRISJXAG
[2011/11/09 20:47:15 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ETBxSiDbp6
[2011/11/09 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\eU39g8WpNCqdGN7
[2011/11/09 20:47:17 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\euD4msJWgLfotEN
[2011/11/09 21:06:09 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\EWgeO1zFGa77QRK
[2011/11/09 20:45:56 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\f3TaVn9AeT
[2011/11/09 21:03:50 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\f6sWJfEhYkVlomJ
[2011/11/09 20:54:01 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\f6wypfkvHj26T
[2011/11/09 20:57:01 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\f8yhvgc8AdwDh2L
[2010/06/21 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Facebook
[2011/11/09 21:06:19 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\FC9WncVgQm1k
[2011/11/09 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\frDWZeA4dYBcD4G
[2011/11/09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\fSmdXkNv3Q7Tj
[2011/11/09 21:06:12 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\fyIbGa77QRKWKHa
[2011/11/09 21:03:32 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\FZtofkSWwidUudj
[2011/11/09 20:44:33 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\G0frDTxHUn8eusC
[2011/11/09 21:03:21 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\G1rZsDjGI4Pc6IG
[2011/11/09 21:06:04 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\g7AJLwzp5fTexVS
[2011/11/09 21:06:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\G8gTZVrlBPinERh
[2011/11/09 20:55:06 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ggJoPj8n0rT
[2011/11/09 20:47:34 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\GGzjmyhdc9oepfO
[2011/11/09 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\GHvsTelPNerVrzi
[2011/11/09 20:55:01 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\gJr4Zh71XGORWSi
[2011/11/09 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\gLrDWZeA4dYBcD4
[2011/11/09 21:06:27 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\GP5gZqE6bxC97mn
[2011/11/09 20:47:20 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\gtENQCSWkidqN37
[2011/11/09 20:48:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\GuKtkChqwI
[2011/11/09 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\H0KAQEYB2HTli2F
[2011/11/09 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\H4TODJC0FdYBvH8
[2011/11/09 20:54:05 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\h89TXqkBrOyA
[2011/11/09 20:55:32 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\hatJHlHtG
[2011/11/09 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\hh4z7c9bX3YoXbX
[2011/11/09 21:06:36 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\hinERhwVtPyF
[2011/11/09 20:45:05 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\HNdxL1xtVlCXg8
[2011/11/09 20:49:51 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\hs6JKE7ZYCz0iDF
[2011/11/09 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\hseFh07NQYcsU3E
[2011/11/09 20:53:55 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\htYscLyJV2Kzp9y
[2011/11/09 20:47:26 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\HWhPD3na5JEgqX
[2011/11/09 20:46:41 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\hxFdYOvJXOb7tGT
[2011/11/09 20:47:20 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\HXsDB9H3jFX
[2011/11/09 20:57:28 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\i5sW7ZYk0oQd8ZY
[2011/11/09 21:06:03 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ID8ZUxpac
[2011/11/09 20:45:44 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ijK4SOK1RSTiT2T
[2011/11/09 20:46:25 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\INFgOi4JEei7hIu
[2011/11/25 23:03:41 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\IObit
[2011/11/09 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\iQd8ZYjeAEroW
[2011/11/09 20:45:40 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\iR5F0OjL4i
[2011/11/09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ISmdXkNv3Q7T
[2011/11/09 20:56:44 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ItU5iOZ8bt7cfuT
[2011/11/09 20:53:54 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\J0k7iR1EI
[2011/11/09 21:06:37 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\J3nERhwVtPyFslR
[2011/11/09 20:47:34 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\j3wdHBEATbWBv
[2011/11/09 20:54:56 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\J4TODJC0FdYB
[2011/11/09 20:57:01 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\j777JJJWWK88dQ5
[2011/11/09 21:06:58 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\jAjYVCjBy0cze
[2011/11/09 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\jcKPaCbTcWki7BF
[2011/11/09 21:06:18 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\jCZgRE8W41BhJ42
[2011/11/09 20:54:06 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Jd8fRL9hTqCk0Sb
[2011/11/09 20:56:42 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\JFefnuBj4Vsr
[2011/11/09 20:45:09 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\JkgdQFbiSi1AxtP
[2011/11/09 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\jKqzcG7qItu1Dna
[2011/11/09 21:06:24 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\jP5gZqE6bx
[2011/11/09 20:44:33 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\jp9rDTxHUn8eusC
[2011/11/09 21:03:23 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\jRnOEcGfjtcYN48
[2011/11/09 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\JvaRjzcG7qIt
[2011/11/09 21:02:33 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\jvFH6gjryFm68
[2011/11/09 21:05:59 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\k2TofjO1HEj
[2011/11/09 21:03:50 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\k4aH6sWJfqYkVlo
[2011/11/09 21:02:10 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\KFvbnbb2bnGGmsd
[2011/11/09 20:44:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\KKx7PgvhD9v92gi
[2011/11/09 20:47:23 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\KPAD4GQd8Zwery1
[2011/11/09 21:05:59 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\kR5VJCNimgwVy0
[2011/11/09 20:47:20 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\KtENQCSWkidqN37
[2011/11/09 20:56:48 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ku5XxQgtp8XeVr
[2011/11/09 21:03:55 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\kWJ7RwOv7Jz62qk
[2011/11/09 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\L3TaVn9AeT6
[2011/11/09 20:49:49 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\l8g9ZZTqCONv3pH
[2011/11/09 20:57:05 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\LaYvhi7qecm
[2011/11/09 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\LDEl27CSJhUVOll
[2011/11/09 20:54:01 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\LdTBuahrvQLexp
[2011/11/09 21:03:21 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\lgJbOhGzKtRx6ro
[2011/11/09 21:06:15 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\LLhTRfEW5HpGpSO
[2011/11/09 21:04:32 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\llsU6ceLmbtVhWb
[2011/11/09 20:45:54 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\LO1aECP37wy
[2011/11/09 20:54:17 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ls5pFbi1czrrOlr
[2011/11/09 21:06:02 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\LSJzmUcaZB1
[2011/11/09 21:03:50 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\LsWJgTZiDom5W7R
[2011/11/09 21:06:12 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Lw1iDmm46a5aoDv
[2011/11/09 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Lx4ZrDEX1pQ6WJQ
[2011/11/09 20:44:51 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\lx6IDElo8t4Z
[2011/11/09 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\lx7VAp45FPVT
[2011/11/09 20:47:31 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\mF1lR9dGN7oed
[2011/11/09 20:46:00 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\mGh5OpXvPjWbO
[2011/11/09 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\mHvsTelPNerVrzi
[2011/11/09 20:57:00 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\mjbRDXbZvRAaYvh
[2011/11/09 21:06:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\mL8gTZVrlPinERh
[2011/11/09 21:06:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\mL8gTZYCwUrOtPy
[2011/11/09 21:04:12 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\mpCxG7lInEgt38A
[2011/11/09 20:56:56 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\mQ6WJQJXXTTggf9
[2011/11/24 16:42:49 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\MusicNet
[2011/11/09 21:06:26 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\mXx0BtewWn0NV
[2011/11/09 21:03:10 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\myJC4eidPGYSEtu
[2011/11/09 21:03:07 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\mZaIy3WdEncOjNt
[2011/11/09 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\N0nKqzcG7qItu1D
[2011/11/09 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\NC9WncVgQm1kKc
[2011/11/09 20:57:20 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\NeerVOlVXZL
[2011/11/09 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\NErDWZeA4dYBcD4
[2011/11/09 21:01:57 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\NgKKSBjLdGiOwh
[2011/11/09 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ngy5XAQIFRzp9A5
[2011/11/09 20:46:43 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\nhzi6hi6I2fO
[2011/11/09 20:44:41 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\nISHYcswbflo8BF
[2011/11/09 21:07:00 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\nK5mHJa8hqYRda3
[2011/11/09 20:55:44 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\nkTJ4m5GDbi4sKj
[2011/11/09 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\nKx7PgvhD
[2011/11/09 21:06:15 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\NOIYqhfLfHD
[2011/11/09 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\NQP5e0nKqzcG7qI
[2011/11/09 21:06:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\nrlBPinER
[2011/11/09 20:56:09 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\NVmNJBmfRgT
[2011/11/09 20:45:44 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\NVUU9E5itYg
[2011/11/09 21:03:22 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\nw6uq2J9w0cY
[2011/11/09 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\NxG7lInEUSfNHOH
[2011/11/09 21:03:26 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\o2RPW9ThKufOnTF
[2011/11/09 21:06:25 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\o6x9dNn4n22zjKp
