also @ TechSpot: IBM's Watson conquers Jeopardy, cancer and now customer service

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

“MSDMine?STacS” possible malware detected by GMER

Discussion in 'Virus and Malware Removal' started by gonwk, Sep 14, 2011.

Page 1 of 2

gonwk Newcomer, in training Posts: 25

Hi Techspot,

FYI, on my Windows Vista Home Premium 64-Bit I have the following Antivirus and Firewall running … and are updated on a daily basis.

- Avira 10.2.0.700
- Comodo Firewall 5.5.195786.1383 with Defense + activated and running in “Safe Mode”
- WinPatrol 2011
- Spyware Blaster 4.4

For On-Demand Scanners I use MBAM and SAS and update definitions daily.

Now with my PROBLEM …

About couple of weeks ago, while I was online I got an alert to update my Driver or something for my ATI Catalyst or the Screen something … and in my haste I clicked YES.

Since I tend to run MBAM, SAS daily and Avira Scans and GMER on a regular basis just to be sure … when I ran the GMER, it told me that I have “MSDMine?STacS” in addition to what I am used to see the SPDT … which I think is harmless and is a trace of old installation of “Daemon Tools Lite” (I assume is harmeless … not sure!).

So I started looking on the internet to see if MSDMine thingy is bad Malware … and various posts indicating that is Not a good thing and also brought me to your website.

So when I saw the GMER alert I tried to right-click and delete the file … but that option was Not available … so in my wisdom I decided to take GMER on his/her offer and e-mailed him my problem … to “info_at_GMER_dot_net” as it was advertised on GMER web page http://www.gmer.net/.

So, I got a response from GMER right away instructing me to post the GMER log and on top of that to run aswMBR.exe and attach the log to my next e-mail to him.

Well, before running the aswMBR.exe I decided to run it thru VirusTotal … and it flagged it as having TWO (2) nasties … I thought may be it is a False Positive so I ran the aswMBR.exe file that GMER had eMailed me … and attached the log to my next e-mail.

Well, it has been several weeks and No Response from GMER dude …

Right after I did that I decided to rum MBAM … updated my definition and ran it … and bam … I got 9 HITS saying “Stolen.Data” which I of course let MBAM to clean and delete … so now I am suspecting the GMER email helpline is a Phishing site …

Since the above initial incident I have NO Confidence in my laptop being secured …

Q1: Could I just do a Clean Install from my D drive and get rid of everything bad on my laptop?
My laptop came with D and C drives … the D drive has the Original Vista Home Premium SP1 … and I would have to bring myself up to date to SP2 and all other stuff. It is a pain but …

Q2: Would this MSDMine malware infected also my D: Master SW drive?

Q3: Do you recommend I should go from my current IE7 to IE8 or even IE9?
How dependable is IE9?

BTW, from reading some of the posts here I see that you recommend Online Scanner ESET …

I need help … since I am NOT able to run any Online Scanner that require ActiveX activation … somehow I am blocking it … and for life of me I can Not figure out how to allow the ActiveX run even when I try to do it as Admin.

Q4: Please tell me where and how I can Turn ActiveX Feature ON?

Q5: I saw in one of other Threads that you folks suggested to uninstall any “Registry Editing Programs” … Question: is “Advanced System Cafre 4” and “CCleaner” considered to be a Registry Editing Program?
I just want to get ready in advance of your help!

BTW, Step 4 was not clear to me … if you need to disable the AV and firewall before running DDS, but I assume that is the case since you are telling me on the Last line to Enable my AV and get online again.

Q6: Do you recommend running GMER with Right-Clicking and Run as Admin … at all?

FYI, when I ran GMER the only Options that it was available was the Services, Registry, and Files … the rest of choices were GRAYed out. And only C:\ Drive was selected.

Thanks,

G!

1) I ran AVIRA with the latest definitions … after the first MABM run that found 1 “Stolen.Data” entry and found Nothing …

Here are my logs …

MBAM Run 1 with the Problem
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7715

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

9/14/2011 8:02:52 AM
mbam-log-2011-09-14 (08-02-42).txt

Scan type: Quick scan
Objects scanned: 191170
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\GN\AppData\Roaming\4145f53 (Stolen.Data) -> No action taken.

MBAM Run 2 - Clean
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7719

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

9/14/2011 6:47:37 PM
mbam-log-2011-09-14 (18-47-37).txt

Scan type: Quick scan
Objects scanned: 193509
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-14 19:14:01
Windows 6.0.6002 Service Pack 2
Running: 4s5kyzfy.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

---- EOF - GMER 1.0.15 ----

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005
Run by GN at 19:22:33 on 2011-09-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2145 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\sttray64.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6862
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6862
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6862
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6862
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\GN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 206.13.28.12 206.13.29.12
TCP: Interfaces\{7677FAF8-E496-4356-BE88-FD3D64C24A7F} : DhcpNameServer = 192.168.2.1 206.13.28.12 206.13.29.12
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DwProt;DrWeb Protection;C:\Windows\system32\drivers\dwprot.sys --> C:\Windows\system32\drivers\dwprot.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 GizmoDrv;Gizmo Device Driver;C:\Windows\system32\drivers\GizmoDrv.sys --> C:\Windows\system32\drivers\GizmoDrv.sys [?]
R1 SafDskNT;SafeHouse;\??\C:\Windows\system32\drivers\SAFDSKNT.SYS --> C:\Windows\system32\drivers\SAFDSKNT.SYS [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-7-23 328536]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-8-7 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-8-7 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 21504]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw4v64.sys --> C:\Windows\system32\DRIVERS\NETw4v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\4599.tmp --> C:\Windows\system32\4599.tmp [?]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TFsExDisk;TFsExDisk;\??\C:\Windows\System32\Drivers\TFsExDisk.sys --> C:\Windows\System32\Drivers\TFsExDisk.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-10 89920]
.
=============== Created Last 30 ================
.
2011-09-14 22:14:02 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-14 22:14:02 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-11 14:59:56 -------- d-----w- C:\Users\GN\AppData\Roaming\TheGreatPharaoh
2011-09-11 14:58:16 -------- d-----w- C:\Games
2011-09-06 15:48:08 6144 ------w- C:\Windows\System32\4599.tmp
2011-09-06 15:45:46 6144 ------w- C:\Windows\System32\1CD4.tmp
2011-09-06 15:05:15 8862544 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03572407-2436-487F-B5E2-7571B4D518AB}\mpengine.dll
2011-09-04 14:50:24 -------- d-----w- C:\ProgramData\Playrix Entertainment
2011-09-02 15:19:34 6144 ------w- C:\Windows\System32\39E5.tmp
2011-09-02 15:00:44 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-09-02 06:05:08 -------- d-----w- C:\SafeHouse
2011-09-02 04:43:55 -------- d-----w- C:\ProgramData\boost_interprocess
2011-09-01 16:15:47 6144 ------w- C:\Windows\System32\AE4B.tmp
2011-08-31 21:41:55 6144 ------w- C:\Windows\System32\99CE.tmp
2011-08-31 16:35:06 6144 ------w- C:\Windows\System32\1354.tmp
2011-08-31 16:32:57 6144 ------w- C:\Windows\System32\1B9D.tmp
2011-08-29 20:37:08 -------- d-----w- C:\Users\GN\AppData\Roaming\DivXMuxGui
2011-08-26 02:21:16 -------- d-----w- C:\Users\GN\AppData\Local\SubtitleCreator
2011-08-26 02:21:03 -------- d-----w- C:\Program Files (x86)\SubtitleCreator
2011-08-24 14:22:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 14:22:15 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-24 03:10:15 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-08-24 03:10:15 48128 ----a-w- C:\Windows\SysWow64\ff_acm.acm
2011-08-24 03:10:14 -------- d-----w- C:\Program Files (x86)\ffdshow
2011-08-24 02:47:07 -------- d-----w- C:\Program Files (x86)\VistaCodecPack
2011-08-24 02:45:46 -------- d-----w- C:\ProgramData\VistaCodecs
2011-08-23 22:43:09 -------- d-----w- C:\Users\GN\AppData\Local\ESS
2011-08-23 22:42:08 -------- d-----w- C:\Program Files (x86)\Easy Subtitles Synchronizer
2011-08-23 15:53:37 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
.
==================== Find3M ====================
.
2011-09-09 18:10:05 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-02 19:44:18 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-12 16:25:08 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-09 02:38:06 150520 ----a-w- C:\Windows\System32\drivers\dwprot.sys
2011-07-22 14:10:31 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 13:54:40 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-21 19:15:15 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-07-08 16:40:17 34704 ----a-w- C:\Windows\System32\drivers\gizmodrv.sys
2011-07-06 15:49:23 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-30 08:37:59 40176 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-06-30 08:37:58 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-06-30 08:37:57 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-06-30 08:37:25 285256 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-06-30 08:37:24 363560 ----a-w- C:\Windows\System32\guard64.dll
2011-06-21 16:06:57 1032192 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 15:49:52 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-21 14:41:18 485376 ----a-w- C:\Windows\System32\html.iec
2011-06-21 14:13:51 389632 ----a-w- C:\Windows\SysWow64\html.iec
2011-06-20 08:45:17 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-17 20:14:30 1427344 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-17 16:16:33 451072 ----a-w- C:\Windows\System32\winsrv.dll
.
============= FINISH: 19:23:03.18 ===============

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/11/2009 11:51:56 AM
System Uptime: 9/14/2011 1:21:01 PM (6 hours ago)
.
Motherboard: Gateway | |
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 217 GiB total, 127.253 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 8.014 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP796: 9/6/2011 7:40:00 AM - Windows Update
RP797: 9/7/2011 7:13:29 AM - Windows Update
RP798: 9/8/2011 8:21:08 AM - Scheduled Checkpoint
RP799: 9/9/2011 7:57:51 AM - Scheduled Checkpoint
RP800: 9/9/2011 11:08:58 AM - Installed Java(TM) 6 Update 27
RP801: 9/12/2011 8:39:58 AM - Scheduled Checkpoint
RP802: 9/13/2011 11:28:42 AM - Scheduled Checkpoint
RP803: 9/14/2011 3:21:54 PM - Windows Update
.
==== Installed Programs ======================
.
4 Elements
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Advanced SystemCare 4
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Camera Assistant Software for Gateway
CamStudio
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help English
Compatibility Pack for the 2007 Office system
DVD Suite
Elementals - The Magic Key
EMET
ffdshow v1.1.3974 [2011-08-22]
Gateway Games
Gateway Recovery Center Installer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IDT Audio
Java Auto Updater
Java(TM) 6 Update 27
KeyScrambler
LabelPrint
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaShow 3.0
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
PC Connectivity Solution
PDFCreator
PhotoNow! 1.0
Power2Go 5.0
PowerBackup 2.5
PowerDVD
PowerProducer
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.92
SAMSUNG USB Driver for Mobile Phones
Secunia PSI
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Windows Media Encoder (KB2447961)
Skins
Smart Defrag 2
Sophos Anti-Rootkit 1.5.20
SpywareBlaster 4.4
System Requirements Lab for Intel
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.10
Windows Live Messenger
Windows Media Encoder 9 Series
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb cmdGuard cmdHlp DfsC ElbyCDIO GizmoDrv inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SABKUTIL SafDskNT SASDIFSV SASKUTIL Smb spldr sptd tdx Wanarpv6
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/14/2011 8:06:53 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2011 8:06:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/14/2011 8:06:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/14/2011 8:06:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/14/2011 8:06:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/14/2011 8:06:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/14/2011 8:06:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/14/2011 8:04:56 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
9/14/2011 2:23:07 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {BDB57FF2-79B9-4205-9447-F5FE85F37312}. The error: "740" Happened while starting this command: "C:\Program Files (x86)\Internet Explorer\IEInstal.exe" -Embedding
9/14/2011 1:23:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
9/13/2011 8:55:46 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for <null> with the following error: Access is denied.
9/13/2011 8:55:46 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 4.0.0.0 service failed to start due to the .
==== End Of File ===========================

gonwk, Sep 14, 2011

#1
Broni Malware Annihilator Posts: 39,324 +175
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

So far I don't see much.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Sep 15, 2011

#2
gonwk Newcomer, in training Posts: 25

Hi Broni,

Thanks for replying back so fast!
Here is my aswMBR QuickScan log.

Q: Broni, I have a Question for the Remainder of your Instructions from ComboFix … do you want me to do ComboFix then Post my Results … then wait for your instruction then Move to the next Action and so forth down your list?

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-15 09:28:01
-----------------------------
09:28:01.125 OS Version: Windows x64 6.0.6002 Service Pack 2
09:28:01.141 Number of processors: 2 586 0xF0D
09:28:01.141 ComputerName: GN-PC UserName: GN
09:28:02.560 Initialize success
09:29:47.254 AVAST engine defs: 11091500
09:43:40.726 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:43:40.726 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
09:43:40.726 Disk 0 MBR read error 0
09:43:40.726 Disk 0 MBR scan
09:43:40.742 Disk 0 unknown MBR code
09:43:40.742 MBR BIOS signature not found 0
09:43:40.742 Service scanning
09:43:42.006 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
09:43:42.645 Modules scanning
09:43:42.645 Disk 0 trace - called modules:
09:43:42.708 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys spmp.sys hal.dll
09:43:42.708 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f714d0]
09:43:42.708 3 CLASSPNP.SYS[fffffa6001401c33] -> nt!IofCallDriver -> [0xfffffa80058c39b0]
09:43:42.708 5 acpi.sys[fffffa6000b71fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004c7d050]
09:43:43.612 AVAST engine scan C:\Windows
09:43:46.264 AVAST engine scan C:\Windows\system32
09:45:47.898 AVAST engine scan C:\Windows\system32\drivers
09:46:02.078 AVAST engine scan C:\Users\GN
09:51:06.409 AVAST engine scan C:\ProgramData
09:52:38.183 Scan finished successfully
09:56:44.249 Disk 0 MBR has been saved successfully to "C:\Users\GN\Desktop\MBR.dat"
09:56:44.249 The log file has been saved successfully to "C:\Users\GN\Desktop\aswMBR.txt"

Thanks!

G!

gonwk, Sep 15, 2011

#3
Broni Malware Annihilator Posts: 39,324 +175

You just need to run Combofix and post its log.

Broni, Sep 15, 2011

#4
gonwk Newcomer, in training Posts: 25

Hi Broni,

Couple things happened while running ComboFix that I want to share with you ...
I did exactly like your Guide says ... ran CF just fine ... I did leave the Internet Connected even though I disabled all my AV & AntiMalwre and what not ... since you said ComboFix might ask to be updated.

Now when I started CF ... I walked away from my laptop to do something ... when I came back the laptop had been restarted ... so I logged back in and the CF started running the process of accumulating the LOG ...

1) I had to restart the laptop since with the first reboot my Avira did not get started.

2) Somehow CF created a "New" IE Link on my desktop.

Q1: Is this Normal?

3) Also looking at Explorer I noticed that there is a Folder that I had not seen before called "$RECYCLE.BIN" under C: Drive. I notice it when I was looking for CF Log.

4) WinPatrol alerted me of the following 2 happenings ...

- 4A: My IE Home Page was changed from "Google" to "Microsoft.com ieserach".

Q2: Is this Normal?

- 4B: WinPatrol alerted me that a New DLL is added ...
C:\Windows\System32\APPMGMTS.DLL

Q3: Is this Normal?

Broni here is my ComboFix Log ...

ComboFix 11-09-15.05 - GN 09/15/2011 15:01:15.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2218 [GMT -7:00]
Running from: c:\users\GN\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GN\AppData\Roaming\inst.exe
c:\users\GN\Documents\Downloads\CT2776682_BrotherSoft_Extreme.exe
c:\windows\SysWow64\mfc100deu.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-08-15 to 2011-09-15 )))))))))))))))))))))))))))))))
.
.
2011-09-15 22:08 . 2011-09-15 22:15 -------- d-----w- c:\users\GN\AppData\Local\temp
2011-09-14 22:14 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-14 22:14 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-11 14:59 . 2011-09-11 14:59 -------- d-----w- c:\users\GN\AppData\Roaming\TheGreatPharaoh
2011-09-11 14:58 . 2011-09-11 14:58 -------- d-----w- C:\Games
2011-09-09 18:12 . 2011-09-09 18:12 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-09 18:10 . 2011-09-09 18:10 -------- d-----w- c:\program files (x86)\Java
2011-09-06 15:48 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\4599.tmp
2011-09-06 15:45 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\1CD4.tmp
2011-09-06 15:05 . 2011-08-16 15:48 8862544 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03572407-2436-487F-B5E2-7571B4D518AB}\mpengine.dll
2011-09-04 14:50 . 2011-09-04 14:50 -------- d-----w- c:\programdata\Playrix Entertainment
2011-09-02 15:19 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\39E5.tmp
2011-09-02 15:00 . 2011-09-02 15:00 -------- d-----w- c:\programdata\Kaspersky Lab
2011-09-02 06:05 . 2011-09-02 06:05 -------- d-----w- C:\SafeHouse
2011-09-02 04:43 . 2011-09-02 04:43 -------- d-----w- c:\programdata\boost_interprocess
2011-09-01 16:15 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\AE4B.tmp
2011-08-31 21:41 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\99CE.tmp
2011-08-31 16:35 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\1354.tmp
2011-08-31 16:32 . 2011-05-12 21:03 6144 ------w- c:\windows\system32\1B9D.tmp
2011-08-29 20:37 . 2011-08-29 20:37 -------- d-----w- c:\users\GN\AppData\Roaming\DivXMuxGui
2011-08-26 02:21 . 2011-08-26 02:23 -------- d-----w- c:\users\GN\AppData\Local\SubtitleCreator
2011-08-26 02:21 . 2011-08-26 02:21 -------- d-----w- c:\program files (x86)\SubtitleCreator
2011-08-24 14:22 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 14:22 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-24 03:10 . 2011-08-23 03:07 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-08-24 03:10 . 2011-08-23 03:06 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2011-08-24 03:10 . 2011-08-24 03:10 -------- d-----w- c:\program files (x86)\ffdshow
2011-08-24 02:47 . 2011-08-24 03:04 -------- d-----w- c:\program files (x86)\VistaCodecPack
2011-08-24 02:45 . 2011-08-24 03:04 -------- d-----w- c:\programdata\VistaCodecs
2011-08-23 22:43 . 2011-08-23 22:43 -------- d-----w- c:\users\GN\AppData\Local\ESS
2011-08-23 22:42 . 2011-08-23 22:57 -------- d-----w- c:\program files (x86)\Easy Subtitles Synchronizer
2011-08-23 15:53 . 2011-08-23 16:02 -------- d-----w- c:\program files (x86)\Elaborate Bytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 18:10 . 2010-04-27 16:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-02 19:44 . 2011-08-10 03:07 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-01 00:00 . 2009-10-12 00:09 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 16:25 . 2011-08-12 16:25 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-09 02:38 . 2011-08-09 02:38 150520 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-08-01 16:23 . 2011-08-01 16:23 79872 ----a-w- c:\windows\SysWow64\wecutil.exe
2011-08-01 16:23 . 2011-08-01 16:23 56320 ----a-w- c:\windows\SysWow64\wecapi.dll
2011-08-01 16:23 . 2011-08-01 16:23 40448 ----a-w- c:\windows\SysWow64\winrs.exe
2011-08-01 16:23 . 2011-08-01 16:23 20480 ----a-w- c:\windows\SysWow64\winrshost.exe
2011-08-01 16:23 . 2011-08-01 16:23 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2011-08-01 16:23 . 2011-08-01 16:23 10240 ----a-w- c:\windows\SysWow64\winrssrv.dll
2011-08-01 16:23 . 2011-08-01 16:23 241152 ----a-w- c:\windows\SysWow64\winrscmd.dll
2011-08-01 16:23 . 2011-08-01 16:23 81408 ----a-w- c:\windows\SysWow64\wevtfwd.dll
2011-08-01 16:23 . 2011-08-01 16:23 54272 ----a-w- c:\windows\SysWow64\WsmRes.dll
2011-08-01 16:23 . 2011-08-01 16:23 41472 ----a-w- c:\windows\SysWow64\pwrshplugin.dll
2011-08-01 16:23 . 2011-08-01 16:23 252416 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2011-08-01 16:23 . 2011-08-01 16:23 246272 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2011-08-01 16:23 . 2011-08-01 16:23 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2011-08-01 16:23 . 2011-08-01 16:23 201184 ----a-w- c:\windows\SysWow64\winrm.vbs
2011-08-01 16:23 . 2011-08-01 16:23 145408 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2011-08-01 16:23 . 2011-08-01 16:23 12800 ----a-w- c:\windows\SysWow64\wsmprovhost.exe
2011-08-01 16:23 . 2011-08-01 16:23 1181696 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2011-08-01 16:23 . 2011-08-01 16:23 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
2011-08-01 16:23 . 2011-08-01 16:23 352768 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-08-01 16:23 . 2011-08-01 16:23 180736 ----a-w- c:\windows\system32\WsmAuto.dll
2011-08-01 16:23 . 2011-08-01 16:23 2050048 ----a-w- c:\windows\system32\WsmSvc.dll
2011-08-01 16:23 . 2011-08-01 16:23 84992 ----a-w- c:\windows\system32\wecapi.dll
2011-08-01 16:23 . 2011-08-01 16:23 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-08-01 16:23 . 2011-08-01 16:23 348672 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-08-01 16:23 . 2011-08-01 16:23 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-08-01 16:23 . 2011-08-01 16:23 232960 ----a-w- c:\windows\system32\wecsvc.dll
2011-08-01 16:23 . 2011-08-01 16:23 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-08-01 16:23 . 2011-08-01 16:23 13824 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-08-01 16:23 . 2011-08-01 16:23 13312 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-08-01 16:23 . 2011-08-01 16:23 113152 ----a-w- c:\windows\system32\wecutil.exe
2011-08-01 16:23 . 2011-08-01 16:23 51200 ----a-w- c:\windows\system32\winrs.exe
2011-08-01 16:23 . 2011-08-01 16:23 370688 ----a-w- c:\windows\system32\winrscmd.dll
2011-08-01 16:23 . 2011-08-01 16:23 24064 ----a-w- c:\windows\system32\winrshost.exe
2011-08-01 16:23 . 2011-08-01 16:23 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-08-01 16:23 . 2011-08-01 16:23 13312 ----a-w- c:\windows\system32\winrssrv.dll
2011-08-01 16:23 . 2011-08-01 16:23 113152 ----a-w- c:\windows\system32\wevtfwd.dll
2011-08-01 16:23 . 2011-08-01 16:23 53760 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-07-22 14:10 . 2011-08-10 01:59 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 13:54 . 2011-08-10 01:59 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-21 19:15 . 2011-08-07 19:49 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-21 19:15 . 2011-08-07 19:49 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-08 16:40 . 2011-02-13 00:51 34704 ----a-w- c:\windows\system32\drivers\gizmodrv.sys
2011-07-06 15:49 . 2011-08-10 01:58 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-30 08:38 . 2011-05-03 03:36 92688 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 08:37 . 2011-05-03 03:36 40176 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:37 . 2011-05-03 03:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:37 . 2011-05-03 03:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37 . 2011-05-03 03:36 285256 ----a-w- c:\windows\SysWow64\guard32.dll
2011-06-30 08:37 . 2011-05-03 03:36 363560 ----a-w- c:\windows\system32\guard64.dll
2011-06-21 16:06 . 2011-08-10 01:59 1032192 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 15:49 . 2011-08-10 01:59 834048 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-21 14:41 . 2011-08-10 01:59 485376 ----a-w- c:\windows\system32\html.iec
2011-06-21 14:13 . 2011-08-10 01:59 389632 ----a-w- c:\windows\SysWow64\html.iec
2011-06-20 08:45 . 2011-08-10 01:58 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-07 69216]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-03 98304]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\GN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2009-10-11 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4599.tmp [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S1 SafDskNT;SafeHouse;c:\windows\system32\drivers\SAFDSKNT.SYS [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 27648]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw4v64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 963584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]
"SigmatelSysTrayApp"="sttray64.exe" [2007-07-27 425984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6862
mLocal Page = %SystemRoot%\system32\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 206.13.28.12 206.13.29.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4599.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2011-09-15 15:20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-15 22:20
.
Pre-Run: 135,878,004,736 bytes free
Post-Run: 141,696,081,920 bytes free
.
- - End Of File - - 945EA2DCCB3C03772DD8E59626D4FF5E