[2011/11/09 20:44:31 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\O8rphy5zKx7Pg
[2011/11/09 21:06:48 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\O8TIBtqkwl
[2011/11/09 20:57:19 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\OeerVOlVXZ
[2011/11/09 20:44:31 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\OEIo8BFRtWkc6
[2011/11/09 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\OFZzFl6uCWbtv
[2011/11/09 20:44:26 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\OnlQP6zdNdO6lHU
[2011/11/09 20:47:19 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\OotENQCSWkidq
[2011/11/09 21:06:27 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\oP5gZqE6bxC97mn
[2011/11/09 20:47:20 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\oqFUoRzp9N37kcQ
[2011/11/09 20:47:20 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\OtENQCSWkidqN37
[2011/11/09 21:02:00 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\OVkjxU9WHb0lZEa
[2011/11/09 21:06:36 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\oVrlBPinERhwVty
[2011/11/09 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\P5BseFh07NQYcs
[2011/11/09 20:57:01 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\P777JJJWWK88dQ5
[2011/11/09 20:55:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\PatJHlHtG2bc0Bw
[2011/11/09 21:03:56 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\pdIyuR102PVP
[2011/11/09 20:53:55 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Pf3rmVngPmh
[2011/11/09 20:55:07 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\pgJoPj8n0rT5
[2011/11/09 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\pIEbltRprEAYGlJ
[2011/11/09 20:44:36 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Pp90WC048rishz
[2011/11/09 21:06:21 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\PqpgW4BkH1rajCZ
[2011/11/09 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\pse1A5AQNVxDagl
[2011/11/09 20:56:46 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\pSR2XDwsl
[2011/11/09 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\PT4SR2XDwslGC3w
[2011/11/09 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\PtUsFlEuepE
[2011/11/09 20:46:41 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\PxFdYOvJXOb7tGT
[2011/11/09 21:02:25 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\pxhsuYatRSkJ
[2011/11/09 20:56:39 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\pxPRNApKYPb8OKO
[2011/11/09 20:47:32 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\pzjmyhdc9
[2011/11/09 20:46:12 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\pZzFl6uCW
[2011/11/09 21:02:51 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\q2h3kHBmeGkHrGZ
[2011/11/09 21:04:03 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\q56G5ZBaQgBDnae
[2011/11/09 21:06:26 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\q6x9dNn4n22zjKp
[2011/11/09 21:06:56 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\qAjYVCjBy0cz
[2011/11/09 20:54:05 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\qd8fRL9hTqCk
[2011/11/09 20:47:34 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\QdHBEATbWBvaRj
[2011/11/09 20:47:34 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\qNLS5e0nK
[2011/11/09 21:03:23 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Qp0wLoCnU7BpqSs
[2011/11/09 21:06:23 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\qP5gZqE6b
[2011/11/09 21:06:15 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\qqhf9TfHD
[2011/11/09 21:05:58 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\qSHJT5x7AJLwzp5
[2011/11/09 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\qTODJC0ndYBvH8V
[2011/11/09 20:47:17 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\qWfLR9XIkqJ0
[2011/11/09 21:03:29 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\qzFfvdUApWXkNcH
[2011/11/09 20:54:15 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\R0E4HHp3Fbi1czr
[2011/11/09 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\r4TODJC0FdYBvH8
[2011/11/09 20:44:33 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\r9rDTxHUn8eusCp
[2011/11/09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Rba9UrAiGdRTje
[2011/11/09 20:45:31 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\rcNwZREWKsQ63zI
[2011/11/09 20:55:37 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\rDtXTXTTg8ww
[2011/11/09 21:06:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\RfEL8gTZVlPinE
[2011/11/09 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\rFi2Scom6TOo
[2011/11/09 21:03:16 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\RIkUgmiUQOW
[2011/11/09 21:06:34 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\rpnGQHs7fLqC
[2011/11/09 21:06:52 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\rUo8TIBtqkwlIcD
[2011/11/09 20:45:42 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\rwCU9E5it
[2011/11/09 20:47:34 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Rzjmyhdc9oepfOb
[2011/11/09 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\s6Yy4dYtvH8VPAD
[2011/11/09 20:57:02 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\S707B6ebgu9O1
[2011/11/09 20:54:05 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\sd8fRL9hTqCk0S
[2011/11/09 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\sfHDPwEGFyq6AfN
[2011/11/09 20:56:59 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Siii11A1v2nm4
[2011/11/09 20:47:20 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\sil7NQCSWkidqN3
[2011/11/09 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\sjbTi9vWKWspNC
[2011/11/09 21:05:08 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\SQG3obB67jidQl6
[2011/11/09 21:03:21 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\SqZ9K3P93e4BdIn
[2011/11/09 21:03:21 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\SSdhW4vIRDUmfYO
[2011/11/09 21:06:05 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\sU2G7Rke6fL
[2011/11/09 20:54:14 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\svczkCZLJHm
[2011/11/09 20:56:42 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\sWdFefnuBj4Vsr
[2011/11/09 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\T4TODJC0FdYBvH8
[2011/11/09 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\t5BseFh07NQYc
[2011/11/09 20:46:03 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\TB6O6ki7B
[2011/11/09 20:47:23 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\tery1Sbpa6
[2011/11/09 21:06:21 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\tgbRHoeY4ylmXCZ
[2011/11/09 20:47:16 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\tHWfLR9XIk
[2011/11/09 21:03:51 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\TomWEgqXVOypsdI
[2011/11/09 20:44:42 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\tOnj1EPWkide2KI
[2011/11/09 20:55:43 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\trhEss6f76HmdRC
[2011/11/09 21:03:23 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\uB3WTlPZN48euah
[2011/11/09 20:45:08 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\uDAzeCYZYh9L
[2011/11/09 21:03:48 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ufjBxb5W9UkzA2b
[2011/11/09 20:47:19 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ufotENQCSWkidqN
[2011/11/09 20:45:38 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\uGa5dR99wq8KEd6
[2011/11/09 21:03:49 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ui3GQs7fEZYIltP
[2011/11/09 20:45:33 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\UIkwVCkNSDnHdff
[2011/11/09 21:06:16 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Ujh9gfJQ5Q5bxk
[2011/11/09 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\UuIRnzKNGTxaUDJ
[2011/11/09 20:44:33 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ux7PgvhD9
[2011/11/09 21:03:49 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\uZI1mfUNidqV0b4
[2011/11/09 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\V0oQd8ZYjeAEroW
[2011/11/09 20:54:16 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\v421Nzkhgd6JQ
[2011/11/09 21:03:21 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Vd0gSw2RP
[2011/11/09 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ve4j2RyHrGZPm
[2011/11/09 20:46:00 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\VhwCBPxu2
[2011/11/09 20:55:29 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\VHYcsw1JCSg6
[2011/11/09 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\VJZKjV0iDNPzA04
[2011/11/09 21:06:04 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\VliHEBP2mf9ZF5Q
[2011/11/09 20:46:03 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\VoB6O6ki7
[2011/11/09 21:06:40 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\vr4iXNCNio
[2011/11/09 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\VRISHZxnL
[2011/11/09 20:47:32 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\VspNCqdGN7oedc9
[2011/11/09 20:56:44 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\VtU5iOZ8bt7cfuT
[2011/11/09 20:48:52 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\W5oyEjU5ruYeUrc
[2011/11/09 21:03:25 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\wc6IGZlBkrXiLOn
[2011/11/09 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\WgFCW1T3U4lQrHk
[2011/11/09 21:06:07 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\wHEjVyIbGa77Q
[2011/11/09 21:03:29 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\whPFfvdUApWXk
[2011/11/09 20:45:27 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\WicNwZREW
[2011/11/09 21:06:24 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\wJwcmRI26qxnRIS
[2011/11/09 20:45:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\wKJFyzUTd3xwE
[2011/11/09 20:44:55 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\WKNQrdtKlJBH
[2011/11/09 20:47:39 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\wnWYy5Xudlb8BFf
[2011/11/09 20:56:52 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\WRar5zdtL1fOHV6
[2011/11/09 20:57:26 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\wuPOewwhX6
[2011/11/09 21:03:00 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\WVKBDGJRd
[2011/11/09 21:01:20 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\ww4kacXKna
[2011/11/09 20:46:38 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\wwP2aLry4fku4Xu
[2011/11/09 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\X6P5e0nKqzcG7qI
[2011/11/09 21:06:25 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\x6x9dNn4n22zjKp
[2011/11/09 20:46:33 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\X7hIunfCz2aRecn
[2011/12/10 10:44:24 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:587EB586