As usual THANKS in Advance ...and awaiting your instructions.

G!

gonwk, Sep 15, 2011

#5

gonwk Newcomer, in training Posts: 25

Hi Broni,

I happen to look thru the CF log and I noticed the following program deleted …

c:\users\GN\Documents\Downloads\CT2776682_BrotherSoft_Extreme.exe

Well, I never downloaded this program and for sure Not under that folder … So, I googled it and it is a Malware.

Then I looked under that folder “Downloads” and I found another .exe which I had Not downloaded. This file is named “ButterScotchInstaller.exe” and is 2956KB in size. I immediately Deleted this file …

Broni, it is sitting in my Recycle bin until you tell me to get rid of it.

I also googled this App and it is a bad jojo according to www.averscanner.com

Broni, is AverScanner website a “Valid” And “OK” site?

Thanks,

G!

gonwk, Sep 15, 2011

#6

Broni Malware Annihilator Posts: 39,324 +175
I'm not familiar with www.averscanner.com site.
What do you need it for?

You can empty your Recycle Bin.

Q1. If you have your own IE shortcut, you can delete new one.
Q2. Change it back to Google
Q3. It's safe.

===============================================================

Combofix log looks good now.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Sep 15, 2011

#7
gonwk Newcomer, in training Posts: 25

Hi Broni,

Before running OTL ... do I need to disable all my AVs and what not like before and log out of the Internet!?!?

Please advise!

Thanks,

G!

gonwk, Sep 15, 2011

#8
gonwk Newcomer, in training Posts: 25

Hi Broni,

Thanks for your Help and please disregard above Question ... just now tried posting the OTL logs and it says I exceeded 50000 limit so I am splitting it now ...

OTL logfile created on: 9/15/2011 5:57:06 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\GN\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.16% Memory free
8.19 Gb Paging File | 6.36 Gb Available in Paging File | 77.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.07 Gb Total Space | 131.82 Gb Free Space | 60.73% Space Free | Partition Type: NTFS
Drive D: | 15.81 Gb Total Space | 8.01 Gb Free Space | 50.69% Space Free | Partition Type: NTFS

Computer Name: GN-PC | User Name: GN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/15 17:26:07 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\GN\Desktop\OTL.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/15 12:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/27 16:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2007/09/13 14:09:44 | 000,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/22 20:07:46 | 003,578,880 | ---- | M] () -- C:\Program Files (x86)\ffdshow\ffdshow.ax
MOD - [2011/08/22 20:06:16 | 000,048,128 | ---- | M] () -- C:\WINDOWS\SysWOW64\ff_acm.acm
MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2007/09/27 16:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/06/30 01:37:28 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2009/06/25 22:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/07/27 10:49:46 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\STacSV64.exe -- (STacSV)
SRV:64bit: - [2007/01/29 21:24:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/04 03:41:00 | 000,437,248 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/29 10:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/08 19:38:06 | 000,150,520 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dwprot.sys -- (DwProt)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/21 12:15:16 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/21 12:15:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/08 09:40:17 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2011/06/09 14:05:13 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\4599.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/04/24 15:14:22 | 000,273,088 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/02/23 17:04:16 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/10/18 17:18:59 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/05/28 04:04:52 | 000,017,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/05/25 00:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/05/25 00:59:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010/05/25 00:59:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/05/25 00:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/03/07 17:46:50 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/03/02 21:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/02 20:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/07 16:06:30 | 000,076,112 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SAFDSKNT.SYS -- (SafDskNT)
DRV:64bit: - [2009/06/25 23:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009/06/25 23:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/05/18 10:42:12 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2008/11/04 03:40:46 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/10/15 08:57:50 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/10/15 08:53:44 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/10/15 08:52:24 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/01/20 19:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 19:47:27 | 000,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/03 20:57:26 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2007/10/31 12:44:38 | 003,197,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel(R)
DRV:64bit: - [2007/09/29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/17 15:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/07/27 10:50:24 | 000,391,680 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/05/23 17:47:28 | 000,020,784 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/03/07 15:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pnetmdm64.sys -- (pnetmdm)
DRV:64bit: - [2006/11/17 15:22:06 | 000,297,272 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/10/06 19:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/06/18 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/06/09 14:05:13 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6862

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6862
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6862
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2879506033-3086987856-1944290939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2879506033-3086987856-1944290939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2879506033-3086987856-1944290939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2879506033-3086987856-1944290939-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2011/09/15 15:15:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3:64bit: - HKU\S-1-5-21-2879506033-3086987856-1944290939-1000\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\S-1-5-21-2879506033-3086987856-1944290939-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\GN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2879506033-3086987856-1944290939-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2879506033-3086987856-1944290939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 206.13.28.12 206.13.29.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7677FAF8-E496-4356-BE88-FD3D64C24A7F}: DhcpNameServer = 192.168.2.1 206.13.28.12 206.13.29.12
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\WINDOWS\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img21.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2879506033-3086987856-1944290939-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.lameacm - LameACM.acm (http://www.mp3dev.org/)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/15 17:26:04 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\GN\Desktop\OTL.exe
[2011/09/15 15:20:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/15 15:20:41 | 000,000,000 | ---D | C] -- C:\Users\GN\AppData\Local\temp
[2011/09/15 15:15:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/09/15 15:00:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/15 15:00:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/15 15:00:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/15 15:00:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/15 15:00:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/15 10:14:09 | 004,210,959 | R--- | C] (Swearware) -- C:\Users\GN\Desktop\ComboFix.exe
[2011/09/15 09:27:23 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\GN\Desktop\aswMBR.exe
[2011/09/15 09:26:26 | 000,000,000 | ---D | C] -- C:\Users\GN\Desktop\Desktop HOLD Temp
[2011/09/14 14:46:50 | 000,000,000 | ---D | C] -- C:\Users\GN\Desktop\TechSpot Virus Removal - MSDMineXSTacS
[2011/09/11 07:59:56 | 000,000,000 | ---D | C] -- C:\Users\GN\AppData\Roaming\TheGreatPharaoh
[2011/09/11 07:58:16 | 000,000,000 | ---D | C] -- C:\Games
[2011/09/09 11:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/09 11:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/09/07 09:03:50 | 000,000,000 | ---D | C] -- C:\Users\GN\Desktop\AmeriSave Loans
[2011/09/04 07:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2011/09/04 06:42:40 | 000,000,000 | ---D | C] -- C:\Users\GN\Desktop\Guides MSFT AV LIB
[2011/09/02 08:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/09/01 23:05:08 | 000,000,000 | ---D | C] -- C:\SafeHouse
[2011/09/01 21:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/08/29 18:24:48 | 000,000,000 | ---D | C] -- C:\Users\GN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\URUSoft
[2011/08/29 13:37:08 | 000,000,000 | ---D | C] -- C:\Users\GN\AppData\Roaming\DivXMuxGui
[2011/08/25 19:21:16 | 000,000,000 | ---D | C] -- C:\Users\GN\AppData\Local\SubtitleCreator
[2011/08/25 19:21:04 | 000,000,000 | ---D | C] -- C:\Users\GN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubtitleCreator
[2011/08/25 19:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SubtitleCreator
[2011/08/25 19:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SubtitleCreator
[2011/08/23 20:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2011/08/23 20:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2011/08/23 19:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VistaCodecPack
[2011/08/23 19:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2011/08/23 15:43:09 | 000,000,000 | ---D | C] -- C:\Users\GN\AppData\Local\ESS
[2011/08/23 15:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Subtitles Synchronizer
[2011/08/23 08:53:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/03/07 17:46:50 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\GN\AppData\Roaming\pcouffin.sys
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