< End of report >
BostonBulldog
Regular Member
 
Posts: 16
Joined: December 6th, 2011, 8:17 pm

Re: Lets try this again

Unread postby BostonBulldog » December 10th, 2011, 9:00 pm

OTL Extras logfile created on: 12/10/2011 7:45:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 47.63% Memory free
7.96 Gb Paging File | 5.16 Gb Available in Paging File | 64.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.42 Gb Total Space | 126.22 Gb Free Space | 54.54% Space Free | Partition Type: NTFS

Computer Name: LAURIE | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 2F 0B 72 B8 31 36 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1181517193-3524019295-1311160477-1002]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D7B9AC-AB29-44E2-8455-F6F9DAB0DF68}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0BB731B3-4CA5-476E-85FE-0C190AA19819}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16008627-43A1-4FFA-A072-08B9CDF79EA9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{170F8C6E-E668-4C73-BAB7-BB7B9530A091}" = lport=5357 | protocol=6 | dir=in | app=system |
"{182A1364-DB0E-424D-AF7A-158408D4E623}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{215FCE87-99E8-49AF-85A2-6BF7AA7E565E}" = rport=5358 | protocol=6 | dir=out | app=system |
"{26938D88-154D-4FE0-AE0C-2086EE268596}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{296938E1-B720-4EB0-A052-763E925C2EF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FE656E8-05D1-465B-8AF4-2AA52735BADF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4107C62D-9F62-416A-88B0-6E2611E0EC20}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{52AC15C7-6277-4C89-BDF5-A1CCF85DAF8D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6038B74E-A7B3-429B-8D2B-098B64A9A1AD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7B034548-CAE0-4920-A3EE-0CEF4B4A6C6B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7BE41053-D21E-401E-8DE4-BA2F1E053A97}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{88B8CB1C-2245-4505-A82E-75862E7CA623}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8F43ED56-5F3A-4410-A48D-19D78CD46AC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{956D2053-B98E-4B41-8B8C-F4D4FEBBAEF3}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{9600C953-FCAA-4A12-96BD-52E4075FC622}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9CA2E1A8-1930-4DCB-9DF8-14C4EF698EBA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ABD442CC-52C3-47A4-8BA4-FB5225688D83}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B67BD240-0FC1-4DF7-9154-FD6DC8C1C3A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B882B893-58ED-4D99-8C07-5A1F69AADD9A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0CDE166-D5DA-4FC8-B717-698B013EA8F1}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{CF030ED5-1333-48F3-98B4-DE443276B39D}" = lport=5358 | protocol=6 | dir=in | app=system |
"{CF2BA56A-8022-4FA4-A060-2BA3B28AC525}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D9CB3014-242E-45DB-88C1-BFF16DE1A7F5}" = rport=5357 | protocol=6 | dir=out | app=system |
"{E8B3C2FD-3460-4677-92AB-EEC6D55F0408}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F27E0D1F-2FC8-408A-A839-7A8FE897FC1B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3900CD4-3CED-487A-858F-A46DA8B74F7E}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B4F021-524D-49E6-ABE9-C648501C80D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1192DA78-B3B0-4CB8-93F9-9B6A92F25768}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{156B9005-EE97-4F30-B6FB-180CD44A930F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1CF3D332-5425-43B3-ACEC-F82A79DB2B9D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{1E6BCF84-6B34-413E-BD37-8B9E20E15341}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{26554667-7FD6-4EE5-B238-C75672D2C8A4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{28E52F96-DBDA-4059-BC78-D898EC7DA15B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{2E553AA6-6E68-4F59-8278-438855AF69A9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2ED46543-1E9C-4D3F-85A9-9EFBE7F2A3A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{35D8F5D6-E61F-4D14-8382-665EB930175F}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{4B98E2F9-47E8-4EDF-965B-3A1687D5F914}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4C62CBC7-7F01-4EDB-86A7-4105A7F7FEA0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{525317DB-54AC-4538-BE83-32676C113660}" = protocol=6 | dir=out | app=system |
"{531E3056-E395-4B70-A3AC-34FE38DA759E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{534DF6DA-9C20-44AD-B326-3E1AFEE5FD75}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5562FB20-AD53-4647-8A63-D303F7F06E7E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{56E17647-2AD5-40E0-B3CB-834F822F2684}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5C8EC97A-5ECA-4022-B3D1-D566EC90B0C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{619A6684-CE15-42F5-BDCE-5F242A1A842C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{6240928C-C23F-4398-AD03-39F2C1F912FD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{63BD8906-D8EC-4EB3-8088-F06642FFA4CB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{644C9FE5-8B67-4C04-AFA7-DD0FC5CBBE12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{686F07E0-CFAC-4B60-8B0D-E0F6797D1CF1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{6B47544B-3651-43DA-8994-76D704E6FD79}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6CA1D0BF-76D6-4A8A-A9F4-5013E76F9DC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75B86CD2-C226-4709-A3E6-25F2385B8583}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D258318-8A7C-48FA-91F6-089D5CF4751D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{8518C6DE-EF24-444D-92A1-02720B48D331}" = protocol=6 | dir=out | app=system |
"{881B6102-03BB-4C32-B3FF-40906C325777}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AAA2497-7090-48B1-B088-F751A5C0308F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{8F4BB8B5-CC59-4C47-9EB2-8DA4DBE99C2F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{93B4B293-E5DA-47D8-973E-AE73E2013895}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{98735824-2F54-4504-BBB5-D814FEC0BC48}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{9A5D243A-4F2D-47CA-AB7E-DD65FEB7BEAA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F6669F8-9233-40D4-A0B7-5BCEAD6BA170}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{A406D993-2126-4551-9436-E691CDB245CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0ADD769-0E90-4374-801B-606C0E0572D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B767C04E-6DEC-42FD-A26F-A35FF4DA7344}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{B8035280-EB9C-477D-A246-B098EBB34A9A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BC58DD36-70D0-4F8A-910A-BFC05126F14B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{BCD44F72-74B1-4561-8F62-99623C77599F}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{BF289B61-00F6-4060-B17B-294886D15ED0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C0CD4A02-A5C3-49A6-8874-6D3E65E59FEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C4BC40C9-381D-4E49-AC37-3EE5E99B04FA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C510143F-C43B-44A1-99FE-01E634BB9E6D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C5C9910B-7DF4-4A9A-9DC4-1A82E1B05D89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6F86E75-5264-4CDF-990A-DA72623779AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7DB8AF0-E0D2-420D-AB18-C0F45661125E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{C89859FA-82C4-497A-A00A-1AF546F87133}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C95E259A-DEBD-4780-BF6C-3772B6127502}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE7B3B67-6969-4B91-A537-625C3C64B396}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D1C11D2D-4D30-4724-8553-E03E07778C93}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{D839951C-445A-47DC-8F23-A725006B5CE8}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E5618DDD-EB93-478B-84A8-3EB7889A5182}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E7148861-D749-4BF0-9525-DDA79CCE3126}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{EE535D15-6050-4561-B0A6-EE383A698279}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{FB68C459-3710-4CBE-89C6-6219035946D1}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{FFC7A790-6CB8-449A-8EA4-90BD884F9B52}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{1AB478A8-F47C-4F6C-8D63-1C46FAF19138}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |
"TCP Query User{D9B7EA91-D96D-4EB9-811E-9B540638F1D6}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |
"TCP Query User{F1BA9CE3-73AE-4457-ACD0-107210870B93}D:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=d:\wd discovery software\wd discovery.exe |
"UDP Query User{2916703C-7826-4FB8-967C-060A16C369B4}D:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=d:\wd discovery software\wd discovery.exe |
"UDP Query User{E168DD06-CC27-40BE-8C1C-106D896B521F}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |
"UDP Query User{FCCEA9EA-C625-4A2A-B517-D03CB901E668}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3C2673D2-8248-EDDC-B759-1D1D53C6709A}" = ATI Catalyst Install Manager
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5472B943-1C3F-46F9-91D1-C0E2FEE9ABFB}" = AVG 2012
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{62FA494C-B6E2-56BE-9333-1A94759AE5EB}" = ccc-utility64
"{68451E5C-0A9C-4D5C-8D06-6E296242E908}" = 64 Bit HP CIO Components Installer
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B431E4D3-ECE7-4D41-8668-BCF9BD685B62}" = TOSHIBA Application Disc Creator
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8000353-9E60-4e84-BF3E-CD9996EF80EE}" = HP Photosmart C5500 All-In-One Driver Software 12.0 Rel .4
"{BEC69493-1732-4F85-B559-CC99CB30665C}" = AVG 2012
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{062ABD24-47F8-D865-BCB6-A724A94BC9A5}" = CCC Help Japanese
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06F2B3DC-74F4-300D-D41A-B21B46101CA2}" = Skins
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0A573F30-FB63-9A85-2E6E-39E1AC5366D0}" = Catalyst Control Center Localization Hungarian
"{0A9F311E-A4B9-4808-1D1C-0B2E7705A735}" = Catalyst Control Center Localization Spanish
"{0F15A965-99BA-BC9D-5A00-D7E1E7B2AE7F}" = Catalyst Control Center Localization French
"{14FEF8C7-0EB1-47F2-6A13-D43171D4DFBB}" = Catalyst Control Center Localization Greek
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D4D4C5C-6771-A416-0FC9-167F47C4D977}" = Catalyst Control Center Localization Polish
"{1E32C2AB-9722-5F41-7BDE-24B5AFD2BCE6}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{21AEC16B-1C21-81B4-DA88-2235CC1F7E39}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{288306FF-D5B5-7398-0617-E52F625C6797}" = CCC Help Norwegian
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2BC74395-9275-427B-8A5B-05C14DE7A1C2}" = calibre
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{397AC65E-CB4A-29C2-ACF9-D04444438971}" = Catalyst Control Center Localization Thai
"{3B96A467-811C-F9FE-B8D6-3BC952025F44}" = Catalyst Control Center Localization Dutch
"{3BEEC9AD-FA8F-B413-6BBC-8B5DC7C8E08F}" = Catalyst Control Center Localization Portuguese
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45ECDC05-71AC-6372-2A17-4139B6296F4F}" = ccc-core-static
"{480C3278-56A7-3F05-3829-6DC5D4B0CB06}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{4CA4D9FC-212C-9F69-E760-DB4BEB34FEB5}" = CCC Help Thai
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4DE0D937-FEB0-0D89-C8D6-35F600300BD4}" = CCC Help French
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{526B6DD3-0C43-2C13-7DF8-44D20D4E9853}" = CCC Help English
"{544587B1-B057-F0B3-7B19-6898ADBED9AC}" = Catalyst Control Center Localization Czech
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571C0874-A931-EEFE-E89D-8F912F633B9F}" = CCC Help Danish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{648B4A01-F609-1D4E-556C-0F18B54E9E1C}" = Catalyst Control Center Localization Italian
"{64F18837-72CE-DC38-899C-260AF20F979A}" = CCC Help Swedish
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69C82DDB-3FBC-EBEC-AE0A-3ABF1F3BD39B}" = CCC Help Polish
"{6C530FF7-F6F2-FD4C-0CFC-49AD3E7244A9}" = Catalyst Control Center Localization Turkish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CA2BE46-A562-8CA4-1C33-CC2681B2DDA1}" = CCC Help Finnish
"{6DBBEC03-716B-7954-873A-B782100831C5}" = Catalyst Control Center Graphics Full New
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70BCBA77-83D9-2075-1F99-69D65C44B422}" = Catalyst Control Center Graphics Full Existing
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{78E6BC53-F765-2629-C028-9F3CD49F70D4}" = CCC Help Chinese Standard
"{7ECE1045-66CB-2A70-7EAE-BE508AF95CF2}" = Catalyst Control Center Graphics Previews Vista
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81F93FA5-BA87-322F-2166-4D1F0FFE196E}" = CCC Help Greek
"{8376FC56-5456-DFF9-5C36-FAB3DE39F5DF}" = Catalyst Control Center Localization Norwegian
"{85B3880D-F0D2-A50C-1464-7EF646A1D21D}" = Catalyst Control Center Localization Danish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D0957A4-8EE7-E273-0BFC-9B235BEAA41A}" = CCC Help Dutch
"{8D44F868-DA59-B1BF-CC33-58B0AF8E2E39}" = Catalyst Control Center Localization Chinese Traditional
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{969CAD22-B9F0-4476-9F00-D86C47551BC0}" = PS_AIO_04_C5500_Software_Min
"{9A3F65CA-78FA-4749-004B-23743CF642D1}" = Catalyst Control Center Localization Korean
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A5B13934-D1C9-D33B-982E-BB09A19C0F90}" = Catalyst Control Center Localization Finnish
"{A60F4402-4CCE-E695-64C6-F0636ACC347F}" = CCC Help Italian
"{A91A0484-8087-A838-9BA6-03374BE3F2CE}" = Catalyst Control Center Localization Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BA65A6-BEA6-48DF-991A-CB28A23CBAE3}" = C5500
"{AA725670-A7B4-D1B0-4EF5-F4B2E418C9F4}" = Catalyst Control Center Localization German
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ADBE6E56-60E7-7FC3-467A-827987BE09CE}" = Catalyst Control Center Localization Swedish
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1819DF7-D6B1-27AA-3A3B-6560C348C386}" = Catalyst Control Center Core Implementation
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9CD69C2-D14E-C499-C18B-7342E5FE245E}" = Catalyst Control Center Localization Chinese Standard
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D8F9F4CB-41A1-CF15-39A2-75F28E0B9991}" = CCC Help Korean
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF73BEDD-8A09-A6E2-462B-3BDF398BAFB2}" = CCC Help Czech
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E70A3EE1-067D-8C6C-1C89-9F3A1BA4CF2C}" = Catalyst Control Center Graphics Light
"{E87A8D96-5795-A788-18A2-3BCC20B09E7C}" = CCC Help Chinese Traditional
"{EB295AF7-C2D1-D911-9E62-F288874B96F4}" = CCC Help Turkish
"{EBCD5E4C-F14A-B147-39FE-906F75AC4ACE}" = CCC Help Russian
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19F7B24-AAD4-4236-8475-5335483DA676}" = Avery Wizard 3.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F36D6137-FD4C-1F67-7B2A-815BB05BB825}" = CCC Help German
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F84C1DC6-4B39-1A34-AD6E-A6EE49A3DD78}" = CCC Help Hungarian
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full)
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"PROHYBRIDR" = 2007 Microsoft Office system
"uTorrent" = µTorrent
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2011 7:16:20 PM | Computer Name = Laurie | Source = EventSystem | ID = 4621
Description =