gonwk, Sep 15, 2011

#9
gonwk Newcomer, in training Posts: 25

========== Files - Modified Within 30 Days ==========

[2011/09/15 17:31:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 17:31:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 17:26:07 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\GN\Desktop\OTL.exe
[2011/09/15 17:23:17 | 000,000,155 | ---- | M] () -- C:\Windows\SysWow64\~.inf
[2011/09/15 16:44:32 | 000,248,832 | ---- | M] () -- C:\Users\GN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/15 15:38:51 | 000,023,673 | ---- | M] () -- C:\Users\GN\Desktop\WinPatrol-after ComboFix IE Start Page Changed from Google to MSFT.jpg
[2011/09/15 15:31:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/15 15:31:27 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/15 15:15:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/15 14:37:00 | 000,000,245 | ---- | M] () -- C:\Users\GN\Desktop\Virus and Malware Removal - TechSpot OpenBoards.url
[2011/09/15 10:14:09 | 004,210,959 | R--- | M] (Swearware) -- C:\Users\GN\Desktop\ComboFix.exe
[2011/09/15 09:56:44 | 000,000,512 | ---- | M] () -- C:\Users\GN\Desktop\MBR.dat
[2011/09/15 09:16:37 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\GN\Desktop\aswMBR.exe
[2011/09/14 17:17:12 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/14 17:17:12 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/14 17:17:12 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/13 15:54:58 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\5020f4ff
[2011/09/13 15:54:58 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\4fc7312f
[2011/09/13 15:54:20 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\3bce13b
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d074e5a7
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d014f33f
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\cfa08f63
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\cf557697
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\cf00ec5b
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\cdcc2cf3
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\cc7ebc4f
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\cc29007f
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b1e83497
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b198d087
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b13161af
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b0dbb51b
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\a4b74f3f
[2011/09/13 15:53:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\a45fed53
[2011/09/11 07:19:51 | 000,012,809 | ---- | M] () -- C:\Users\GN\Desktop\TDl CUM.rtf
[2011/09/09 11:21:06 | 000,999,676 | ---- | M] () -- C:\Users\GN\Documents\bookmark (09-09-11).htm
[2011/09/03 15:37:48 | 000,019,181 | ---- | M] () -- C:\Users\GN\Desktop\Comm on TROJAN_Cum.rtf
[2011/09/02 12:44:18 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/09/02 08:35:54 | 000,787,407 | ---- | M] () -- C:\Users\GN\AppData\Local\census.cache
[2011/09/02 08:35:48 | 000,189,239 | ---- | M] () -- C:\Users\GN\AppData\Local\ars.cache
[2011/09/01 21:16:05 | 000,000,036 | ---- | M] () -- C:\Users\GN\AppData\Local\housecall.guid.cache
[2011/09/01 16:12:48 | 000,982,184 | ---- | M] () -- C:\Users\GN\Documents\bookmark (09-01-11).htm
[2011/08/31 18:48:24 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\7ede00af
[2011/08/31 18:48:24 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\7e7a94f7
[2011/08/31 18:47:24 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\bef21263
[2011/08/31 18:47:24 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\be9c3bff
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\92719fbf
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\920b6c23
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\91656027
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\91189983
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\90c53f8b
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\8f823147
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\8e28a9b7
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\8dd361eb
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\746d0ccf
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\74178b4f
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\73b0469b
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\7355e68f
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\6d23d60b
[2011/08/31 18:46:22 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\6cc9337b
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/29 18:43:42 | 000,001,220 | ---- | M] () -- C:\Users\GN\AppData\Roaming\DVDSubEdit.ini
[2011/08/29 18:24:48 | 000,002,002 | ---- | M] () -- C:\Users\GN\Application Data\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk
[2011/08/25 10:19:54 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d65e7d6c
[2011/08/25 10:19:54 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d5fee804
[2011/08/25 10:19:54 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d57134e8
[2011/08/25 10:19:54 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d50ce4c4
[2011/08/25 10:19:54 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d4aecb3c
[2011/08/25 10:19:53 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d0689ce8
[2011/08/25 10:19:53 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d0110f4c
[2011/08/25 10:19:53 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\ce433a60
[2011/08/25 10:19:53 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\cdeaba54
[2011/08/25 10:19:53 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b7c1d2cc
[2011/08/25 10:19:53 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b7719c8c
[2011/08/25 10:19:53 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b71cdba8
[2011/08/25 10:19:53 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b6c7c9e8
[2011/08/25 10:19:53 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b44d22c4
[2011/08/25 10:19:53 | 000,004,638 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b3e55ee4
[2011/08/23 15:42:39 | 000,000,944 | ---- | M] () -- C:\Users\GN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/23 08:45:47 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\bde8ec6e
[2011/08/23 08:45:47 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\bd8ca026
[2011/08/23 08:45:47 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\bcf5c682
[2011/08/23 08:45:47 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\bca94d72
[2011/08/23 08:45:47 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\bc493932
[2011/08/23 08:45:47 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\bafdb1fa
[2011/08/23 08:45:47 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b9b6098e
[2011/08/23 08:45:47 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b95f22d2
[2011/08/23 08:45:46 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\9ebed466
[2011/08/23 08:45:46 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\9e6e5086
[2011/08/23 08:45:46 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\9e019cfe
[2011/08/23 08:45:46 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\9da865c2
[2011/08/23 08:45:46 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\9665be62
[2011/08/23 08:45:46 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\960f17ae
[2011/08/22 20:07:48 | 000,074,752 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/22 20:06:16 | 000,048,128 | ---- | M] () -- C:\Windows\SysWow64\ff_acm.acm
[2011/08/19 09:06:40 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\3bac6681
[2011/08/19 09:06:40 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\3b52c9b1
[2011/08/19 09:05:20 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\5337c4d5
[2011/08/19 09:05:20 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\52e35311
[2011/08/19 09:04:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b89a79c5
[2011/08/19 09:04:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b83c8341
[2011/08/19 09:04:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b7b3ed69
[2011/08/19 09:04:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b763e9bd
[2011/08/19 09:04:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b707ad7d
[2011/08/19 09:04:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b5c8cfad
[2011/08/19 09:04:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b47689c5
[2011/08/19 09:04:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b414041d
[2011/08/19 09:04:32 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\9867721d
[2011/08/19 09:04:32 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\981b8a5d
[2011/08/19 09:04:32 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\97b518b1
[2011/08/19 09:04:32 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\9762bf69
[2011/08/19 09:04:32 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\95e22be5
[2011/08/19 09:04:32 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\958c330d
[2011/08/17 15:56:52 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\3882e82d
[2011/08/17 15:56:52 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\382b6a51
[2011/08/17 15:56:36 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\64c29565
[2011/08/17 15:56:36 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\646bb91d
[2011/08/17 15:56:04 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\e2aa08f1
[2011/08/17 15:56:04 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\e24d8d39
[2011/08/17 15:55:32 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\3242f201
[2011/08/17 15:55:32 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\31e6f6e9
[2011/08/17 15:54:34 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d93aee35
[2011/08/17 15:54:34 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d8cb3b19
[2011/08/17 15:54:34 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d8597479
[2011/08/17 15:54:34 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d8099a31
[2011/08/17 15:54:34 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d7b3be75
[2011/08/17 15:54:34 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d62e8cc1
[2011/08/17 15:54:34 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d4aad861
[2011/08/17 15:54:34 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\d4537fe1
[2011/08/17 15:54:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b84ab645
[2011/08/17 15:54:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b7fbd9a1
[2011/08/17 15:54:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b78c01a1
[2011/08/17 15:54:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\b734b515
[2011/08/17 15:54:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\ade794c5
[2011/08/17 15:54:33 | 000,004,634 | ---- | M] () -- C:\Users\GN\AppData\Roaming\ad8c5b8d
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/15 16:02:13 | 000,000,155 | ---- | C] () -- C:\Windows\SysWow64\~.inf
[2011/09/15 15:38:51 | 000,023,673 | ---- | C] () -- C:\Users\GN\Desktop\WinPatrol-after ComboFix IE Start Page Changed from Google to MSFT.jpg
[2011/09/15 15:00:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/15 15:00:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/15 15:00:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/15 15:00:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/15 15:00:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/15 09:56:44 | 000,000,512 | ---- | C] () -- C:\Users\GN\Desktop\MBR.dat
[2011/09/14 18:25:44 | 000,000,245 | ---- | C] () -- C:\Users\GN\Desktop\Virus and Malware Removal - TechSpot OpenBoards.url
[2011/09/14 13:21:21 | 4293,320,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/13 15:54:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5020f4ff
[2011/09/13 15:54:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4fc7312f
[2011/09/13 15:54:20 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3bce13b
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d074e5a7
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d014f33f
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cfa08f63
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cf557697
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cf00ec5b
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cdcc2cf3
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cc7ebc4f
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cc29007f
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b1e83497
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b198d087
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b13161af
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b0dbb51b
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a4b74f3f
[2011/09/13 15:53:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a45fed53
[2011/09/09 11:20:39 | 000,999,676 | ---- | C] () -- C:\Users\GN\Documents\bookmark (09-09-11).htm
[2011/09/03 06:39:56 | 000,019,181 | ---- | C] () -- C:\Users\GN\Desktop\Comm on TROJAN_Cum.rtf
[2011/09/01 21:27:06 | 000,787,407 | ---- | C] () -- C:\Users\GN\AppData\Local\census.cache
[2011/09/01 21:26:18 | 000,189,239 | ---- | C] () -- C:\Users\GN\AppData\Local\ars.cache
[2011/09/01 21:16:05 | 000,000,036 | ---- | C] () -- C:\Users\GN\AppData\Local\housecall.guid.cache
[2011/09/01 16:12:45 | 000,982,184 | ---- | C] () -- C:\Users\GN\Documents\bookmark (09-01-11).htm
[2011/08/31 18:48:24 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7ede00af
[2011/08/31 18:48:24 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7e7a94f7
[2011/08/31 18:47:24 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bef21263
[2011/08/31 18:47:24 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\be9c3bff
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\92719fbf
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\920b6c23
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\91656027
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\91189983
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\90c53f8b
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8f823147
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8e28a9b7
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8dd361eb
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\746d0ccf
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\74178b4f
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\73b0469b
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7355e68f
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6d23d60b
[2011/08/31 18:46:22 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6cc9337b
[2011/08/29 18:24:48 | 000,002,002 | ---- | C] () -- C:\Users\GN\Application Data\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk
[2011/08/26 09:00:09 | 000,012,809 | ---- | C] () -- C:\Users\GN\Desktop\TDl CUM.rtf
[2011/08/25 10:19:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d65e7d6c
[2011/08/25 10:19:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d5fee804
[2011/08/25 10:19:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d57134e8
[2011/08/25 10:19:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d50ce4c4
[2011/08/25 10:19:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d4aecb3c
[2011/08/25 10:19:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d0689ce8
[2011/08/25 10:19:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d0110f4c