Error - 12/6/2011 7:19:22 PM | Computer Name = Laurie | Source = WinMgmt | ID = 10
Description =

Error - 12/6/2011 11:13:07 PM | Computer Name = Laurie | Source = WinMgmt | ID = 10
Description =

Error - 12/7/2011 1:14:13 AM | Computer Name = Laurie | Source = EventSystem | ID = 4621
Description =

Error - 12/7/2011 4:59:20 PM | Computer Name = Laurie | Source = WinMgmt | ID = 10
Description =

Error - 12/7/2011 7:46:45 PM | Computer Name = Laurie | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2011 6:52:09 PM | Computer Name = Laurie | Source = WinMgmt | ID = 10
Description =

Error - 12/9/2011 8:35:24 PM | Computer Name = Laurie | Source = WinMgmt | ID = 10
Description =

Error - 12/10/2011 10:26:52 AM | Computer Name = Laurie | Source = WinMgmt | ID = 10
Description =

Error - 12/10/2011 4:38:15 PM | Computer Name = Laurie | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 7/31/2011 1:58:48 PM | Computer Name = Laurie | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 12/19/2010 9:42:30 PM | Computer Name = Laurie | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13852
seconds with 540 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/9/2011 8:35:25 PM | Computer Name = Laurie | Source = Service Control Manager | ID = 7026
Description =

Error - 12/10/2011 12:27:38 AM | Computer Name = Laurie | Source = Service Control Manager | ID = 7034
Description =

Error - 12/10/2011 12:27:38 AM | Computer Name = Laurie | Source = Service Control Manager | ID = 7034
Description =

Error - 12/10/2011 12:37:41 AM | Computer Name = Laurie | Source = Service Control Manager | ID = 7030
Description =

Error - 12/10/2011 12:53:49 AM | Computer Name = Laurie | Source = Service Control Manager | ID = 7030
Description =

Error - 12/10/2011 1:59:44 AM | Computer Name = Laurie | Source = DCOM | ID = 10010
Description =

Error - 12/10/2011 10:26:24 AM | Computer Name = Laurie | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 12/10/2011 10:26:52 AM | Computer Name = Laurie | Source = Service Control Manager | ID = 7026
Description =

Error - 12/10/2011 11:44:14 AM | Computer Name = Laurie | Source = DCOM | ID = 10010
Description =

Error - 12/10/2011 4:38:16 PM | Computer Name = Laurie | Source = Service Control Manager | ID = 7026
Description =


< End of report >
BostonBulldog
Regular Member
 
Posts: 16
Joined: December 6th, 2011, 8:17 pm

Re: Lets try this again

Unread postby Gary R » December 11th, 2011, 3:33 am

OK, we've got a few things to do .....

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java(TM) 6 Update 3
µTorrent


Old versions of java can be exploited even if you are using a later version (I see you have version 6 Update 29 installed)

Use of P2P programs is the quickest way to an infection that I know.

Reboot your computer once those programs have been uninstalled.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Processes
killallprocesses

:OTL
[2011/11/13 21:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/11/13 21:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/11/13 21:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