[2011/08/25 10:19:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ce433a60
[2011/08/25 10:19:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cdeaba54
[2011/08/25 10:19:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b7c1d2cc
[2011/08/25 10:19:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b7719c8c
[2011/08/25 10:19:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b71cdba8
[2011/08/25 10:19:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b6c7c9e8
[2011/08/25 10:19:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b44d22c4
[2011/08/25 10:19:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b3e55ee4
[2011/08/23 20:10:15 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/23 20:10:15 | 000,048,128 | ---- | C] () -- C:\Windows\SysWow64\ff_acm.acm
[2011/08/23 08:45:47 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bde8ec6e
[2011/08/23 08:45:47 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bd8ca026
[2011/08/23 08:45:47 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bcf5c682
[2011/08/23 08:45:47 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bca94d72
[2011/08/23 08:45:47 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bc493932
[2011/08/23 08:45:47 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bafdb1fa
[2011/08/23 08:45:47 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b9b6098e
[2011/08/23 08:45:47 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b95f22d2
[2011/08/23 08:45:46 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9ebed466
[2011/08/23 08:45:46 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9e6e5086
[2011/08/23 08:45:46 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9e019cfe
[2011/08/23 08:45:46 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9da865c2
[2011/08/23 08:45:46 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9665be62
[2011/08/23 08:45:46 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\960f17ae
[2011/08/19 09:06:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3bac6681
[2011/08/19 09:06:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3b52c9b1
[2011/08/19 09:05:20 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5337c4d5
[2011/08/19 09:05:20 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\52e35311
[2011/08/19 09:04:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b89a79c5
[2011/08/19 09:04:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b83c8341
[2011/08/19 09:04:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b7b3ed69
[2011/08/19 09:04:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b763e9bd
[2011/08/19 09:04:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b707ad7d
[2011/08/19 09:04:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b5c8cfad
[2011/08/19 09:04:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b47689c5
[2011/08/19 09:04:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b414041d
[2011/08/19 09:04:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9867721d
[2011/08/19 09:04:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\981b8a5d
[2011/08/19 09:04:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\97b518b1
[2011/08/19 09:04:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9762bf69
[2011/08/19 09:04:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\95e22be5
[2011/08/19 09:04:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\958c330d
[2011/08/17 15:56:52 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3882e82d
[2011/08/17 15:56:52 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\382b6a51
[2011/08/17 15:56:36 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\64c29565
[2011/08/17 15:56:36 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\646bb91d
[2011/08/17 15:56:04 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e2aa08f1
[2011/08/17 15:56:04 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e24d8d39
[2011/08/17 15:55:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3242f201
[2011/08/17 15:55:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\31e6f6e9
[2011/08/17 15:54:34 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d93aee35
[2011/08/17 15:54:34 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d8cb3b19
[2011/08/17 15:54:34 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d8597479
[2011/08/17 15:54:34 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d8099a31
[2011/08/17 15:54:34 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d7b3be75
[2011/08/17 15:54:34 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d62e8cc1
[2011/08/17 15:54:34 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d4aad861
[2011/08/17 15:54:34 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d4537fe1
[2011/08/17 15:54:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b84ab645
[2011/08/17 15:54:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b7fbd9a1
[2011/08/17 15:54:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b78c01a1
[2011/08/17 15:54:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b734b515
[2011/08/17 15:54:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ade794c5
[2011/08/17 15:54:33 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ad8c5b8d
[2011/08/11 18:19:02 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6eae0071
[2011/08/11 18:19:02 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6e46780d
[2011/08/11 18:18:29 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cf18ce49
[2011/08/11 18:18:29 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cec2cf35
[2011/08/11 18:17:57 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c8935b19
[2011/08/11 18:17:57 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c83a9da5
[2011/08/11 18:17:57 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c7c8f871
[2011/08/11 18:17:57 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c77fd6b5
[2011/08/11 18:17:57 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c72cffa9
[2011/08/11 18:17:57 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c5cab5d5
[2011/08/11 18:17:57 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c44de8bd
[2011/08/11 18:17:57 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c3eeaf41
[2011/08/11 18:17:56 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a9c803c1
[2011/08/11 18:17:56 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a97c0c11
[2011/08/11 18:17:56 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a90fe265
[2011/08/11 18:17:56 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a8baac8d
[2011/08/11 18:17:56 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a2d42465
[2011/08/11 18:17:56 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a2758f4d
[2011/08/07 15:09:24 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\70b3d5dd
[2011/08/07 15:09:24 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7059d9b5
[2011/08/07 15:09:03 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\17e9d1f9
[2011/08/07 15:09:03 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1741655d
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f66639dd
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f60b85e9
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f581d1cd
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f536cfc9
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f4e2a4f1
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f3c1e425
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f36c87b9
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f1540dc9
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f0feaaf1
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ec880701
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ec3c95fd
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ebef634d
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\eba3557d
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\eb4e4699
[2011/08/07 15:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\eaeefa09
[2011/08/07 15:01:10 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9d712731
[2011/08/07 15:01:10 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9cbe8079
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f59ce905
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f5449101
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f4a444e5
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f45795c9
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f402fb6d
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f2fe205d
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ee33ed59
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ec953929
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ec3a2d69
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e7c6e54d
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e77bce55
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e72c3925
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e6de6511
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e685aae5
[2011/08/07 15:00:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e61ada99
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fc66ef95
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fc0e0d25
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fb7e8525
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fb297455
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fac4fc4d
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f9d52f95
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f9789625
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f7b63bdd
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f7614121
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f30b6f7d
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f2c0ae59
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f272ca49
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f222f7a5
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f1cbfd15
[2011/08/07 14:59:56 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f1713481
[2011/08/07 14:59:39 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a1368551
[2011/08/07 14:59:39 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a0dcb4f1
[2011/08/07 14:59:32 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a8549001
[2011/08/07 14:59:32 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a7a90439
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7f450135
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7ed92a75
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7e32c46d
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7dd69079
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7d737891
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7b8195c5
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7b20b6b1
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\78a13275
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\783d4dc1
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\64709635
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\64183939
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\63bc8a11
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\636177c1
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\62f74ce1
[2011/08/07 14:59:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6283a035
[2011/08/02 10:44:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9f49e025
[2011/08/02 10:44:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9ecbb661
[2011/08/02 10:43:55 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2953a0e1
[2011/08/02 10:43:55 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\28a1e585
[2011/08/02 10:42:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\645337d5
[2011/08/02 10:42:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\63ea57b5
[2011/08/02 10:42:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6345021d
[2011/08/02 10:42:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\62e0c351
[2011/08/02 10:42:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6286d9c5
[2011/08/02 10:42:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5e7593d5
[2011/08/02 10:42:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5e0fd779
[2011/08/02 10:42:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5b9ff1a1
[2011/08/02 10:42:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5b3f3ba9
[2011/08/02 10:42:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\40a34091
[2011/08/02 10:42:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\405ce3d1
[2011/08/02 10:42:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\40021969
[2011/08/02 10:42:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3fbaaf39
[2011/08/02 10:42:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3f534211
[2011/08/02 10:42:53 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3efdb659
[2011/08/01 19:28:03 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e5e2eb09
[2011/08/01 19:28:03 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e541035d
[2011/08/01 19:27:43 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b677eea1
[2011/08/01 19:27:43 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b5dba9b9
[2011/08/01 19:27:37 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4f5e61c1
[2011/08/01 19:27:37 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4f08c7d5
[2011/08/01 19:27:29 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\926031e9
[2011/08/01 19:27:29 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\91ff6e1d
[2011/08/01 19:27:29 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\915f5885
[2011/08/01 19:27:29 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\91126979
[2011/08/01 19:27:29 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\90bdf329
[2011/08/01 19:27:29 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8e80a295
[2011/08/01 19:27:29 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8e2a40e1
[2011/08/01 19:27:29 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\895b3fe9
[2011/08/01 19:27:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\70e31fcd
[2011/08/01 19:27:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7090b065
[2011/08/01 19:27:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6e4cdeb9
[2011/08/01 19:27:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6df1ae69
[2011/08/01 19:27:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6682a44d
[2011/08/01 19:26:57 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\82ee0ead
[2011/08/01 19:26:57 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\82818645
[2011/08/01 19:26:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\df4c7655
[2011/08/01 19:26:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\de8c3d9d
[2011/08/01 19:25:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8ee0cfa9
[2011/08/01 19:25:54 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8e891eb5
[2011/08/01 19:25:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c4d67d25
[2011/08/01 19:25:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c42790e5
[2011/08/01 19:24:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\24956289
[2011/08/01 19:24:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\243b9d75
[2011/08/01 19:23:30 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9f9bbd1
[2011/08/01 19:23:30 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\956bc7d