:files
C:\ProgramData\IObit
C:\Users\Chris\AppData\Roaming\IObit
C:\Program Files (x86)\IObit
C:\Users\Chris\AppData\Roaming\uTorrent
C:\Users\L\AppData\Roaming\A9nFzU8mv
C:\Users\L\AppData\Roaming\AcKPaCbTcWki7BF
C:\Users\L\AppData\Roaming\AfIx13GHWf8ZYkr
C:\Users\L\AppData\Roaming\AG5ZBaEr1eKR
C:\Users\L\AppData\Roaming\AhPFfvdUApWX
C:\Users\L\AppData\Roaming\aibDonG4aHsJf
C:\Users\L\AppData\Roaming\ANa9PGElid9j
C:\Users\L\AppData\Roaming\aRNGTxawDg0Wk
C:\Users\L\AppData\Roaming\aRODdjP2sR
C:\Users\L\AppData\Roaming\ASR2XDwslGC3
C:\Users\L\AppData\Roaming\axSiDbp6W63tENQ
C:\Users\L\AppData\Roaming\aZeA4dYBcD
C:\Users\L\AppData\Roaming\b4TODJC0FdYBvH
C:\Users\L\AppData\Roaming\B6ISHYcswb
C:\Users\L\AppData\Roaming\B8AQ9IcmfB
C:\Users\L\AppData\Roaming\b9bOX2LjZqE
C:\Users\L\AppData\Roaming\BA3sZOZr1m
C:\Users\L\AppData\Roaming\bbEN5CDTy5W
C:\Users\L\AppData\Roaming\bbRDXbZvRAaYvhi
C:\Users\L\AppData\Roaming\BBseFh07NQYcsU3
C:\Users\L\AppData\Roaming\BCYXRGcXGV
C:\Users\L\AppData\Roaming\bEcKPaCbTcWki7B
C:\Users\L\AppData\Roaming\BFXv7OaCbZcsw
C:\Users\L\AppData\Roaming\BG9riH9YrA49l
C:\Users\L\AppData\Roaming\BhYrlOBPc1Dom5W
C:\Users\L\AppData\Roaming\BIRnzKNGTx
C:\Users\L\AppData\Roaming\Biv2FmsQ7KZYjeB
C:\Users\L\AppData\Roaming\bnlsPWx7x7xJtJP
C:\Users\L\AppData\Roaming\bQd8ZYjeAEroWN
C:\Users\L\AppData\Roaming\BSmdXkNv3Q7Tj
C:\Users\L\AppData\Roaming\bUVrlOomWEgqwV
C:\Users\L\AppData\Roaming\BvLS9c91Zv
C:\Users\L\AppData\Roaming\C777JJJWWK88dQ5
C:\Users\L\AppData\Roaming\CAjYVCjBy0czeq
C:\Users\L\AppData\Roaming\cECtbsTVcF7hBAV
C:\Users\L\AppData\Roaming\cfb3OXdFA
C:\Users\L\AppData\Roaming\cFjbTi9vWKWspNC
C:\Users\L\AppData\Roaming\CGB8QPfvqbWBva
C:\Users\L\AppData\Roaming\CHEjVyIbGa77QR
C:\Users\L\AppData\Roaming\Cjh9gfJQ5Q5bxk
C:\Users\L\AppData\Roaming\cocw5NLFSYgJ1tT
C:\Users\L\AppData\Roaming\cpGoqxnS6jxnEUS
C:\Users\L\AppData\Roaming\CqtpZN37wcWV17w
C:\Users\L\AppData\Roaming\cSR2XDwslGC3
C:\Users\L\AppData\Roaming\CtVlCXg8dJ532cu
C:\Users\L\AppData\Roaming\cVzuFsKTlSmd
C:\Users\L\AppData\Roaming\Cwv5EkcpLxEx4Zr
C:\Users\L\AppData\Roaming\CYkVrlOomWE
C:\Users\L\AppData\Roaming\D0k7iR1EIFR
C:\Users\L\AppData\Roaming\D3pnGQHs7E9
C:\Users\L\AppData\Roaming\dExdzHrQrWtW
C:\Users\L\AppData\Roaming\DGTOogCrxuy0Pu3
C:\Users\L\AppData\Roaming\dKjV0iDNPzA0
C:\Users\L\AppData\Roaming\DLI9GBsOphcsjSW
C:\Users\L\AppData\Roaming\Dmyhdc9oepfOb6g
C:\Users\L\AppData\Roaming\dP5e0nKqzcG7qIt
C:\Users\L\AppData\Roaming\Dx7VAp45FPV
C:\Users\L\AppData\Roaming\e4TODJC0ndYBvH8
C:\Users\L\AppData\Roaming\E6x9dNn4n22zjKp
C:\Users\L\AppData\Roaming\E8bt7cfuTDXigc8
C:\Users\L\AppData\Roaming\Eejh9gfJQ5Q5bxk
C:\Users\L\AppData\Roaming\efjBxb5W9UkzA2b
C:\Users\L\AppData\Roaming\EgqXVOypsdIyuR2
C:\Users\L\AppData\Roaming\eNfnAKVlkUYR52z
C:\Users\L\AppData\Roaming\eNlVCWFuOeT7n1
C:\Users\L\AppData\Roaming\ERISHZxnLV
C:\Users\L\AppData\Roaming\eSmdXkNv3Q7
C:\Users\L\AppData\Roaming\Esw1JXymRISJXAG
C:\Users\L\AppData\Roaming\ETBxSiDbp6
C:\Users\L\AppData\Roaming\eU39g8WpNCqdGN7
C:\Users\L\AppData\Roaming\euD4msJWgLfotEN
C:\Users\L\AppData\Roaming\EWgeO1zFGa77QRK
C:\Users\L\AppData\Roaming\f3TaVn9AeT
C:\Users\L\AppData\Roaming\f6sWJfEhYkVlomJ
C:\Users\L\AppData\Roaming\f6wypfkvHj26T
C:\Users\L\AppData\Roaming\f8yhvgc8AdwDh2L
C:\Users\L\AppData\Roaming\FC9WncVgQm1k
C:\Users\L\AppData\Roaming\frDWZeA4dYBcD4G
C:\Users\L\AppData\Roaming\fSmdXkNv3Q7Tj
C:\Users\L\AppData\Roaming\fyIbGa77QRKWKHa
C:\Users\L\AppData\Roaming\FZtofkSWwidUudj
C:\Users\L\AppData\Roaming\G0frDTxHUn8eusC
C:\Users\L\AppData\Roaming\G1rZsDjGI4Pc6IG
C:\Users\L\AppData\Roaming\g7AJLwzp5fTexVS
C:\Users\L\AppData\Roaming\G8gTZVrlBPinERh
C:\Users\L\AppData\Roaming\ggJoPj8n0rT
C:\Users\L\AppData\Roaming\GGzjmyhdc9oepfO
C:\Users\L\AppData\Roaming\GHvsTelPNerVrzi
C:\Users\L\AppData\Roaming\gJr4Zh71XGORWSi
C:\Users\L\AppData\Roaming\gLrDWZeA4dYBcD4
C:\Users\L\AppData\Roaming\GP5gZqE6bxC97mn
C:\Users\L\AppData\Roaming\gtENQCSWkidqN37
C:\Users\L\AppData\Roaming\GuKtkChqwI
C:\Users\L\AppData\Roaming\H0KAQEYB2HTli2F
C:\Users\L\AppData\Roaming\H4TODJC0FdYBvH8
C:\Users\L\AppData\Roaming\h89TXqkBrOyA
C:\Users\L\AppData\Roaming\hatJHlHtG
C:\Users\L\AppData\Roaming\hh4z7c9bX3YoXbX
C:\Users\L\AppData\Roaming\hinERhwVtPyF
C:\Users\L\AppData\Roaming\HNdxL1xtVlCXg8
C:\Users\L\AppData\Roaming\hs6JKE7ZYCz0iDF
C:\Users\L\AppData\Roaming\hseFh07NQYcsU3E
C:\Users\L\AppData\Roaming\htYscLyJV2Kzp9y
C:\Users\L\AppData\Roaming\HWhPD3na5JEgqX
C:\Users\L\AppData\Roaming\hxFdYOvJXOb7tGT
C:\Users\L\AppData\Roaming\HXsDB9H3jFX
C:\Users\L\AppData\Roaming\i5sW7ZYk0oQd8ZY
C:\Users\L\AppData\Roaming\ID8ZUxpac
C:\Users\L\AppData\Roaming\ijK4SOK1RSTiT2T
C:\Users\L\AppData\Roaming\INFgOi4JEei7hIu
C:\Users\L\AppData\Roaming\IObit
C:\Users\L\AppData\Roaming\iQd8ZYjeAEroW
C:\Users\L\AppData\Roaming\iR5F0OjL4i
C:\Users\L\AppData\Roaming\ISmdXkNv3Q7T
C:\Users\L\AppData\Roaming\ItU5iOZ8bt7cfuT
C:\Users\L\AppData\Roaming\J0k7iR1EI
C:\Users\L\AppData\Roaming\J3nERhwVtPyFslR
C:\Users\L\AppData\Roaming\j3wdHBEATbWBv
C:\Users\L\AppData\Roaming\J4TODJC0FdYB
C:\Users\L\AppData\Roaming\j777JJJWWK88dQ5
C:\Users\L\AppData\Roaming\jAjYVCjBy0cze
C:\Users\L\AppData\Roaming\jcKPaCbTcWki7BF
C:\Users\L\AppData\Roaming\jCZgRE8W41BhJ42
C:\Users\L\AppData\Roaming\Jd8fRL9hTqCk0Sb
C:\Users\L\AppData\Roaming\JFefnuBj4Vsr
C:\Users\L\AppData\Roaming\JkgdQFbiSi1AxtP
C:\Users\L\AppData\Roaming\jKqzcG7qItu1Dna
C:\Users\L\AppData\Roaming\jP5gZqE6bx
C:\Users\L\AppData\Roaming\jp9rDTxHUn8eusC
C:\Users\L\AppData\Roaming\jRnOEcGfjtcYN48
C:\Users\L\AppData\Roaming\JvaRjzcG7qIt
C:\Users\L\AppData\Roaming\jvFH6gjryFm68
C:\Users\L\AppData\Roaming\k2TofjO1HEj
C:\Users\L\AppData\Roaming\k4aH6sWJfqYkVlo
C:\Users\L\AppData\Roaming\KFvbnbb2bnGGmsd
C:\Users\L\AppData\Roaming\KKx7PgvhD9v92gi
C:\Users\L\AppData\Roaming\KPAD4GQd8Zwery1
C:\Users\L\AppData\Roaming\kR5VJCNimgwVy0
C:\Users\L\AppData\Roaming\KtENQCSWkidqN37
C:\Users\L\AppData\Roaming\ku5XxQgtp8XeVr
C:\Users\L\AppData\Roaming\kWJ7RwOv7Jz62qk
C:\Users\L\AppData\Roaming\L3TaVn9AeT6
C:\Users\L\AppData\Roaming\l8g9ZZTqCONv3pH
C:\Users\L\AppData\Roaming\LaYvhi7qecm
C:\Users\L\AppData\Roaming\LDEl27CSJhUVOll
C:\Users\L\AppData\Roaming\LdTBuahrvQLexp
C:\Users\L\AppData\Roaming\lgJbOhGzKtRx6ro
C:\Users\L\AppData\Roaming\LLhTRfEW5HpGpSO
C:\Users\L\AppData\Roaming\llsU6ceLmbtVhWb
C:\Users\L\AppData\Roaming\LO1aECP37wy
C:\Users\L\AppData\Roaming\ls5pFbi1czrrOlr
C:\Users\L\AppData\Roaming\LSJzmUcaZB1
C:\Users\L\AppData\Roaming\LsWJgTZiDom5W7R
C:\Users\L\AppData\Roaming\Lw1iDmm46a5aoDv
C:\Users\L\AppData\Roaming\Lx4ZrDEX1pQ6WJQ
C:\Users\L\AppData\Roaming\lx6IDElo8t4Z
C:\Users\L\AppData\Roaming\lx7VAp45FPVT
C:\Users\L\AppData\Roaming\mF1lR9dGN7oed
C:\Users\L\AppData\Roaming\mGh5OpXvPjWbO
C:\Users\L\AppData\Roaming\mHvsTelPNerVrzi
C:\Users\L\AppData\Roaming\mjbRDXbZvRAaYvh
C:\Users\L\AppData\Roaming\mL8gTZVrlPinERh
C:\Users\L\AppData\Roaming\mL8gTZYCwUrOtPy
C:\Users\L\AppData\Roaming\mpCxG7lInEgt38A
C:\Users\L\AppData\Roaming\mQ6WJQJXXTTggf9
C:\Users\L\AppData\Roaming\MusicNet
C:\Users\L\AppData\Roaming\mXx0BtewWn0NV
C:\Users\L\AppData\Roaming\myJC4eidPGYSEtu
C:\Users\L\AppData\Roaming\mZaIy3WdEncOjNt
C:\Users\L\AppData\Roaming\N0nKqzcG7qItu1D
C:\Users\L\AppData\Roaming\NC9WncVgQm1kKc
C:\Users\L\AppData\Roaming\NeerVOlVXZL
C:\Users\L\AppData\Roaming\NErDWZeA4dYBcD4
C:\Users\L\AppData\Roaming\NgKKSBjLdGiOwh
C:\Users\L\AppData\Roaming\ngy5XAQIFRzp9A5
C:\Users\L\AppData\Roaming\nhzi6hi6I2fO
C:\Users\L\AppData\Roaming\nISHYcswbflo8BF
C:\Users\L\AppData\Roaming\nK5mHJa8hqYRda3
C:\Users\L\AppData\Roaming\nkTJ4m5GDbi4sKj
C:\Users\L\AppData\Roaming\nKx7PgvhD
C:\Users\L\AppData\Roaming\NOIYqhfLfHD
C:\Users\L\AppData\Roaming\NQP5e0nKqzcG7qI
C:\Users\L\AppData\Roaming\nrlBPinER
C:\Users\L\AppData\Roaming\NVmNJBmfRgT
C:\Users\L\AppData\Roaming\NVUU9E5itYg
C:\Users\L\AppData\Roaming\nw6uq2J9w0cY
C:\Users\L\AppData\Roaming\NxG7lInEUSfNHOH
C:\Users\L\AppData\Roaming\o2RPW9ThKufOnTF
C:\Users\L\AppData\Roaming\o6x9dNn4n22zjKp
C:\Users\L\AppData\Roaming\O8rphy5zKx7Pg
C:\Users\L\AppData\Roaming\O8TIBtqkwl
C:\Users\L\AppData\Roaming\OeerVOlVXZ
C:\Users\L\AppData\Roaming\OEIo8BFRtWkc6
C:\Users\L\AppData\Roaming\OFZzFl6uCWbtv
C:\Users\L\AppData\Roaming\OnlQP6zdNdO6lHU
C:\Users\L\AppData\Roaming\OotENQCSWkidq
C:\Users\L\AppData\Roaming\oP5gZqE6bxC97mn
C:\Users\L\AppData\Roaming\oqFUoRzp9N37kcQ
C:\Users\L\AppData\Roaming\OtENQCSWkidqN37
C:\Users\L\AppData\Roaming\OVkjxU9WHb0lZEa
C:\Users\L\AppData\Roaming\oVrlBPinERhwVty
C:\Users\L\AppData\Roaming\P5BseFh07NQYcs
C:\Users\L\AppData\Roaming\P777JJJWWK88dQ5
C:\Users\L\AppData\Roaming\PatJHlHtG2bc0Bw
C:\Users\L\AppData\Roaming\pdIyuR102PVP
C:\Users\L\AppData\Roaming\Pf3rmVngPmh