gonwk, Sep 15, 2011

#10
gonwk Newcomer, in training Posts: 25

[2011/08/01 19:22:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\23aa330d
[2011/08/01 19:22:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\231fb41d
[2011/08/01 19:22:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2266c079
[2011/08/01 19:22:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\21fd42c1
[2011/08/01 19:22:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\21871ce5
[2011/08/01 19:22:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1e7bbdc5
[2011/08/01 19:22:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1e22be09
[2011/08/01 19:22:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1c4e5671
[2011/08/01 19:22:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1beac43d
[2011/08/01 19:22:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4ed35b9
[2011/08/01 19:22:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3c315dd
[2011/07/30 13:37:47 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a361cb1b
[2011/07/30 13:37:47 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a30c2613
[2011/07/30 13:37:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3abd4c17
[2011/07/30 13:37:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3a0d69bf
[2011/07/30 13:36:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2d8cc58f
[2011/07/30 13:36:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2d252747
[2011/07/30 13:36:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2c8084cb
[2011/07/30 13:36:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2c264b23
[2011/07/30 13:36:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2bb11f13
[2011/07/30 13:36:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fffb0593
[2011/07/30 13:36:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ff9ea697
[2011/07/30 13:36:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\236af9ff
[2011/07/30 13:36:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\22f2771f
[2011/07/30 13:36:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\22ba99b
[2011/07/30 13:36:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\20913f7b
[2011/07/30 13:36:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\20285a93
[2011/07/30 13:36:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1d893ef
[2011/07/30 13:36:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\180a87b
[2011/07/30 13:36:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\11a91bf
[2011/07/27 15:01:11 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\847f8fd9
[2011/07/27 15:01:11 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\841ded11
[2011/07/27 15:00:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1c0cac71
[2011/07/27 15:00:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1b49c3c9
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\47e8aa9
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3dabd99
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\32403e9
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2ca0aa9
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\211ca23d
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\20b7c171
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\20058bf9
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1fb65375
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1f5d768d
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1c7aad69
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1c212881
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1a2cf745
[2011/07/27 14:58:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\19d52e45
[2011/07/25 16:29:52 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b24068da
[2011/07/25 16:29:52 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b1e9371e
[2011/07/25 16:29:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\61792026
[2011/07/25 16:29:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\60bee0c6
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9a522e86
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\99e1472a
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\994b5be2
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\98fa3ad6
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\98a2148e
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9541a64e
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\94ed7b3a
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\92b5da12
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\925de00a
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7dcd5fde
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7d7d0682
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7d2c70f6
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7cdb5122
[2011/07/25 16:28:50 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7c721f66
[2011/07/25 16:28:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7a5d6f36
[2011/07/25 16:09:36 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8db1e502
[2011/07/25 16:09:36 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8d0d5582
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8d6441b6
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8cf9ef2e
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8c54b8e6
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8bf2d87a
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8b8e382e
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\831476d2
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\82b005ba
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\80b68ffe
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\80595836
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7b6d0b32
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7b19294a
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7abae23e
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7a57e166
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\79f8d08e
[2011/07/25 16:08:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\799b0122
[2011/07/25 16:08:19 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ec9a4286
[2011/07/25 16:08:19 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ec32a53a
[2011/07/25 16:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fb2081da
[2011/07/25 16:08:01 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fa749186
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e17bab4a
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e0fee9c2
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e05ea5f2
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\dff525fa
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\df8c0b5a
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d96371b6
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d8f85fee
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d690e45e
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d624f17e
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bf33c9a2
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\becc9a42
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\be6d731a
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\be0c5cf2
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bd95f2ee
[2011/07/25 16:06:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bd24a21a
[2011/07/22 10:12:59 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\aa7bb079
[2011/07/22 10:12:59 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\aa20744d
[2011/07/22 10:12:52 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7ab1a951
[2011/07/22 10:12:52 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7a08e771
[2011/07/22 10:11:30 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6411892d
[2011/07/22 10:11:30 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\63b97cf5
[2011/07/22 10:11:24 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\208dc8b9
[2011/07/22 10:11:24 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1faf69fd
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bcd0b819
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bc75f35d
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bbe343f1
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bb891c49
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bb29bdb9
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ba1acadd
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b9bcccb5
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b7ec5235
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b7889fb5
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b2e56651
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b294923d
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b241d571
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b1e762b1
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b18ebf59
[2011/07/22 10:10:08 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b1301d8d
[2011/07/22 09:33:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6e664531
[2011/07/22 09:33:00 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6e0f9721
[2011/07/22 09:32:39 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\dd7f7dd5
[2011/07/22 09:32:39 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\dcd1d829
[2011/07/22 09:31:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4a7f55ad
[2011/07/22 09:31:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\49fd2e51
[2011/07/22 09:31:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\49222149
[2011/07/22 09:31:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4892bd55
[2011/07/22 09:31:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\47d49509
[2011/07/22 09:31:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\464667d5
[2011/07/22 09:31:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\45e28435
[2011/07/22 09:31:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\43bcbd5d
[2011/07/22 09:31:39 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\43453a6d
[2011/07/22 09:31:39 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2cbb5cfd
[2011/07/22 09:31:39 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2c6b4949
[2011/07/22 09:31:39 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2c106495
[2011/07/22 09:31:39 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2bbf0a7d
[2011/07/22 09:31:39 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2b664b59
[2011/07/22 09:31:39 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2b02c7c5
[2011/07/22 09:29:15 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c9d43951
[2011/07/22 09:29:15 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c97bc755
[2011/07/22 09:29:11 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ce2b8d69
[2011/07/22 09:29:11 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cd7ef3f5
[2011/07/22 09:28:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d316b05
[2011/07/22 09:28:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cc27051
[2011/07/22 09:28:14 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\eba0551
[2011/07/22 09:28:14 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\dfb2989
[2011/07/22 09:26:58 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\dabc5ab1
[2011/07/22 09:26:58 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\da59566d
[2011/07/22 09:26:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1c5f2199
[2011/07/22 09:26:42 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1bac2159
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fecdd401
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fe6a11f1
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\54cc64d
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4fe184d
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4a94bd5
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\298e11bd
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2911f6b5
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2842a74d
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\27df2305
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\276175a9
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2600f9e1
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\258038b1
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\232daf11
[2011/07/22 09:25:33 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\22c25f99
[2011/07/21 18:06:47 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c7a938cb
[2011/07/21 18:06:47 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c74bf623
[2011/07/21 18:06:27 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3b1f0943
[2011/07/21 18:06:27 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3a780627
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e8d5b633
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e85b4b5b
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e79a4faf
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e742f6cf
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e6df94e3
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e24aba93
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e1ea1ca7
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\dff3ea17
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\df90e9f3
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c7f4b257
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c7a8917f
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c754440f
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c6f8f763
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c683ace7
[2011/07/21 18:05:48 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c62bef0f
[2011/07/20 10:06:59 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9dd817f9
[2011/07/20 10:06:59 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9d7d8b89
[2011/07/20 10:06:35 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\cf55b7bd
[2011/07/20 10:06:35 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ce9e06d5
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\74358819
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\73b336c9
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7325c4c9
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\72d7795d
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7280acf9
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7166aee5
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\711016f5
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6e694711
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6e14c635
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\69efb9c5
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\69a568e5
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\69556281
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6908bbb1
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\68b249b9
[2011/07/20 10:05:29 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\685783e9
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\92dabac9
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\920378f5
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9153c529
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9102b8d5
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\90a9a479
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\901628a1
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8fc0da21
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\88bebddd
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\866d1219
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\86220841
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\85bda551
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\856d69ad
[2011/07/20 08:32:06 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\83ef63c9
[2011/07/20 06:19:05 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d8fc3961
[2011/07/20 06:18:27 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\37193b05
[2011/07/20 06:18:27 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\36b9a021
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\78124f2d
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\77ae7d45
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\77009a6d
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\76afc9a1
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\76571f1d
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\730987b1
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\72ab576d
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6af8ddad
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\54960469
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\54478c39
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\53decd61
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5389ca7d
[2011/07/20 06:18:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\51d663e1
[2011/07/20 06:15:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c7cd48c9
[2011/07/20 06:15:37 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c773ccf9
[2011/07/20 06:15:23 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\deab6ba5
[2011/07/20 06:15:23 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ddf8cf3d
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e3a9ff65
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e34ea85d
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e2c203e9
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e2721f99
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e21a75c5
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e11bf2a5
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e0c05ded
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\df0c48cd
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\dea970bd
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c8dee09d
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c86bd159
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c819bc81
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c7c76459
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c76c70b1
[2011/07/20 06:14:12 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c711a2c5
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c05ed873
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bffb289f
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bf4ec4ef
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bef9de37
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bea56523
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ba414ef3
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b9e486f7
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b815709f
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b7b75f9f
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a2184967
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a1c37c3b
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a152b21f
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a0fbe9b7
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a08f1aab
[2011/07/19 11:32:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a0271c63

gonwk, Sep 15, 2011

#11
gonwk Newcomer, in training Posts: 25

[2011/07/15 17:57:03 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b82b8a5a
[2011/07/15 17:56:02 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\90f88a3a
[2011/07/15 17:56:02 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\90a53d92
[2011/07/15 17:55:56 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ad1afa0a
[2011/07/15 17:55:56 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\acbe49ba
[2011/07/15 17:55:56 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ac1c9832
[2011/07/15 17:55:56 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\abc4fb36
[2011/07/15 17:55:56 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ab702c4e
[2011/07/15 17:55:56 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a7f78b0e
[2011/07/15 17:55:56 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a7a443e2
[2011/07/15 17:55:56 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a28c480a
[2011/07/15 17:55:55 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8b62733e
[2011/07/15 17:55:55 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8b149e2e
[2011/07/15 17:55:55 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8aab511e
[2011/07/15 17:55:55 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8a536982
[2011/07/15 17:55:55 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\81ca8b3a
[2011/07/15 16:54:09 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\92a35936
[2011/07/15 16:54:09 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\924f88be
[2011/07/15 16:53:43 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\73977222
[2011/07/15 16:53:43 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\72e85b52
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\74fdde0a
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\749683f6
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7402e5ce
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\73ad3eaa
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\734b8592
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6ec308de
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6e648f0e
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6c73a81e
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6c13b3fa
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\573318d6
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\56eb0412
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\56a0813a
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\56564aa6
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\55e18d1e
[2011/07/15 16:52:17 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\557f91fa
[2011/07/12 15:17:55 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\329437e0
[2011/07/12 15:17:55 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3237fe7c
[2011/07/12 15:17:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b1811808
[2011/07/12 15:17:38 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b0b82eac
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\78c36e2c
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\784ac0d4
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7797526c
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\773f08c0
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\76dc6a40
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\72893a40
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7228f414
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\701ecfb4
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6fbada5c
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\596c4010
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5904b128
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\58b50740
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\58679bd8
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\57f48b50
[2011/07/12 15:14:28 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\579c26f8
[2011/07/12 14:27:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5758c1a4
[2011/07/12 14:27:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\56f045d4
[2011/07/12 14:26:34 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\29951a28
[2011/07/12 14:26:34 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\28f1e2d0
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\57a565e0
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5740e154
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\56b40044
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\564f7e88
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\55eaa9b0
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\54aaced8
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\535bd204
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\52ffa9f8
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3de63c10
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3d979a70
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3d2fb8a8
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3cd76044
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\33d57e10
[2011/07/12 14:25:40 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\337c82c8
[2011/07/10 19:16:59 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f0caa396
[2011/07/10 19:15:59 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\73f9fd96
[2011/07/10 19:15:58 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7384fe3e
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a0ffe6ea
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a0a65596
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9ff26976
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9fa4a49e
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9f502ea2
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9ec6924a
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9e6797c2
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\97007b32
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\949f8d0e
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\944ec31a
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\93de7422
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\933c550e
[2011/07/10 19:15:50 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\923d59fa
[2011/07/10 19:09:24 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5d1b1b1e
[2011/07/10 19:09:24 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5cb79832
[2011/07/10 19:08:24 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6433fb8e
[2011/07/10 19:08:24 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6355bcd6
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6b162b12
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6aac4466
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\69e7ddce
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\698f4f2e
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6932ae9e
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\683b5a5a
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\67cf7cb6
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6618383e
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\65baaa4e
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\61303576
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\60dc6b52
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6082d686
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\602d2a0a
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5fd09af6
[2011/07/10 19:07:20 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5f70c47e
[2011/07/10 10:19:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4fb26a76
[2011/07/10 10:19:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4f2a254a
[2011/07/10 10:19:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4e977a52
[2011/07/10 10:19:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4e11762e
[2011/07/10 10:19:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4d620cae
[2011/07/10 10:19:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4cd5bd1e
[2011/07/10 10:19:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4c2a392a
[2011/07/10 10:19:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4b9c66e2
[2011/07/10 10:19:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4b100e0a
[2011/07/10 10:19:32 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4a7e1f82
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a5e05862
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a58b9ca6
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a51ae5da
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a4d1eb42
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a47f831e
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a35c837e
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a227d832
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a1d79982
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9d64674a
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9d19619e
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9cb81126
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9c6947c6
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9568eabe
[2011/07/10 10:19:25 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\95149736
[2011/07/09 07:07:54 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1f3beaa
[2011/07/09 07:05:15 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\792b78d2
[2011/07/09 07:05:15 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7780b8c6
[2011/07/09 07:05:04 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a6318c16
[2011/07/09 07:05:04 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a5c27032
[2011/07/09 07:05:04 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a51eb82e
[2011/07/09 07:05:04 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a4cbf946
[2011/07/09 07:05:04 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a472a1ca
[2011/07/09 07:05:04 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a3ea1ada
[2011/07/09 07:05:04 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a38abb42
[2011/07/09 07:05:04 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9e2c537a
[2011/07/09 07:05:03 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9bab7d82
[2011/07/09 07:05:03 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9b51d2a2
[2011/07/09 07:05:03 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\9ae20d3e
[2011/07/09 07:05:03 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\99e8975a
[2011/07/09 07:05:03 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\98749e7a
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\afa0a1c9
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\af4d7d05
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\aedf9015
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ae958df5
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ae4285a5
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ad0b12d5
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\abce1e05
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ab7a83d5
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a732cf75
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a6e7707d
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a67f8195
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a62d46f5
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a496f3f5
[2011/07/08 20:40:27 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a44166ed
[2011/07/08 20:39:23 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b659ca01
[2011/07/08 20:39:23 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b5c711a1
[2011/07/08 20:39:23 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b52f7101
[2011/07/08 20:39:23 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b4a7bcad
[2011/07/08 20:39:23 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b41e5d51
[2011/07/08 20:39:23 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b39223b1
[2011/07/08 20:39:23 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b3094075
[2011/07/08 20:39:23 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b276219d
[2011/07/08 20:39:23 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b1e7d4f1
[2011/07/08 20:39:23 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b14cabb9
[2011/07/08 20:39:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b7d443f1
[2011/07/08 20:39:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b745c631
[2011/07/08 20:39:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b6912269
[2011/07/08 20:39:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b60414c5
[2011/07/08 20:39:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b57c55f1
[2011/07/08 20:39:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b4f25aad
[2011/07/08 20:39:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b465e41d
[2011/07/08 20:39:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b3d189c1
[2011/07/08 20:39:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b346d5c1
[2011/07/08 20:39:06 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b2a21c29
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ffaf5515
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ff38b1ed
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fef14169
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fe9f85e9
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fd540709
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fc1414cd
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fbafbfb1
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f74ff579
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f7031189
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f69205fd
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f641857d
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f4a40d91
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f44b867d
[2011/07/08 20:38:58 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\753d9
[2011/07/08 20:38:10 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\88220e99
[2011/07/08 20:38:10 | 000,004,634 | ---- | C] () -- C:\Users\GN\AppData\Roaming\87cef79d
[2011/07/08 19:55:56 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c3aa5009
[2011/07/08 19:55:24 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6d63afc1
[2011/07/08 19:55:24 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\6cef7921
[2011/07/08 19:53:25 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1ced189
[2011/07/08 19:53:20 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b32f1735
[2011/07/08 19:53:20 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b276ce61
[2011/07/08 19:53:16 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7f6a578d
[2011/07/08 19:53:16 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7ebf8abd
[2011/07/08 19:52:14 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7b89765
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\438d9b6d
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\432f1af5
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\427ce691
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4226a439
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\41cfd33d
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4146ad11
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\40ecce41
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\39bae749
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\375eaedd
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\37071829
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\369e220d
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\36478795
[2011/07/08 19:52:01 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\34b33451
[2011/07/08 19:50:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\56c704cd
[2011/07/08 19:50:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\563cd3d1
[2011/07/08 19:50:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\55a3a029
[2011/07/08 19:50:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\54f7f109
[2011/07/08 19:50:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\546e6585
[2011/07/08 19:50:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\53e37d59
[2011/07/08 19:50:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5352b98d
[2011/07/08 19:50:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\52b7cc9d
[2011/07/08 19:50:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\522ba9f5
[2011/07/08 19:50:28 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5194bebd
[2011/07/08 19:50:26 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fda0069
[2011/07/08 19:50:26 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f931d81
[2011/07/08 19:50:26 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f43e245
[2011/07/08 19:50:26 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ebaccc9
[2011/07/08 19:50:26 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e69011d
[2011/07/08 19:50:26 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\10d8b341
[2011/07/08 19:50:26 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\107cc7a1
[2011/07/08 19:50:25 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3a71425
[2011/07/08 19:50:25 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\35ac0e9
[2011/07/08 19:50:25 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2f93fa5
[2011/07/08 19:50:25 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2a9238d
[2011/07/08 19:49:15 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e09fd335
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\254f6365
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\24f73eb5
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\24520a29
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\2408bcb1
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\23b8132d
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\232f662d
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\22dc0cdd
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1c397a9d
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\19ba6621
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\196ffadd
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1902d591
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\18b218a5
[2011/07/08 19:48:19 | 000,004,640 | ---- | C] () -- C:\Users\GN\AppData\Roaming\179c93dd
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c524f3e1
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c4c68ed5
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c40e8699
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c3b82599
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c35f5505
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c240ac79
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\c1e13349
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bfdacff1
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bf831111
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bb2c0209
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\bada4e81
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ba820cf1
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ba2e50dd
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b9ce108d
[2011/07/08 19:03:18 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b95abb35
[2011/07/08 18:51:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8d71321d
[2011/07/08 18:51:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8ce255d1
[2011/07/08 18:51:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8c41c40d
[2011/07/08 18:51:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8bb670d1
[2011/07/08 18:51:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8b28f42d
[2011/07/08 18:51:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8a914e71
[2011/07/08 18:51:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8a0a3fe9
[2011/07/08 18:51:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8975e0d1
[2011/07/08 18:51:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\88e1e98d
[2011/07/08 18:51:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8844b7ed
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f67971e5
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f6189bf5
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f57a725d
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f53186dd
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f4ddf001
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f3bd924d
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\f36bd1e1
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ec9242a5
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ec37fcb5
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e80a2015
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e7c0decd
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e7757ef1
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e72a1309
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e6c9c9c5
[2011/07/08 18:51:06 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e673ae6d
[2011/07/08 18:50:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a56a89e1
[2011/07/08 18:50:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\a4ca3081
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b9b704f1
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b961e695
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b8cd4c6d
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b8806c91
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b829b629
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b7244195
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b6d2a751
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b5215a21
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b4c6a9b1
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b09f574d
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b0567ebd
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\b00a8f35
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\afbe2099
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\af5e2b01
[2011/07/08 18:50:02 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\af07d2d1
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1ca328d9
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1c38aab9
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1b9bef75
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1b4818cd
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1af1f81d
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\19f6a665
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\19a414dd
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\17857951
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\17309515
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\12a8d315
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\125f8639
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1212b8d5
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\11c7e8a5

gonwk, Sep 15, 2011

#12
gonwk Newcomer, in training Posts: 25

[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\115c3369
[2011/07/08 18:42:51 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\11025109
[2011/07/08 18:35:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\8513c659
[2011/07/08 18:35:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\84761d85
[2011/07/08 18:35:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\83dc8485
[2011/07/08 18:35:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\834aa1cd
[2011/07/08 18:35:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\82b9ed0d
[2011/07/08 18:35:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\822b7a81
[2011/07/08 18:35:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\81a2348d
[2011/07/08 18:35:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\810db09d
[2011/07/08 18:35:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\80726131
[2011/07/08 18:35:49 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\7fde7959
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fd337649
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fce482ad
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fc92b389
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fc43f0f5
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fbed82b1
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\fb917d31
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\66838a9
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\60d177d
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\4cb36ad
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\3c785e1
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\1b0dbe9
[2011/07/08 18:35:40 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\143a5c9
[2011/07/08 18:35:22 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e3f0d009
[2011/07/08 18:35:22 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\e39add25
[2011/07/08 18:35:05 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d61e7085
[2011/07/08 18:35:05 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\d55a6855
[2011/07/08 18:34:47 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\af9be525
[2011/07/08 18:34:47 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\aeed09f5
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5e321da9
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5dd38ec1
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5d19f37d
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5ccc960d
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5c6c036d
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5b12a60d
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5ac19fc5
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\58a31eb5
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\584e0df1
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\536a8c6d
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\5312ec1d
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\52aa5151
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\525c29c1
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\51fe3b41
[2011/07/08 18:33:13 | 000,004,638 | ---- | C] () -- C:\Users\GN\AppData\Roaming\51a450ad
[2011/06/23 13:26:13 | 000,000,128 | ---- | C] () -- C:\Users\GN\AppData\Local\H264LevelEditor.ini
[2011/06/05 12:08:42 | 000,004,096 | -H-- | C] () -- C:\Users\GN\AppData\Local\keyfile3.drm
[2011/03/19 11:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/19 11:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/05 17:31:13 | 000,001,220 | ---- | C] () -- C:\Users\GN\AppData\Roaming\DVDSubEdit.ini
[2010/11/12 08:51:09 | 000,002,298 | ---- | C] () -- C:\Users\GN\AppData\Roaming\ASSDraw3.cfg
[2010/09/09 17:53:54 | 001,176,576 | ---- | C] () -- C:\Windows\is-Q9QSE.exe
[2010/08/07 16:01:23 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/03/15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/03/08 20:11:08 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2010/03/07 17:50:01 | 000,001,044 | ---- | C] () -- C:\Users\GN\AppData\Roaming\vso_ts_preview.xml
[2010/03/07 17:46:50 | 000,007,859 | ---- | C] () -- C:\Users\GN\AppData\Roaming\pcouffin.cat
[2010/03/07 17:46:50 | 000,001,167 | ---- | C] () -- C:\Users\GN\AppData\Roaming\pcouffin.inf
[2010/02/23 09:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/16 18:52:53 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/01/30 18:14:16 | 000,000,120 | ---- | C] () -- C:\Users\GN\AppData\Roaming\FixVTS.ini
[2010/01/27 19:01:03 | 000,001,460 | ---- | C] () -- C:\Users\GN\AppData\Local\d3d9caps64.dat
[2009/12/10 09:04:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/10 09:03:44 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/10 09:03:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/29 23:11:29 | 000,030,720 | ---- | C] () -- C:\Windows\SysWow64\drivers\rootrepeal.sys
[2009/10/25 19:44:51 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/10/14 14:11:13 | 000,000,447 | ---- | C] () -- C:\Users\GN\AppData\Roaming\VisualTimerPrefs.plist
[2009/10/14 09:23:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/12 07:41:34 | 000,000,680 | ---- | C] () -- C:\Users\GN\AppData\Local\d3d9caps.dat
[2009/10/11 19:26:26 | 000,248,832 | ---- | C] () -- C:\Users\GN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/11 11:59:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/11/15 11:02:26 | 001,527,650 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2008/05/18 22:08:00 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/04/09 14:10:19 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\HotlineClient.exe
[2008/04/05 10:53:24 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/09/12 20:09:34 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll
[2004/01/29 21:44:56 | 001,627,136 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll
[2004/01/23 19:35:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2002/06/11 00:08:00 | 000,023,180 | ---- | C] () -- C:\Windows\SysWow64\evgainit.sys
[2002/05/13 02:16:19 | 000,356,352 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

========== LOP Check ==========

[2011/08/23 14:51:31 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Aegisub
[2011/09/08 18:50:26 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Audacity
[2009/10/11 15:56:26 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Auslogics
[2010/11/02 16:37:09 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\AVI ReComp
[2009/10/28 16:21:23 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\avidemux
[2011/07/08 19:48:11 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Boilsoft
[2010/10/18 17:16:43 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\DAEMON Tools Lite
[2011/05/14 06:34:59 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\ElementalsTheMagicKey
[2011/08/06 11:39:24 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\f-secure
[2011/04/25 16:38:48 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Foxreal
[2011/08/23 14:43:22 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\GetRightToGo
[2009/10/11 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\GrabPro
[2011/06/23 17:56:37 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\HandBrake
[2010/08/06 16:56:09 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\ImgBurn
[2011/07/23 22:24:47 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\IObit
[2010/10/28 17:55:34 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\mkvtoolnix
[2010/06/05 19:29:09 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Mp3tag
[2011/09/13 14:48:13 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Orbit
[2010/10/04 15:03:18 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\PC Suite
[2010/10/07 22:25:04 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\PgcEdit
[2010/08/30 09:30:37 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\ProgSense
[2011/06/05 11:02:49 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\QFX Software
[2010/10/05 07:33:50 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Samsung
[2011/08/01 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Solveig Multimedia
[2011/05/02 09:08:14 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\tagsuite
[2011/09/11 07:59:57 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\TheGreatPharaoh
[2011/09/13 09:06:09 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\uTorrent
[2010/03/08 09:16:53 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Vso
[2010/01/02 08:45:25 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\WildTangent
[2011/08/01 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Winff
[2010/06/04 07:48:17 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\WinPatrol
[2010/01/11 18:46:33 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\Xilisoft Corporation
[2011/07/15 13:32:55 | 000,000,000 | ---D | M] -- C:\Users\GN\AppData\Roaming\XMedia Recode
[2010/06/01 08:44:28 | 000,000,000 | ---D | M] -- C:\Users\GN-1\AppData\Roaming\WinPatrol
[2011/09/15 15:29:26 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/04/09 14:57:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/09/15 15:20:39 | 000,021,324 | ---- | M] () -- C:\ComboFix.txt
[2011/09/15 15:31:27 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/15 15:31:26 | 311,955,455 | -HS- | M] () -- C:\pagefile.sys
[2009/10/11 11:53:41 | 000,000,002 | RHS- | M] () -- C:\USER

< %systemroot%\Fonts\*.com >
[2006/11/02 08:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/10 15:52:15 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 20:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/08/23 15:42:39 | 000,000,459 | -HS- | M] () -- C:\Users\GN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/09/15 09:16:37 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\GN\Desktop\aswMBR.exe
[2011/09/15 10:14:09 | 004,210,959 | R--- | M] (Swearware) -- C:\Users\GN\Desktop\ComboFix.exe
[2011/09/15 17:26:07 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\GN\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2011/06/05 11:17:45 | 000,000,638 | ---- | M] () -- C:\Windows\AppPatch\Custom\{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/10/11 13:07:33 | 000,000,402 | -HS- | M] () -- C:\Users\GN\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/07 16:01:23 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4BF2F6B5
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

gonwk, Sep 15, 2011

#13
gonwk Newcomer, in training Posts: 25

Hi Broni,

And this is the 2nd OTL log ... Thanks! G!

OTL Extras logfile created on: 9/15/2011 5:57:06 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\GN\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.16% Memory free
8.19 Gb Paging File | 6.36 Gb Available in Paging File | 77.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.07 Gb Total Space | 131.82 Gb Free Space | 60.73% Space Free | Partition Type: NTFS
Drive D: | 15.81 Gb Total Space | 8.01 Gb Free Space | 50.69% Space Free | Partition Type: NTFS

Computer Name: GN-PC | User Name: GN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2879506033-3086987856-1944290939-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\System32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 09 7F 2F 45 ED 79 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4141FF9F-2309-4B9C-B571-FDF277E12FC0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CCADF21F-59A5-4AE0-8C57-EF334554C7A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E29E347-9EC7-4698-AAE6-677E6F54CF8A}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
"{3DA575DB-70AF-43B9-BF69-CDA7F4AEB85B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4DEF234C-E442-41C4-A16D-3F262936886A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{55223DEC-D151-4159-8490-DB068090EB34}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{91C235CD-CF17-4A5A-A72A-30B50A89FF19}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{99CB792D-1313-468C-AF6E-A7657F4E71F0}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{A01DFC8C-7674-488E-B3F5-8BFD6EDAFF3F}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{A1A1F946-536D-4288-98E6-ECE58C27DBAB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe |
"{E1679687-55CD-435D-A1DF-0DB33CE17624}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"TCP Query User{1F2A9CCE-D630-4269-9F67-505A1579B57B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{6D31129D-B50B-4C9C-8D8B-39CD1E0177FB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{7C3195B1-6484-4D7D-9D36-6287D57BF3D1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{8094DC5C-D84A-4613-BDB4-F31190B929BA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{C338FBA2-8354-4012-895A-436A132AA08C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{FF8B8E0B-1214-4716-998F-84D2F832B632}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{43797C3C-8DDF-4679-9B09-26D9C83DA4A6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{915856EA-D5AC-4482-AB96-FB0F10913C3F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{B310936D-CA18-4CD2-9A62-64067A2D9241}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{CA309628-F3CB-469A-A97F-78567EFD3B06}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{DF9642F8-E7B3-42F4-B930-8888FE1B657A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F7A2B089-7F95-4F56-9040-BE9DE7FAFA50}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{422691F3-3CFA-6607-06D6-CA579E6B35AD}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{A6265E62-D56F-E3D9-8C7C-BC2E0A6FA1B1}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"HitmanPro35" = Hitman Pro 3.5
"LameACM" = Lame ACM MP3 Codec
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D8A43D-4FE6-7AF1-FE10-05B87B07831E}" = CCC Help English
"{043641A4-F4D1-02B6-FFAA-136789EA576A}" = Skins
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17DB2BEE-2FD6-456F-5E5D-C38DB1ABC8B5}" = ccc-core-static
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1EE1BE7E-1F9A-4150-B95D-74415BCCF4D8}_is1" = Foxreal YouTube FLV Downloader version: 1.0.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1" = Boilsoft Video Splitter 6.32
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.8
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{471D55BB-00D1-F4C9-DDC5-BD8B848E204C}" = Catalyst Control Center InstallProxy
"{4822DF0D-087B-435C-843D-ADAB239CCA13}_is1" = Boilsoft Video Converter 3.01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8CBD3538-4A61-7040-A989-D5CAEEABB12C}" = Catalyst Control Center Localization All
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90CD53EC-488B-4B1A-8C6B-3C36E82A84CA}" = EMET
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DB192F7-BABD-9205-4F47-69BFC5CE12AB}" = Catalyst Control Center Graphics Previews Vista
"{9F153AD3-3523-4542-818E-AE2F92249667}" = SAMSUNG USB Driver for Mobile Phones
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 2.5
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{D02A3DBC-6A86-2FB3-699F-6F95BD7A811E}" = Catalyst Control Center Graphics Full New
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF0D3C2E-11B5-7937-7929-06EC35FF760D}" = Catalyst Control Center Core Implementation
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E81BE8F9-E988-4531-08C5-4D03FE2F774F}" = Catalyst Control Center Graphics Full Existing
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FD14A51B-2206-D07A-A610-8EBCA8D611A3}" = Catalyst Control Center Graphics Light
"{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.55
"4 Elements_is1" = 4 Elements
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"AnyDVD" = AnyDVD
"AVI ReComp" = AVI ReComp 1.5.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.28
"CamStudio" = CamStudio
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Identifier_is1" = DVD Identifier
"DVD Shrink_is1" = DVD Shrink 3.2
"Elementals - The Magic Key_is1" = Elementals - The Magic Key
"FairUse Wizard 2" = FairUse Wizard 2
"ffdshow_is1" = ffdshow v1.1.3974 [2011-08-22]
"FormatFactory" = FormatFactory 2.70
"Freemake Video Converter_is1" = Freemake Video Converter version 2.3.4
"Freemake Video Downloader_is1" = Freemake Video Downloader
"HandBrake" = HandBrake 0.9.5
"ImgBurn" = ImgBurn
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"mmswitch" = Morgan Stream Switcher
"Money2007b" = Microsoft Money Essentials
"Mp3tag" = Mp3tag v2.43
"Orbit_is1" = Orbit Downloader
"rebox.NET 1.6.0.0" = rebox.NET 1.6.0.0
"Revo Uninstaller" = Revo Uninstaller 1.92
"SafeHouseExplorer" = SafeHouse Explorer 3.01
"Secunia PSI" = Secunia PSI
"Smart Defrag 2_is1" = Smart Defrag 2
"SolveigMM Video Splitter 2.3.1105.25" = SolveigMM Video Splitter
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SubtitleCreator" = SubtitleCreator
"SubtitleWorkshop" = Subtitle Workshop 2.51
"uTorrent" = µTorrent
"Vidomi" = Vidomi (remove only)
"VLC media player" = VLC media player 1.1.10
"VobSub" = VobSub 2.23
"WildTangent gateway Master Uninstall" = Gateway Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinFF_is1" = WinFF 1.3.1
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Xvid_is1" = Xvid 1.2.2
"XviD4PSP5" = XviD4PSP 5.0
"XviD4PSP5_is1" = XviD4PSP 5.10.234.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

gonwk, Sep 15, 2011

#14
Broni Malware Annihilator Posts: 39,324 +175

You didn't say:

How is computer doing?

Broni, Sep 15, 2011

#15
Broni Malware Annihilator Posts: 39,324 +175
Due to post length limitation here I had to post instructions on my forum: http://www.smartestcomputing.us.com/topic/48002-otl-fix/page__pid__173136#entry173136

Then....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, Sep 15, 2011

#16
gonwk Newcomer, in training Posts: 25

Broni said: ↑

You didn't say:

Hi Broni,

My fault ... must have not seen it ...

Broni, the laptop runs fine ... what made me suspect that something might be Fishy ... it was the fact when I ran GMER it found the "MSDMine?STacS" which i had never seen before in my past GMER's runs ...

But I am sure glad I posted here ... evidently I had some nasties which Avira Full Scan and SAS and even MBAM full scans in both regular and Safe Mode did not see it.

Before I go ahead with your Final inbstructions ... Could you Please tell me how do I Turn On my Active X ... because in the past I have tried to run many of the Online Virus Scanners and when they ask me to Allow the Active X ... and I click OK ... it says my computer it does Not allow it ... and I am the Admin myself. I have even tried disabling my Comodo Firewall ... thinking is too picky and that did not work.

So, please tell me how to get my Acive X accpeted otherwise I will not be able to run the ESET Online Scanner,

Thanks,

G!

gonwk, Sep 15, 2011

#17
Broni Malware Annihilator Posts: 39,324 +175

You still need to complete all other steps before you get to Eset.

I don't use IE much but you should be getting a message at the top of IE window if ActiveX need to be installed.
If any problem with that, install Firefox: http://www.mozilla.org/en-US/firefox/new/ and run Eset from there.
Firefox doesn't uses ActiveX.

Broni, Sep 15, 2011

#18
gonwk Newcomer, in training Posts: 25

Hi Broni,

Thanks for the Extra help you are giving me ... and I like your site ... will visit after I finish up here.

I assume I don't need to check "All Users" this time running OTL!?!

Thanks,

G!

gonwk, Sep 15, 2011

#19
Broni Malware Annihilator Posts: 39,324 +175

Just follow instructions posted on my site.

Broni, Sep 15, 2011

#20

Page 1 of 2

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.