C:\Users\L\AppData\Roaming\pgJoPj8n0rT5
C:\Users\L\AppData\Roaming\pIEbltRprEAYGlJ
C:\Users\L\AppData\Roaming\Pp90WC048rishz
C:\Users\L\AppData\Roaming\PqpgW4BkH1rajCZ
C:\Users\L\AppData\Roaming\pse1A5AQNVxDagl
C:\Users\L\AppData\Roaming\pSR2XDwsl
C:\Users\L\AppData\Roaming\PT4SR2XDwslGC3w
C:\Users\L\AppData\Roaming\PtUsFlEuepE
C:\Users\L\AppData\Roaming\PxFdYOvJXOb7tGT
C:\Users\L\AppData\Roaming\pxhsuYatRSkJ
C:\Users\L\AppData\Roaming\pxPRNApKYPb8OKO
C:\Users\L\AppData\Roaming\pzjmyhdc9
C:\Users\L\AppData\Roaming\pZzFl6uCW
C:\Users\L\AppData\Roaming\q2h3kHBmeGkHrGZ
C:\Users\L\AppData\Roaming\q56G5ZBaQgBDnae
C:\Users\L\AppData\Roaming\q6x9dNn4n22zjKp
C:\Users\L\AppData\Roaming\qAjYVCjBy0cz
C:\Users\L\AppData\Roaming\qd8fRL9hTqCk
C:\Users\L\AppData\Roaming\QdHBEATbWBvaRj
C:\Users\L\AppData\Roaming\qNLS5e0nK
C:\Users\L\AppData\Roaming\Qp0wLoCnU7BpqSs
C:\Users\L\AppData\Roaming\qP5gZqE6b
C:\Users\L\AppData\Roaming\qqhf9TfHD
C:\Users\L\AppData\Roaming\qSHJT5x7AJLwzp5
C:\Users\L\AppData\Roaming\qTODJC0ndYBvH8V
C:\Users\L\AppData\Roaming\qWfLR9XIkqJ0
C:\Users\L\AppData\Roaming\qzFfvdUApWXkNcH
C:\Users\L\AppData\Roaming\R0E4HHp3Fbi1czr
C:\Users\L\AppData\Roaming\r4TODJC0FdYBvH8
C:\Users\L\AppData\Roaming\r9rDTxHUn8eusCp
C:\Users\L\AppData\Roaming\Rba9UrAiGdRTje
C:\Users\L\AppData\Roaming\rcNwZREWKsQ63zI
C:\Users\L\AppData\Roaming\rDtXTXTTg8ww
C:\Users\L\AppData\Roaming\RfEL8gTZVlPinE
C:\Users\L\AppData\Roaming\rFi2Scom6TOo
C:\Users\L\AppData\Roaming\RIkUgmiUQOW
C:\Users\L\AppData\Roaming\rpnGQHs7fLqC
C:\Users\L\AppData\Roaming\rUo8TIBtqkwlIcD
C:\Users\L\AppData\Roaming\rwCU9E5it
C:\Users\L\AppData\Roaming\Rzjmyhdc9oepfOb
C:\Users\L\AppData\Roaming\s6Yy4dYtvH8VPAD
C:\Users\L\AppData\Roaming\S707B6ebgu9O1
C:\Users\L\AppData\Roaming\sd8fRL9hTqCk0S
C:\Users\L\AppData\Roaming\sfHDPwEGFyq6AfN
C:\Users\L\AppData\Roaming\Siii11A1v2nm4
C:\Users\L\AppData\Roaming\sil7NQCSWkidqN3
C:\Users\L\AppData\Roaming\sjbTi9vWKWspNC
C:\Users\L\AppData\Roaming\SQG3obB67jidQl6
C:\Users\L\AppData\Roaming\SqZ9K3P93e4BdIn
C:\Users\L\AppData\Roaming\SSdhW4vIRDUmfYO
C:\Users\L\AppData\Roaming\sU2G7Rke6fL
C:\Users\L\AppData\Roaming\svczkCZLJHm
C:\Users\L\AppData\Roaming\sWdFefnuBj4Vsr
C:\Users\L\AppData\Roaming\T4TODJC0FdYBvH8
C:\Users\L\AppData\Roaming\t5BseFh07NQYc
C:\Users\L\AppData\Roaming\TB6O6ki7B
C:\Users\L\AppData\Roaming\tery1Sbpa6
C:\Users\L\AppData\Roaming\tgbRHoeY4ylmXCZ
C:\Users\L\AppData\Roaming\tHWfLR9XIk
C:\Users\L\AppData\Roaming\TomWEgqXVOypsdI
C:\Users\L\AppData\Roaming\tOnj1EPWkide2KI
C:\Users\L\AppData\Roaming\trhEss6f76HmdRC
C:\Users\L\AppData\Roaming\uB3WTlPZN48euah
C:\Users\L\AppData\Roaming\uDAzeCYZYh9L
C:\Users\L\AppData\Roaming\ufjBxb5W9UkzA2b
C:\Users\L\AppData\Roaming\ufotENQCSWkidqN
C:\Users\L\AppData\Roaming\uGa5dR99wq8KEd6
C:\Users\L\AppData\Roaming\ui3GQs7fEZYIltP
C:\Users\L\AppData\Roaming\UIkwVCkNSDnHdff
C:\Users\L\AppData\Roaming\Ujh9gfJQ5Q5bxk
C:\Users\L\AppData\Roaming\UuIRnzKNGTxaUDJ
C:\Users\L\AppData\Roaming\ux7PgvhD9
C:\Users\L\AppData\Roaming\uZI1mfUNidqV0b4
C:\Users\L\AppData\Roaming\V0oQd8ZYjeAEroW
C:\Users\L\AppData\Roaming\v421Nzkhgd6JQ
C:\Users\L\AppData\Roaming\Vd0gSw2RP
C:\Users\L\AppData\Roaming\ve4j2RyHrGZPm
C:\Users\L\AppData\Roaming\VhwCBPxu2
C:\Users\L\AppData\Roaming\VHYcsw1JCSg6
C:\Users\L\AppData\Roaming\VJZKjV0iDNPzA04
C:\Users\L\AppData\Roaming\VliHEBP2mf9ZF5Q
C:\Users\L\AppData\Roaming\VoB6O6ki7
C:\Users\L\AppData\Roaming\vr4iXNCNio
C:\Users\L\AppData\Roaming\VRISHZxnL
C:\Users\L\AppData\Roaming\VspNCqdGN7oedc9
C:\Users\L\AppData\Roaming\VtU5iOZ8bt7cfuT
C:\Users\L\AppData\Roaming\W5oyEjU5ruYeUrc
C:\Users\L\AppData\Roaming\wc6IGZlBkrXiLOn
C:\Users\L\AppData\Roaming\WgFCW1T3U4lQrHk
C:\Users\L\AppData\Roaming\wHEjVyIbGa77Q
C:\Users\L\AppData\Roaming\whPFfvdUApWXk
C:\Users\L\AppData\Roaming\WicNwZREW
C:\Users\L\AppData\Roaming\wJwcmRI26qxnRIS
C:\Users\L\AppData\Roaming\wKJFyzUTd3xwE
C:\Users\L\AppData\Roaming\WKNQrdtKlJBH
C:\Users\L\AppData\Roaming\wnWYy5Xudlb8BFf
C:\Users\L\AppData\Roaming\WRar5zdtL1fOHV6
C:\Users\L\AppData\Roaming\wuPOewwhX6
C:\Users\L\AppData\Roaming\WVKBDGJRd
C:\Users\L\AppData\Roaming\ww4kacXKna
C:\Users\L\AppData\Roaming\wwP2aLry4fku4Xu
C:\Users\L\AppData\Roaming\X6P5e0nKqzcG7qI
C:\Users\L\AppData\Roaming\x6x9dNn4n22zjKp
C:\Users\L\AppData\Roaming\X7hIunfCz2aRecn
c:\program files (x86)\utorrent

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6B47544B-3651-43DA-8994-76D704E6FD79}"=-
"{D839951C-445A-47DC-8F23-A725006B5CE8}"=-

:Commands
[emptytemp]
[resethosts]
[reboot]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Lets try this again

Unread postby BostonBulldog » December 11th, 2011, 11:50 am

I tried to remove the Java 6 update 3 and I get a popup saying :

Error 1316.A network error occured while attempting to read from the file c:\Windows\Installer\jre 1.6.0_03.msi

and it won't go any further.

Since you said do everything in the order you give I'm going to wait to do anything further untill I hear from you.


Thank You
BostonBulldog
Regular Member
 
Posts: 16
Joined: December 6th, 2011, 8:17 pm

Re: Lets try this again

Unread postby Gary R » December 11th, 2011, 12:22 pm

OK, leave the java update for the time being, and just run the OTL fix.

Please let me know how your computer is behaving now.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Lets try this again

Unread postby BostonBulldog » December 11th, 2011, 3:33 pm

I ran it just as asked and it froze up on resetting the hosts file - it popped up a window that said unable to write to access hosts. then it said resetting hosts file and froze up - but it was at the end of the instructions - should I go ahead and reboot?
BostonBulldog
Regular Member
 
Posts: 16
Joined: December 6th, 2011, 8:17 pm

Re: Lets try this again

Unread postby Gary R » December 11th, 2011, 3:52 pm

Yes, please reboot and post any log it makes.

If it doesn't appear to make a log, look in the C:\_OTL\MovedFiles folder, where you should find a file named .... mmddyyyy_hhmmss.log .... where mdyhms are replaced by numbers representing the date and time the fix was run.

I'm going to be out for the rest of tonight, so it will be Monday morning (my time) before I see your reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware