OTL

OTL logfile created on: 05/12/2013 20:47:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marion\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.87 Gb Available Physical Memory | 64.62% Memory free
11.99 Gb Paging File | 9.48 Gb Available in Paging File | 79.07% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142F:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 481.35 Gb Free Space | 80.75% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 9.14 Gb Free Space | 3.07% Space Free | Partition Type: NTFS

Computer Name: MARION-PC | User Name: Marion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/12/05 20:44:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL (1).scr
PRC - [2013/11/14 11:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/09 02:51:36 | 029,770,248 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/11/06 01:55:46 | 000,845,168 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/11/06 01:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/10/14 23:03:48 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/06 03:27:28 | 000,129,424 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
PRC - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/19 21:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/11/14 11:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 11:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 11:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 11:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 11:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/11/09 02:50:34 | 003,558,400 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 23:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2013/11/12 08:51:33 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2013/09/06 16:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:[b]64bit:[/b] - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2013/02/19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:[b]64bit:[/b] - [2013/02/19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:[b]64bit:[/b] - [2013/02/19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:[b]64bit:[/b] - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:[b]64bit:[/b] - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:[b]64bit:[/b] - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:[b]64bit:[/b] - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:[b]64bit:[/b] - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:[b]64bit:[/b] - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:[b]64bit:[/b] - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:[b]64bit:[/b] - [2011/10/26 02:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/11/13 10:42:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/06 03:27:28 | 000,129,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe -- (NCO)
SRV - [2013/10/02 16:05:08 | 000,121,616 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/19 21:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013/11/13 08:35:22 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:[b]64bit:[/b] - [2013/10/02 07:50:58 | 000,067,808 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:[b]64bit:[/b] - [2013/09/27 19:23:26 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccSetx64.sys -- (ccSet_NST)
DRV:[b]64bit:[/b] - [2013/09/11 23:26:40 | 000,036,096 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:[b]64bit:[/b] - [2013/08/21 04:31:40 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2013/08/21 04:31:40 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2013/08/13 00:54:29 | 001,907,440 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:[b]64bit:[/b] - [2013/04/27 07:56:54 | 000,021,600 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdkmafd.sys -- (amdkmafd)
DRV:[b]64bit:[/b] - [2013/04/12 08:20:15 | 000,015,344 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:[b]64bit:[/b] - [2013/04/06 11:23:03 | 000,302,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:[b]64bit:[/b] - [2013/04/06 11:02:53 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2013/02/19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:[b]64bit:[/b] - [2013/02/19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:[b]64bit:[/b] - [2013/02/19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:[b]64bit:[/b] - [2013/02/19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:[b]64bit:[/b] - [2013/02/19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:[b]64bit:[/b] - [2013/02/19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:[b]64bit:[/b] - [2013/02/19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:[b]64bit:[/b] - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/12/10 14:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:[b]64bit:[/b] - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/08/04 14:19:22 | 000,018,832 | ---- | M] (PenMount) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pmkbdfltr.sys -- (pmkbdfltr)
DRV:[b]64bit:[/b] - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:[b]64bit:[/b] - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/10/26 03:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2011/10/26 03:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2011/10/26 01:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2011/06/06 22:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/05/06 09:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:[b]64bit:[/b] - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:[b]64bit:[/b] - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/07/19 12:04:00 | 000,014,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\dell\drivers\R267410\atillk64.sys -- (atillk64)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 7E 92 81 C3 73 CB 01  [binary data]
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\SearchScopes\{452B4F5D-18DD-42C7-809A-34754EB5172C}: "URL" = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110937,16938,0,8,0
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\SearchScopes\{A753159B-7604-4426-AF07-A8153F3B1107}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=GB&ver=2014&locale=en_GB&gct=kwd&qsrc=2869
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.virginmedia.com/
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.virginmedia.com/
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 7E 92 81 C3 73 CB 01  [binary data]
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\SearchScopes\{087a7792-10bb-455d-bd55-427d589addf5}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YN^xdm085^YY^gb&si=google_figsdfitness&ptb=22759277-C892-4A15-B599-019125E73BF2&ind=2013051011&n=77fcb883&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\SearchScopes\{10B4E706-0FB5-43BE-88B2-C3CC5CCFECC8}: "URL" = http://search.surfcanyon.com/search?f=sb&q={searchTerms}
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\SearchScopes\{452B4F5D-18DD-42C7-809A-34754EB5172C}: "URL" = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110937,16938,0,8,0
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\SearchScopes\{A753159B-7604-4426-AF07-A8153F3B1107}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\SearchScopes\{B16D4423-A93F-4EF2-BE8E-4E6CFEC23362}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=3C52A9ED-8439-407D-804D-435BE12E48F3&apn_sauid=F11A3E81-7B62-483D-8B95-DCB3C87540C5&
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/10/04 21:40:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ [2013/12/05 17:10:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/11/21 08:32:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/08/14 18:53:52 | 000,000,000 | ---D | M]

[2012/09/20 20:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.virginmedia.com/
CHR - Extension: Google Docs = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\
CHR - Extension: Norton Identity Protection = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.0.27_0\
CHR - Extension: Gmail = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Value error. File not found
O2:[b]64bit:[/b] - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131121002211.dll (McAfee, Inc.)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O2:[b]64bit:[/b] - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131121002212.dll (McAfee, Inc.)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3:[b]64bit:[/b] - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:[b]64bit:[/b] - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:[b]64bit:[/b] - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005..\Run: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe File not found
O4 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005..\Run: [Driver Whiz] C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false File not found
O4 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005..\Run: [iTunes Sync] "C:\Users\Marion\AppData\Local\Apps\2.0\H0T3JGL3.JGK\BMB4RVJK.XV3\itun..tion_e05fb8e279c30af8_0001.0000_76d6a1fc3fa61adf\iTunesSync.exe" File not found
O4 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005..\Run: [PowerSuite] "C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" delay 20000  -m File not found
O4 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\..Trusted Domains: pheonixviewer.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\..Trusted Domains: pheonixviewer.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553570000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{243E26F8-19B7-40F0-B85D-57EF616299DD}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/11/03 01:37:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1548efea-ee06-11e2-92cc-00219b1c2f23}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe - (Mozy, Inc.)
MsConfig:64bit - StartUpReg: [b]Akamai NetSession Interface[/b] - hkey= - key= - C:\Users\Marion\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
MsConfig:64bit - StartUpReg: [b]AppleSyncNotifier[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: [b]APSDaemon[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: [b]ATICustomerCare[/b] - hkey= - key= - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: [b]EverioService[/b] - hkey= - key= - C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: [b]KiesAirMessage[/b] - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
MsConfig:64bit - StartUpReg: [b]KiesPreload[/b] - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
MsConfig:64bit - StartUpReg: [b]KiesTrayAgent[/b] - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: [b]mcui_exe[/b] - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig:64bit - StartUpReg: [b]Rim.DesktopHelper.exe[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]RIMBBLaunchAgent.exe[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:[b]64bit:[/b] AppMgmt - Service
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] hitmanpro37 - Reg Error: Value error.
SafeBootMin:[b]64bit:[/b] hitmanpro37.sys - Reg Error: Value error.
SafeBootMin:[b]64bit:[/b] mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:[b]64bit:[/b] MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: hitmanpro37 - Reg Error: Value error.
SafeBootMin: hitmanpro37.sys - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - Service
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] hitmanpro37 - Reg Error: Value error.
SafeBootNet:[b]64bit:[/b] hitmanpro37.sys - Reg Error: Value error.
SafeBootNet:[b]64bit:[/b] McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:[b]64bit:[/b] mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:[b]64bit:[/b] MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet:[b]64bit:[/b] mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:[b]64bit:[/b] mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:[b]64bit:[/b] mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:[b]64bit:[/b] mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:[b]64bit:[/b] mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro37 - Reg Error: Value error.
SafeBootNet: hitmanpro37.sys - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2013/12/05 20:44:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL (1).scr
[2013/12/05 17:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/11/29 12:42:33 | 000,286,720 | ---- | C] (SteelWerX) -- C:\Windows\swreg.exe
[2013/11/29 12:20:10 | 000,286,720 | ---- | C] (SteelWerX) -- C:\Users\Marion\Desktop\swreg.exe
[2013/11/29 11:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/29 08:14:53 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozyHome
[2013/11/29 08:14:49 | 000,067,808 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys
[2013/11/29 06:57:43 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\Revo Uninstaller
[2013/11/29 06:50:01 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Research In Motion
[2013/11/29 06:41:05 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Mozy Restore Manager
[2013/11/29 06:41:03 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozy
[2013/11/29 06:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozy
[2013/11/28 18:30:44 | 000,387,776 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\PsExec.exe
[2013/11/28 17:38:01 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{E0669A64-556C-40F3-BD00-25C15A9466F1}
[2013/11/27 16:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2013/11/23 09:50:20 | 000,000,000 | R--D | C] -- C:\Users\Marion\Dropbox
[2013/11/23 09:42:23 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/11/23 09:41:34 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Dropbox
[2013/11/23 02:17:48 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Bit_Studio
[2013/11/23 02:15:01 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\SyncTunesDesktop
[2013/11/23 02:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Bit Studio
[2013/11/23 02:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synctunes Desktop
[2013/11/22 16:26:38 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Downloaded Installations
[2013/11/22 16:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013/11/22 16:26:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2013/11/22 16:24:28 | 000,204,568 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013/11/22 16:24:28 | 000,103,576 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013/11/22 16:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2013/11/22 16:21:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/11/22 16:21:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/11/22 16:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/11/21 14:19:59 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{20884471-0E7E-4940-A053-1F0B12FF9589}
[2013/11/21 13:52:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/21 11:56:58 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\OneNote Notebooks
[2013/11/20 22:38:53 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{DB584E07-379E-41CB-9996-243B7BE00B07}
[2013/11/20 19:37:59 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/20 19:02:04 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\VS Revo Group
[2013/11/20 19:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/11/20 19:02:00 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/11/20 19:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/11/20 19:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/11/20 18:49:35 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/11/20 15:35:11 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\CrashDumps
[2013/11/17 16:41:44 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\KeePass
[2013/11/17 16:31:33 | 000,162,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccSetx64.sys
[2013/11/17 16:31:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64
[2013/11/17 16:31:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B
[2013/11/17 16:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2013/11/17 16:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe
[2013/11/17 16:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/11/17 16:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/11/17 16:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/11/17 16:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe
[2013/11/17 14:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/17 14:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/17 14:39:28 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/11/17 14:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/17 14:39:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/11/17 14:39:21 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/11/17 14:39:21 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/17 14:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/17 14:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/11/17 12:17:55 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/11/15 16:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/11/15 16:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/15 15:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/11/14 14:09:44 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Malwarebytes
[2013/11/14 14:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/14 14:07:45 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Programs
[2013/11/14 00:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diego`s Dinosaur Adventure
[2013/11/14 00:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diego`s Dinosaur Adventure
[2013/11/13 08:50:26 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/13 08:49:37 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/13 08:49:36 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/13 08:49:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/13 08:49:36 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 08:49:35 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 08:48:57 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/13 08:48:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/13 08:48:56 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/13 08:48:56 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/13 08:48:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/13 08:48:39 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/13 08:48:34 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/13 08:48:33 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/13 08:48:33 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/13 08:48:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/12 08:54:02 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/12 08:51:53 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 08:51:53 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 08:51:38 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 08:51:38 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 08:51:38 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 08:51:38 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 08:51:38 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 08:51:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 08:51:38 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 08:51:38 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 08:51:37 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 08:51:37 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 08:51:37 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 08:51:37 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 08:51:37 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 08:51:37 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 08:51:37 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 08:51:37 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 08:51:37 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 08:51:37 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 08:51:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 08:51:37 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 08:51:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 08:51:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 08:51:37 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 08:51:37 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 08:51:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 08:51:36 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 08:51:36 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 08:51:36 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 08:51:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 08:51:36 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 08:51:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 08:51:36 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 08:51:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 08:51:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 08:51:35 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 08:51:35 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 08:51:35 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 08:51:35 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 08:51:34 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 08:51:34 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 08:51:34 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 08:51:34 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 08:51:34 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 08:51:34 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 08:51:34 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 08:51:34 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 08:51:34 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 08:51:34 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 08:51:34 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 08:51:34 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 08:51:34 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 08:51:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 08:51:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 08:51:34 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 08:51:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 08:51:34 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 08:51:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 08:51:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 08:51:33 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 08:51:33 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 08:51:33 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12 08:51:33 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 08:51:33 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 08:51:33 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 08:51:33 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 08:51:33 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 08:51:33 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 08:51:33 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/12 08:51:33 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 08:51:33 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 08:51:33 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/12 08:51:33 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 08:51:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/12 08:51:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/12 08:51:33 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 08:51:33 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/12 08:51:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/12 08:51:32 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/12 00:24:43 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Deployment
[2013/11/11 12:08:32 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Picsoft
[2013/11/11 11:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle Deluxe
[2013/11/11 11:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Peggle Deluxe
[2013/11/11 11:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/11 11:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/11 11:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/11 11:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/10 09:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2013/11/10 09:44:17 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2013/11/10 09:44:12 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Innovative Solutions
[2013/11/10 09:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2013/11/10 09:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2013/11/10 09:44:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2013/11/10 09:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2013/11/03 01:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/11/02 12:06:12 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\NativeMessaging
[2013/11/01 23:43:39 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight
[2013/11/01 23:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight
[2013/11/01 23:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drawn - Dark Flight
[2013/10/27 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Pengu Wars
[2013/10/27 19:46:36 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Melesta
[2013/10/27 19:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpongeBob SquarePants Obstacle Odyssey
[2013/10/27 19:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpongeBob SquarePants Obstacle Odyssey
[2013/10/27 19:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nick Jr. Bingo
[2013/10/27 19:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nick Jr. Bingo
[2013/10/27 19:11:17 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013/10/27 19:11:17 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013/10/27 19:11:16 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013/10/27 19:11:16 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013/10/27 19:11:13 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013/10/27 19:11:13 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2013/10/27 19:11:10 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013/10/27 19:11:06 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2013/10/27 19:11:06 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013/10/27 19:11:04 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013/10/27 19:11:04 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013/10/27 19:11:02 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2013/10/27 19:11:02 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013/10/27 19:10:56 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2013/10/27 19:09:20 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Manor - A Hidden Object Mystery
[2013/10/27 19:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Manor - A Hidden Object Mystery
[2013/10/27 19:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery
[2013/10/27 19:09:10 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Nimbus Games
[2013/10/27 19:08:27 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Putt-Putt Saves the Zoo
[2013/10/27 19:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Putt-Putt Saves the Zoo
[2013/10/27 19:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Putt-Putt Saves the Zoo
[2013/10/24 19:10:26 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\The Witch and The Warrior
[2013/10/24 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Skyborn
[2013/10/23 11:38:46 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\viking_saga_bfg_en
[2013/10/23 11:36:03 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viking Saga
[2013/10/23 11:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viking Saga
[2013/10/23 11:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viking Saga
[2013/10/22 13:52:28 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\kidoz
[2013/10/22 08:59:34 | 000,387,776 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Marion\Desktop\PsExec.exe
[2013/10/19 10:59:04 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\InstallShield
[2013/10/18 19:15:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/10/18 19:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/10/18 19:14:56 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/10/18 19:14:56 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/10/18 19:14:46 | 002,797,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013/10/18 19:14:45 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013/10/18 19:14:38 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013/10/18 19:14:38 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013/10/18 19:14:35 | 003,693,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013/10/18 19:14:35 | 000,991,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013/10/18 19:14:35 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013/10/18 19:14:34 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013/10/18 19:14:34 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013/10/18 19:14:34 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013/10/18 19:14:33 | 000,613,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2013/10/18 19:14:31 | 001,284,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013/10/18 19:14:30 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/10/18 19:14:30 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/10/18 19:14:19 | 000,135,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013/10/18 19:14:11 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2013/10/18 19:14:10 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2013/10/18 19:14:10 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll
[2013/10/18 19:14:10 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll
[2013/10/18 19:14:09 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2013/10/18 19:13:33 | 002,734,624 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/10/18 19:13:26 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013/10/18 19:13:22 | 000,208,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013/10/18 19:13:22 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013/10/18 19:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/10/18 19:00:31 | 002,079,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013/10/18 18:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP260 series
[2013/10/18 18:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2013/10/18 18:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz
[2013/10/18 18:18:03 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Foresight Software
[2013/10/18 18:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2013/10/18 16:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2013/10/18 16:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2013/10/18 13:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/10/17 00:12:18 | 000,044,544 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2013/10/11 23:29:41 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\FITNESS
[2013/10/11 17:04:46 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/11 17:04:21 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/11 17:04:21 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/11 17:04:20 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/11 17:04:20 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/11 17:04:20 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/11 17:04:19 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/11 17:04:18 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/11 17:04:16 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/11 17:04:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/11 17:04:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/11 17:04:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/11 17:04:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/11 17:04:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/11 17:03:10 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/11 17:02:11 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/11 17:01:59 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/11 17:01:58 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/11 17:01:45 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/11 17:01:45 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/11 17:01:25 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/11 17:01:25 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/11 17:01:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/11 17:01:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/11 17:01:24 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/11 17:01:24 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/11 17:01:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/11 17:01:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/11 17:00:13 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/11 17:00:13 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/11 13:35:32 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\KIDS WORK
[2013/09/29 17:02:44 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\FixCleaner
[2013/09/29 17:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
[2013/09/29 16:38:54 | 000,000,000 | ---D | C] -- C:\teac
[2013/09/26 15:58:06 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\PlayFirst
[2013/09/26 15:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpongeBob SquarePants Diner Dash
[2013/09/26 15:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpongeBob SquarePants Diner Dash
[2013/09/24 22:21:25 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\BBB
[2013/09/17 19:43:00 | 000,274,944 | ---- | C] (SingularLabs) -- C:\Users\Marion\Desktop\JavaRa.exe
[2013/09/13 22:02:14 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\DarkManor
[2013/09/13 17:38:41 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013/09/13 17:38:33 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/09/13 17:34:36 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Puppetshow - Return to Joyville
[2013/09/13 17:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puppetshow - Return to Joyville
[2013/09/13 17:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Puppetshow - Return to Joyville
[2013/09/13 07:42:45 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/13 07:42:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/13 07:42:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/13 07:42:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/13 07:42:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/13 07:42:11 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/13 07:42:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/13 07:42:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/13 07:42:09 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/13 07:42:09 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/13 07:42:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/13 07:42:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/13 07:42:08 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/13 07:42:07 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/13 07:42:07 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/13 07:42:06 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/13 07:42:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/13 07:42:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/13 07:42:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/13 07:42:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/13 07:42:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/13 07:42:04 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/13 07:42:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/13 07:42:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/13 07:42:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/13 07:42:03 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/13 07:42:03 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/13 07:42:03 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/13 07:42:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/13 07:42:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/13 07:42:02 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/13 07:42:02 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/13 07:42:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/13 07:42:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/13 07:42:01 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/13 07:42:01 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/13 07:42:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/13 07:42:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/13 07:42:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/13 07:42:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/13 07:41:59 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/13 07:41:59 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/13 07:41:59 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/13 07:41:58 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/13 07:41:58 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/13 07:41:58 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/13 07:41:58 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/13 07:41:57 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/13 07:41:57 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/13 07:41:57 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/13 07:41:57 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/13 07:41:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/13 07:41:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/13 07:41:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/13 07:41:55 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/13 07:41:55 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/13 07:41:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/13 07:41:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/13 07:41:54 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/13 07:41:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/13 07:41:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/13 07:41:52 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/13 07:41:52 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/13 07:41:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/13 07:41:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/13 07:41:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/11 23:26:40 | 000,036,096 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\amdkmpfd.sys
[2013/09/10 23:34:58 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plants vs Zombies
[2013/09/10 23:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs Zombies
[2013/09/10 23:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plants vs Zombies
[2013/09/10 22:56:58 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jar of Marbles II - Journey to the West
[2013/09/10 22:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jar of Marbles II - Journey to the West
[2013/09/10 22:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jar of Marbles II - Journey to the West
[2013/08/13 09:54:30 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\Marion\AppData\Roaming\dotNetFx40_Full_setup.exe
[2012/09/07 11:47:45 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\Marion\AppData\Local\log4cxx.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Marion\Documents\*.tmp files -> C:\Users\Marion\Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2013/12/05 20:44:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL (1).scr
[2013/12/05 20:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/05 20:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/05 18:03:38 | 000,005,030 | ---- | M] () -- C:\Windows\mozy.blk
[2013/12/05 18:03:37 | 000,005,050 | ---- | M] () -- C:\Windows\mozy.flt
[2013/12/05 17:17:33 | 000,014,832 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/05 17:17:33 | 000,014,832 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/05 17:09:55 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013/12/05 17:09:48 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/03 10:27:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/02 10:42:34 | 000,012,067 | ---- | M] () -- C:\Users\Marion\Documents\Capture.PNG
[2013/12/02 10:34:38 | 000,000,000 | ---- | M] () -- C:\Users\Marion\chkdsk
[2013/12/02 10:22:13 | 000,793,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/02 10:22:13 | 000,669,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/02 10:22:13 | 000,125,738 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/29 12:20:12 | 000,286,720 | ---- | M] (SteelWerX) -- C:\Windows\swreg.exe
[2013/11/29 12:20:12 | 000,286,720 | ---- | M] (SteelWerX) -- C:\Users\Marion\Desktop\swreg.exe
[2013/11/29 11:54:52 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/29 08:14:53 | 000,000,873 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2013/11/28 18:28:59 | 000,387,776 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Marion\Desktop\PsExec.exe
[2013/11/28 18:28:59 | 000,387,776 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\PsExec.exe
[2013/11/28 18:25:24 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
[2013/11/28 18:25:19 | 000,000,179 | ---- | M] () -- C:\Windows\Reimage.ini
[2013/11/28 17:39:45 | 000,052,729 | ---- | M] () -- C:\Users\Marion\Desktop\FindTracks.vbs
[2013/11/27 17:47:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\reimage.rep
[2013/11/27 17:19:23 | 000,009,728 | ---- | M] () -- C:\Windows\SysNative\Native.exe
[2013/11/24 19:34:44 | 704,825,013 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/23 09:50:20 | 000,001,041 | ---- | M] () -- C:\Users\Marion\Desktop\Dropbox.lnk
[2013/11/23 09:48:13 | 000,001,051 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/11/23 02:14:50 | 000,002,627 | ---- | M] () -- C:\Users\Public\Desktop\Synctunes.lnk
[2013/11/22 16:27:42 | 000,002,124 | ---- | M] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk
[2013/11/22 16:24:48 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/11/21 11:56:57 | 000,001,270 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/11/21 00:13:25 | 000,005,120 | ---- | M] () -- C:\Users\Marion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/20 19:29:08 | 000,165,376 | ---- | M] () -- C:\Users\Marion\Desktop\SystemLook_x64.exe
[2013/11/18 23:46:22 | 000,451,928 | ---- | M] () -- C:\Users\Marion\Desktop\JavaRa.def
[2013/11/18 23:46:18 | 000,274,944 | ---- | M] (SingularLabs) -- C:\Users\Marion\Desktop\JavaRa.exe
[2013/11/17 20:22:50 | 000,003,228 | ---- | M] () -- C:\Users\Marion\Documents\Database.kdb
[2013/11/17 16:31:40 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Norton Identity Safe.LNK
[2013/11/17 16:13:56 | 000,001,055 | ---- | M] () -- C:\Users\Marion\Desktop\KeePass.lnk
[2013/11/17 14:39:08 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/17 14:39:05 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/11/17 14:39:05 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/11/17 14:39:05 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/11/17 14:14:29 | 000,000,093 | ---- | M] () -- C:\Windows\SysWow64\Configurations.plist.signed
[2013/11/17 14:11:08 | 000,000,863 | ---- | M] () -- C:\MARION-PC.rtf
[2013/11/17 14:06:29 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/11/17 12:20:36 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MARION-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/11/14 00:21:42 | 000,001,282 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/11/13 10:42:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/13 10:42:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/13 08:35:22 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/11/12 08:51:53 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 08:51:53 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 08:51:38 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 08:51:38 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 08:51:38 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 08:51:38 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 08:51:38 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 08:51:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 08:51:38 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 08:51:38 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 08:51:37 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 08:51:37 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 08:51:37 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 08:51:37 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 08:51:37 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 08:51:37 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 08:51:37 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 08:51:37 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 08:51:37 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 08:51:37 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 08:51:37 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 08:51:37 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 08:51:37 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 08:51:37 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 08:51:37 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 08:51:37 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 08:51:37 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 08:51:37 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 08:51:36 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 08:51:36 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 08:51:36 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 08:51:36 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 08:51:36 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 08:51:36 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 08:51:36 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 08:51:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 08:51:36 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 08:51:35 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 08:51:35 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 08:51:35 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 08:51:35 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 08:51:34 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 08:51:34 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 08:51:34 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 08:51:34 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 08:51:34 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 08:51:34 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 08:51:34 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 08:51:34 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 08:51:34 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 08:51:34 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 08:51:34 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 08:51:34 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 08:51:34 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 08:51:34 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 08:51:34 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 08:51:34 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 08:51:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 08:51:34 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 08:51:34 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 08:51:34 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/12 08:51:34 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 08:51:33 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 08:51:33 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 08:51:33 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12 08:51:33 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 08:51:33 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 08:51:33 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 08:51:33 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 08:51:33 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 08:51:33 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 08:51:33 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/12 08:51:33 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 08:51:33 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 08:51:33 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/12 08:51:33 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 08:51:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/12 08:51:33 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/12 08:51:33 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 08:51:33 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/12 08:51:33 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/12 08:51:32 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/11 17:52:11 | 000,001,411 | ---- | M] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/03 01:37:03 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/11/03 01:34:05 | 000,002,243 | ---- | M] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/18 16:14:03 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2013/10/18 13:22:34 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/10/18 13:22:34 | 000,001,929 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/10/14 18:00:00 | 000,028,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/10/12 02:30:42 | 000,830,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/10/12 02:29:08 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/10/12 02:03:08 | 000,656,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/10/12 02:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/10/11 17:28:58 | 000,310,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/11 08:09:07 | 000,786,910 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/06 03:27:19 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\isolate.ini
[2013/10/05 20:25:35 | 001,474,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/10/04 02:28:31 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/10/04 02:25:17 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/10/04 02:24:49 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/10/04 01:58:50 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/10/04 01:56:00 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/10/03 02:23:48 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/10/02 07:50:58 | 000,067,808 | ---- | M] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys
[2013/09/27 19:30:07 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccSetx64.inf
[2013/09/27 19:23:26 | 000,162,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccSetx64.sys
[2013/09/27 19:23:15 | 000,008,202 | ---- | M] () -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccSetx64.cat
[2013/09/25 02:23:33 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/09/25 02:23:33 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/09/25 02:23:01 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/09/25 02:21:50 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/09/25 02:21:07 | 001,447,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/09/11 23:26:40 | 000,036,096 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\amdkmpfd.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Marion\Documents\*.tmp files -> C:\Users\Marion\Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/12/02 10:58:09 | 000,012,067 | ---- | C] () -- C:\Users\Marion\Documents\Capture.PNG
[2013/12/02 10:34:38 | 000,000,000 | ---- | C] () -- C:\Users\Marion\chkdsk
[2013/11/29 08:14:53 | 000,000,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2013/11/28 18:25:17 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
[2013/11/28 17:39:45 | 000,052,729 | ---- | C] () -- C:\Users\Marion\Desktop\FindTracks.vbs
[2013/11/27 17:47:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\reimage.rep
[2013/11/27 17:19:23 | 000,009,728 | ---- | C] () -- C:\Windows\SysNative\Native.exe
[2013/11/27 16:54:42 | 000,000,179 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/11/23 09:50:20 | 000,001,041 | ---- | C] () -- C:\Users\Marion\Desktop\Dropbox.lnk
[2013/11/23 09:42:51 | 000,001,051 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/11/23 02:14:50 | 000,002,627 | ---- | C] () -- C:\Users\Public\Desktop\Synctunes.lnk
[2013/11/22 16:27:42 | 000,002,124 | ---- | C] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk
[2013/11/22 16:24:48 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/11/21 13:51:59 | 704,825,013 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/11/21 11:56:57 | 000,001,270 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/11/20 19:29:07 | 000,165,376 | ---- | C] () -- C:\Users\Marion\Desktop\SystemLook_x64.exe
[2013/11/17 17:10:33 | 000,003,228 | ---- | C] () -- C:\Users\Marion\Documents\Database.kdb
[2013/11/17 16:31:40 | 000,002,487 | ---- | C] () -- C:\Users\Public\Desktop\Norton Identity Safe.LNK
[2013/11/17 16:31:28 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccSetx64.inf
[2013/11/17 16:31:25 | 000,008,202 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccSetx64.cat
[2013/11/17 16:31:25 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\isolate.ini
[2013/11/17 16:13:56 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk
[2013/11/17 16:13:56 | 000,001,055 | ---- | C] () -- C:\Users\Marion\Desktop\KeePass.lnk
[2013/11/17 14:14:27 | 000,000,093 | ---- | C] () -- C:\Windows\SysWow64\Configurations.plist.signed
[2013/11/17 14:06:35 | 000,000,863 | ---- | C] () -- C:\MARION-PC.rtf
[2013/11/17 14:06:29 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/11/17 12:20:36 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MARION-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/11/12 08:51:37 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 08:51:34 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/11 17:52:11 | 000,001,417 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/11 17:52:11 | 000,001,411 | ---- | C] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/11 12:08:21 | 000,001,282 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/11/11 11:45:13 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/10 09:44:12 | 000,002,283 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
[2013/11/10 09:44:07 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl
[2013/11/03 01:37:03 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/10/18 19:14:30 | 000,449,481 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013/10/02 07:51:14 | 000,005,050 | ---- | C] () -- C:\Windows\mozy.flt
[2013/10/02 07:51:14 | 000,005,030 | ---- | C] () -- C:\Windows\mozy.blk
[2013/09/12 20:29:06 | 000,451,928 | ---- | C] () -- C:\Users\Marion\Desktop\JavaRa.def
[2013/04/18 18:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 18:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 18:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 18:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 18:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/04/06 19:58:16 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/03/20 02:50:28 | 000,000,036 | ---- | C] () -- C:\Windows\Tiny_Run.ini
[2012/11/09 00:27:01 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/09/07 11:47:49 | 000,196,608 | ---- | C] () -- C:\Users\Marion\AppData\Local\common_functions.dll
[2011/08/25 17:18:10 | 000,000,129 | ---- | C] () -- C:\Users\Marion\jagex_runescape_preferences2.dat
[2011/08/25 17:18:10 | 000,000,129 | ---- | C] () -- C:\Users\Marion\jagex_runescape_preferences2 (2).dat
[2011/08/25 17:18:10 | 000,000,129 | ---- | C] () -- C:\Users\Marion\jagex_runescape_preferences2 (1).dat
[2011/08/25 17:17:33 | 000,000,035 | ---- | C] () -- C:\Users\Marion\jagex_runescape_preferences.dat
[2011/08/25 17:17:33 | 000,000,035 | ---- | C] () -- C:\Users\Marion\jagex_runescape_preferences (2).dat
[2011/08/25 17:17:33 | 000,000,035 | ---- | C] () -- C:\Users\Marion\jagex_runescape_preferences (1).dat
[2011/04/09 14:21:18 | 000,005,120 | ---- | C] () -- C:\Users\Marion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/14 08:55:32 | 000,000,094 | ---- | C] () -- C:\Users\Marion\AppData\Local\fusioncache.dat
[2010/04/16 09:09:00 | 000,007,623 | ---- | C] () -- C:\Users\Marion\AppData\Local\Resmon.ResmonCfg
[2010/04/12 08:38:46 | 000,061,224 | ---- | C] () -- C:\Users\Marion\GoToAssistDownloadHelper.exe
[2010/04/12 08:38:46 | 000,061,224 | ---- | C] () -- C:\Users\Marion\GoToAssistDownloadHelper (2).exe
[2010/04/12 08:38:46 | 000,061,224 | ---- | C] () -- C:\Users\Marion\GoToAssistDownloadHelper (1).exe
[2010/04/12 07:40:20 | 007,864,320 | ---- | C] () -- C:\Users\Marion\ntuser (2).dat
[2010/04/12 07:40:20 | 007,864,320 | ---- | C] () -- C:\Users\Marion\ntuser (1).dat
[2010/04/12 07:40:20 | 000,000,020 | ---- | C] () -- C:\Users\Marion\ntuser (2).ini
[2010/04/12 07:40:20 | 000,000,020 | ---- | C] () -- C:\Users\Marion\ntuser (1).ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2013/09/29 11:52:56 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2010/07/17 02:19:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/07/17 02:19:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2013/11/02 01:33:39 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\AlawarEntertainment
[2012/08/19 12:38:10 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\aliasworlds
[2010/06/03 10:27:43 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Amazon
[2013/11/10 09:56:30 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Ancient Quest of Saqqarah__bfg
[2012/08/31 13:41:45 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Anuman
[2010/12/22 23:11:16 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Awem
[2013/09/24 22:21:25 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\BBB
[2013/06/28 09:02:43 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Be a King 2
[2013/11/01 19:27:10 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Big Fish Games
[2012/08/24 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Boolat Games
[2013/06/28 09:03:15 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Boomzap
[2010/04/17 15:36:29 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Braintonik
[2013/12/02 20:49:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Clip Art Collection
[2013/09/13 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DarkManor
[2013/06/28 09:11:38 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Deadly Sin
[2011/09/09 16:26:22 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DriverFinder
[2013/12/05 17:10:44 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Dropbox
[2012/08/09 09:37:18 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\EdAlive
[2013/02/04 15:51:31 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Elephant Games
[2013/09/29 08:25:30 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\ERS Game Studios
[2013/06/28 09:17:08 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Faerie Solitaire
[2013/10/13 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\FixCleaner
[2013/11/10 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Foresight Software
[2013/06/28 09:17:09 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\ForrestGump
[2012/11/09 00:32:12 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\funkitron
[2010/04/28 17:59:55 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\G-HeadGames
[2012/04/05 10:51:14 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\GAMESHASTRA
[2013/11/10 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\GirlsDateChat
[2010/04/18 07:09:26 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\GOA
[2013/09/06 00:31:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Inertia Game Studios
[2012/08/23 11:48:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\InWorldz
[2013/11/17 16:41:44 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\KeePass
[2013/10/22 13:52:28 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\kidoz
[2012/08/31 15:15:41 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\LegacyGames
[2013/03/20 00:57:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Liam games
[2013/10/27 19:46:36 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Melesta
[2013/10/27 19:09:10 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Nimbus Games
[2012/10/03 12:25:45 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Oberon Media
[2013/01/14 14:54:31 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\OpenClipArtLibraryPackages
[2010/05/17 22:11:18 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Orneon
[2013/08/13 10:00:37 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\PCDr
[2013/11/10 09:57:08 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Pengu Wars
[2013/11/11 12:08:32 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Picsoft
[2013/09/26 15:58:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\PlayFirst
[2013/02/04 13:35:56 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Publisher
[2010/05/24 15:32:17 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\QB9
[2013/11/29 06:54:40 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Research In Motion
[2013/11/22 16:21:13 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Samsung
[2012/05/16 18:51:11 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\SecondLife
[2013/10/24 18:44:56 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Skyborn
[2013/06/28 10:02:03 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Super-Cow
[2013/11/25 02:54:40 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\SyncTunesDesktop
[2010/04/13 14:42:02 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\System Tweaker
[2013/10/24 19:22:42 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\The Witch and The Warrior
[2010/06/12 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Trusteer
[2013/06/28 10:03:23 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Turbine
[2013/11/13 09:30:12 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Uniblue
[2013/11/10 09:57:21 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\vcards
[2013/10/23 12:06:34 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\viking_saga_bfg_en
[2013/06/28 10:07:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Virtual City
[2012/04/21 19:15:05 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\WendigoStudios
[2013/10/03 16:44:59 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\when_in_rome_bfg
[2013/07/14 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Windows Live Writer
[2010/07/17 02:19:16 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Trusteer

[color=#E56717]========== Purity Check ==========[/color]


[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2013/04/30 11:13:04 | 000,021,494 | ---- | M] () -- C:\0x0409.ini
[2013/04/30 11:13:05 | 000,003,584 | ---- | M] () -- C:\1033.MST
[2013/11/03 01:37:03 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/11/17 15:27:04 | 000,001,566 | ---- | M] () -- C:\DelFix.txt
[2013/04/30 11:35:12 | 000,000,058 | ---- | M] () -- C:\DUMPA.WAV
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2013/12/05 17:09:48 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2013/11/17 14:11:08 | 000,000,863 | ---- | M] () -- C:\MARION-PC.rtf
[2013/12/05 17:09:54 | 2145,386,495 | -HS- | M] () -- C:\pagefile.sys
[2013/11/28 18:28:59 | 000,387,776 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\PsExec.exe
[2013/09/29 19:24:44 | 000,001,790 | ---- | M] () -- C:\RHDSetup.log
[2013/04/30 11:13:16 | 069,073,836 | ---- | M] () -- C:\Samsung Kies.msi
[2012/09/20 20:42:43 | 000,001,806 | ---- | M] () -- C:\user.js
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2010/04/12 07:40:27 | 000,000,000 | ---D | M] -- C:\$Recycle.Bin
[2011/08/25 17:17:33 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32
[2013/04/11 20:16:44 | 000,000,000 | ---D | M] -- C:\00000000d34f
[2013/11/10 10:06:22 | 000,000,000 | ---D | M] -- C:\AI_RecycleBin
[2010/08/11 14:08:28 | 000,000,000 | ---D | M] -- C:\ATI
[2013/11/14 15:57:03 | 000,000,000 | ---D | M] -- C:\BigFishCache
[2013/11/10 09:54:03 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2013/11/29 11:54:55 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2010/08/11 14:26:13 | 000,000,000 | ---D | M] -- C:\dell
[2009/07/14 05:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2012/01/29 16:42:45 | 000,000,000 | ---D | M] -- C:\found.000
[2013/11/25 19:24:28 | 000,000,000 | ---D | M] -- C:\FRST
[2010/08/11 14:21:13 | 000,000,000 | ---D | M] -- C:\Intel
[2013/02/01 10:35:58 | 000,000,000 | ---D | M] -- C:\KA
[2013/04/12 10:44:33 | 000,000,000 | ---D | M] -- C:\Kids Videos
[2013/11/19 00:23:09 | 000,000,000 | ---D | M] -- C:\MATS
[2013/03/12 18:54:38 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/01/30 09:06:47 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2013/11/10 11:25:16 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/11/27 18:38:31 | 000,000,000 | ---D | M] -- C:\Program Files
[2013/11/29 06:41:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013/11/29 11:54:44 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010/04/12 07:40:09 | 000,000,000 | ---D | M] -- C:\Recovery
[2013/11/17 12:17:55 | 000,000,000 | ---D | M] -- C:\RegBackup
[2013/12/05 18:13:05 | 000,000,000 | ---D | M] -- C:\System Volume Information
[2013/11/10 09:54:15 | 000,000,000 | ---D | M] -- C:\teac
[2013/08/14 18:55:11 | 000,000,000 | ---D | M] -- C:\Users
[2013/12/05 18:03:38 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %USERPROFILE%\*.* >[/color]
[2013/12/02 10:34:38 | 000,000,000 | ---- | M] () -- C:\Users\Marion\chkdsk
[2010/04/12 08:38:47 | 000,061,224 | ---- | M] () -- C:\Users\Marion\GoToAssistDownloadHelper (1).exe
[2010/04/12 08:38:47 | 000,061,224 | ---- | M] () -- C:\Users\Marion\GoToAssistDownloadHelper (2).exe
[2010/04/12 08:38:47 | 000,061,224 | ---- | M] () -- C:\Users\Marion\GoToAssistDownloadHelper.exe
[2011/08/25 17:18:29 | 000,000,035 | ---- | M] () -- C:\Users\Marion\jagex_runescape_preferences (1).dat
[2011/08/25 17:18:29 | 000,000,035 | ---- | M] () -- C:\Users\Marion\jagex_runescape_preferences (2).dat
[2011/08/25 17:18:29 | 000,000,035 | ---- | M] () -- C:\Users\Marion\jagex_runescape_preferences.dat
[2011/08/25 17:19:11 | 000,000,129 | ---- | M] () -- C:\Users\Marion\jagex_runescape_preferences2 (1).dat
[2011/08/25 17:19:11 | 000,000,129 | ---- | M] () -- C:\Users\Marion\jagex_runescape_preferences2 (2).dat
[2011/08/25 17:19:11 | 000,000,129 | ---- | M] () -- C:\Users\Marion\jagex_runescape_preferences2.dat
[2013/05/29 22:27:12 | 007,864,320 | ---- | M] () -- C:\Users\Marion\ntuser (1).dat
[2010/04/12 07:40:20 | 000,000,020 | ---- | M] () -- C:\Users\Marion\ntuser (1).ini
[2013/05/29 22:27:12 | 007,864,320 | ---- | M] () -- C:\Users\Marion\ntuser (2).dat
[2010/04/12 07:40:20 | 000,000,020 | ---- | M] () -- C:\Users\Marion\ntuser (2).ini
[2013/12/05 20:48:53 | 008,912,896 | ---- | M] () -- C:\Users\Marion\ntuser.dat
[2013/05/29 22:27:12 | 000,262,144 | ---- | M] () -- C:\Users\Marion\ntuser.dat (1).LOG1
[2010/04/12 07:40:20 | 000,000,000 | ---- | M] () -- C:\Users\Marion\ntuser.dat (1).LOG2
[2013/05/29 22:27:12 | 000,262,144 | ---- | M] () -- C:\Users\Marion\ntuser.dat (2).LOG1
[2010/04/12 07:40:20 | 000,000,000 | ---- | M] () -- C:\Users\Marion\ntuser.dat (2).LOG2
[2013/12/05 20:48:53 | 000,262,144 | ---- | M] () -- C:\Users\Marion\ntuser.dat.LOG1
[2010/04/12 07:40:20 | 000,000,000 | ---- | M] () -- C:\Users\Marion\ntuser.dat.LOG2
[2010/04/12 21:55:15 | 000,065,536 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM (1).blf
[2010/04/12 21:55:15 | 000,065,536 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM (2).blf
[2010/04/12 21:55:15 | 000,065,536 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/04/12 21:55:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001 (1).regtrans-ms
[2010/04/12 21:55:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001 (2).regtrans-ms
[2010/04/12 21:55:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/04/12 21:55:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002 (1).regtrans-ms
[2010/04/12 21:55:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002 (2).regtrans-ms
[2010/04/12 21:55:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/04/09 22:27:21 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{03a38bfc-7772-11e1-bb39-00219b1c2f23}.TM (1).blf
[2012/04/09 22:27:21 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{03a38bfc-7772-11e1-bb39-00219b1c2f23}.TM (2).blf
[2012/04/09 22:27:21 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{03a38bfc-7772-11e1-bb39-00219b1c2f23}.TM.blf
[2012/04/09 22:27:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{03a38bfc-7772-11e1-bb39-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/04/09 22:27:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{03a38bfc-7772-11e1-bb39-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/04/09 22:27:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{03a38bfc-7772-11e1-bb39-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/04/09 22:27:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{03a38bfc-7772-11e1-bb39-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/04/09 22:27:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{03a38bfc-7772-11e1-bb39-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/04/09 22:27:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{03a38bfc-7772-11e1-bb39-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2010/04/15 12:28:26 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{042e7f84-486c-11df-80ae-00219b1c2f23}.TM (1).blf
[2010/04/15 12:28:26 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{042e7f84-486c-11df-80ae-00219b1c2f23}.TM (2).blf
[2010/04/15 12:28:26 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{042e7f84-486c-11df-80ae-00219b1c2f23}.TM.blf
[2010/04/15 12:28:26 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{042e7f84-486c-11df-80ae-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2010/04/15 12:28:26 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{042e7f84-486c-11df-80ae-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2010/04/15 12:28:26 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{042e7f84-486c-11df-80ae-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2010/04/15 12:28:26 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{042e7f84-486c-11df-80ae-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2010/04/15 12:28:26 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{042e7f84-486c-11df-80ae-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2010/04/15 12:28:26 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{042e7f84-486c-11df-80ae-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/11/10 00:26:38 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{05661d81-2a84-11e2-8932-00219b1c2f23}.TM (1).blf
[2012/11/10 00:26:38 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{05661d81-2a84-11e2-8932-00219b1c2f23}.TM (2).blf
[2012/11/10 00:26:38 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{05661d81-2a84-11e2-8932-00219b1c2f23}.TM.blf
[2012/11/10 00:26:38 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{05661d81-2a84-11e2-8932-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/11/10 00:26:38 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{05661d81-2a84-11e2-8932-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/11/10 00:26:38 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{05661d81-2a84-11e2-8932-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/11/10 00:26:38 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{05661d81-2a84-11e2-8932-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/11/10 00:26:38 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{05661d81-2a84-11e2-8932-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/11/10 00:26:38 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{05661d81-2a84-11e2-8932-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/03/10 23:45:13 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{0e3f3bde-8953-11e2-930f-00219b1c2f23}.TM (1).blf
[2013/03/10 23:45:13 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{0e3f3bde-8953-11e2-930f-00219b1c2f23}.TM (2).blf
[2013/03/10 23:45:13 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{0e3f3bde-8953-11e2-930f-00219b1c2f23}.TM.blf
[2013/03/10 23:45:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{0e3f3bde-8953-11e2-930f-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/03/10 23:45:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{0e3f3bde-8953-11e2-930f-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/03/10 23:45:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{0e3f3bde-8953-11e2-930f-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/03/10 23:45:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{0e3f3bde-8953-11e2-930f-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/03/10 23:45:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{0e3f3bde-8953-11e2-930f-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/03/10 23:45:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{0e3f3bde-8953-11e2-930f-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/01/13 13:47:48 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{168709f4-313d-11e1-b840-00219b1c2f23}.TM (1).blf
[2012/01/13 13:47:48 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{168709f4-313d-11e1-b840-00219b1c2f23}.TM (2).blf
[2012/01/13 13:47:48 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{168709f4-313d-11e1-b840-00219b1c2f23}.TM.blf
[2012/01/13 13:47:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{168709f4-313d-11e1-b840-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/01/13 13:47:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{168709f4-313d-11e1-b840-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/01/13 13:47:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{168709f4-313d-11e1-b840-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/01/13 13:47:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{168709f4-313d-11e1-b840-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/01/13 13:47:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{168709f4-313d-11e1-b840-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/01/13 13:47:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{168709f4-313d-11e1-b840-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/05/20 21:06:12 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{18f1efc4-c15d-11e2-847a-00219b1c2f23}.TM (1).blf
[2013/05/20 21:06:12 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{18f1efc4-c15d-11e2-847a-00219b1c2f23}.TM (2).blf
[2013/05/20 21:06:12 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{18f1efc4-c15d-11e2-847a-00219b1c2f23}.TM.blf
[2013/05/20 21:06:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{18f1efc4-c15d-11e2-847a-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/05/20 21:06:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{18f1efc4-c15d-11e2-847a-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/05/20 21:06:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{18f1efc4-c15d-11e2-847a-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/05/20 21:06:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{18f1efc4-c15d-11e2-847a-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/05/20 21:06:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{18f1efc4-c15d-11e2-847a-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/05/20 21:06:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{18f1efc4-c15d-11e2-847a-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/05/18 22:04:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1b750d8e-bfd4-11e2-99c5-00219b1c2f23}.TM (1).blf
[2013/05/18 22:04:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1b750d8e-bfd4-11e2-99c5-00219b1c2f23}.TM (2).blf
[2013/05/18 22:04:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1b750d8e-bfd4-11e2-99c5-00219b1c2f23}.TM.blf
[2013/05/18 22:04:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1b750d8e-bfd4-11e2-99c5-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/05/18 22:04:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1b750d8e-bfd4-11e2-99c5-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/05/18 22:04:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1b750d8e-bfd4-11e2-99c5-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/05/18 22:04:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1b750d8e-bfd4-11e2-99c5-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/05/18 22:04:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1b750d8e-bfd4-11e2-99c5-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/05/18 22:04:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1b750d8e-bfd4-11e2-99c5-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/02/04 18:07:10 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fd4c860-4e9d-11e1-aaca-00219b1c2f23}.TM (1).blf
[2012/02/04 18:07:10 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fd4c860-4e9d-11e1-aaca-00219b1c2f23}.TM (2).blf
[2012/02/04 18:07:10 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fd4c860-4e9d-11e1-aaca-00219b1c2f23}.TM.blf
[2012/02/04 18:07:10 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fd4c860-4e9d-11e1-aaca-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/02/04 18:07:10 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fd4c860-4e9d-11e1-aaca-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/02/04 18:07:10 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fd4c860-4e9d-11e1-aaca-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/02/04 18:07:10 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fd4c860-4e9d-11e1-aaca-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/02/04 18:07:10 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fd4c860-4e9d-11e1-aaca-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/02/04 18:07:10 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fd4c860-4e9d-11e1-aaca-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/09/12 07:26:07 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fee42c9-1b3a-11e3-a824-00219b1c2f23}.TM.blf
[2013/09/12 07:26:07 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fee42c9-1b3a-11e3-a824-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/09/12 07:26:07 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{1fee42c9-1b3a-11e3-a824-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/09/25 22:20:27 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2a43f013-055e-11e2-9f95-00219b1c2f23}.TM (1).blf
[2012/09/25 22:20:27 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2a43f013-055e-11e2-9f95-00219b1c2f23}.TM (2).blf
[2012/09/25 22:20:27 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2a43f013-055e-11e2-9f95-00219b1c2f23}.TM.blf
[2012/09/25 22:20:27 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2a43f013-055e-11e2-9f95-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/09/25 22:20:27 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2a43f013-055e-11e2-9f95-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/09/25 22:20:27 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2a43f013-055e-11e2-9f95-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/09/25 22:20:27 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2a43f013-055e-11e2-9f95-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/09/25 22:20:27 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2a43f013-055e-11e2-9f95-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/09/25 22:20:27 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2a43f013-055e-11e2-9f95-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/03/20 11:59:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2b381aee-702f-11e1-a922-00219b1c2f23}.TM (1).blf
[2012/03/20 11:59:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2b381aee-702f-11e1-a922-00219b1c2f23}.TM (2).blf
[2012/03/20 11:59:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2b381aee-702f-11e1-a922-00219b1c2f23}.TM.blf
[2012/03/20 11:59:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2b381aee-702f-11e1-a922-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/03/20 11:59:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2b381aee-702f-11e1-a922-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/03/20 11:59:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2b381aee-702f-11e1-a922-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/03/20 11:59:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2b381aee-702f-11e1-a922-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/03/20 11:59:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2b381aee-702f-11e1-a922-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/03/20 11:59:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2b381aee-702f-11e1-a922-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2011/12/14 13:57:41 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2c8357d5-2647-11e1-b348-00219b1c2f23}.TM (1).blf
[2011/12/14 13:57:41 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2c8357d5-2647-11e1-b348-00219b1c2f23}.TM (2).blf
[2011/12/14 13:57:41 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2c8357d5-2647-11e1-b348-00219b1c2f23}.TM.blf
[2011/12/14 13:57:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2c8357d5-2647-11e1-b348-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2011/12/14 13:57:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2c8357d5-2647-11e1-b348-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2011/12/14 13:57:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2c8357d5-2647-11e1-b348-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2011/12/14 13:57:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2c8357d5-2647-11e1-b348-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2011/12/14 13:57:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2c8357d5-2647-11e1-b348-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2011/12/14 13:57:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{2c8357d5-2647-11e1-b348-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/01/13 19:20:36 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{3256672a-3df3-11e1-8e17-00219b1c2f23}.TM (1).blf
[2012/01/13 19:20:36 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{3256672a-3df3-11e1-8e17-00219b1c2f23}.TM (2).blf
[2012/01/13 19:20:36 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{3256672a-3df3-11e1-8e17-00219b1c2f23}.TM.blf
[2012/01/13 19:20:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{3256672a-3df3-11e1-8e17-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/01/13 19:20:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{3256672a-3df3-11e1-8e17-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/01/13 19:20:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{3256672a-3df3-11e1-8e17-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/01/13 19:20:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{3256672a-3df3-11e1-8e17-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/01/13 19:20:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{3256672a-3df3-11e1-8e17-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/01/13 19:20:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{3256672a-3df3-11e1-8e17-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/08/14 22:57:21 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{41b4cfdd-04bb-11e3-8fee-00219b1c2f23}.TM.blf
[2013/08/14 22:57:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{41b4cfdd-04bb-11e3-8fee-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/08/14 22:57:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{41b4cfdd-04bb-11e3-8fee-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2010/04/13 14:51:13 | 000,065,536 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{4243960b-46c3-11df-8e03-00219b1c2f23}.TM (1).blf
[2010/04/13 14:51:13 | 000,065,536 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{4243960b-46c3-11df-8e03-00219b1c2f23}.TM (2).blf
[2010/04/13 14:51:13 | 000,065,536 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{4243960b-46c3-11df-8e03-00219b1c2f23}.TM.blf
[2010/04/13 14:51:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{4243960b-46c3-11df-8e03-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2010/04/13 14:51:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{4243960b-46c3-11df-8e03-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2010/04/13 14:51:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{4243960b-46c3-11df-8e03-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2010/04/13 14:51:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{4243960b-46c3-11df-8e03-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2010/04/13 14:51:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{4243960b-46c3-11df-8e03-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2010/04/13 14:51:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{4243960b-46c3-11df-8e03-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/07/12 02:21:20 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{4e27ae8c-ca71-11e1-8c5c-00219b1c2f23}.TM (1).blf
[2012/07/12 02:21:20 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{4e27ae8c-ca71-11e1-8c5c-00219b1c2f23}.TM (2).blf
[2012/07/12 02:21:20 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{4e27ae8c-ca71-11e1-8c5c-00219b1c2f23}.TM.blf
[2012/07/12 02:21:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{4e27ae8c-ca71-11e1-8c5c-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/07/12 02:21:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{4e27ae8c-ca71-11e1-8c5c-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/07/12 02:21:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{4e27ae8c-ca71-11e1-8c5c-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/07/12 02:21:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{4e27ae8c-ca71-11e1-8c5c-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/07/12 02:21:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{4e27ae8c-ca71-11e1-8c5c-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/07/12 02:21:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{4e27ae8c-ca71-11e1-8c5c-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/05/13 23:08:36 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5b3256c1-9ce9-11e1-8f34-00219b1c2f23}.TM (1).blf
[2012/05/13 23:08:36 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5b3256c1-9ce9-11e1-8f34-00219b1c2f23}.TM (2).blf
[2012/05/13 23:08:36 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5b3256c1-9ce9-11e1-8f34-00219b1c2f23}.TM.blf
[2012/05/13 23:08:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5b3256c1-9ce9-11e1-8f34-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/05/13 23:08:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5b3256c1-9ce9-11e1-8f34-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/05/13 23:08:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5b3256c1-9ce9-11e1-8f34-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/05/13 23:08:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5b3256c1-9ce9-11e1-8f34-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/05/13 23:08:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5b3256c1-9ce9-11e1-8f34-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/05/13 23:08:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5b3256c1-9ce9-11e1-8f34-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/05/01 08:52:53 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5fae0cdf-9065-11e1-8db5-00219b1c2f23}.TM (1).blf
[2012/05/01 08:52:53 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5fae0cdf-9065-11e1-8db5-00219b1c2f23}.TM (2).blf
[2012/05/01 08:52:53 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5fae0cdf-9065-11e1-8db5-00219b1c2f23}.TM.blf
[2012/05/01 08:52:53 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5fae0cdf-9065-11e1-8db5-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/05/01 08:52:53 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5fae0cdf-9065-11e1-8db5-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/05/01 08:52:53 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5fae0cdf-9065-11e1-8db5-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/05/01 08:52:53 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5fae0cdf-9065-11e1-8db5-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/05/01 08:52:53 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5fae0cdf-9065-11e1-8db5-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/05/01 08:52:53 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{5fae0cdf-9065-11e1-8db5-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2010/04/17 21:35:43 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{6452f106-49f0-11df-9e42-00219b1c2f23}.TM (1).blf
[2010/04/17 21:35:43 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{6452f106-49f0-11df-9e42-00219b1c2f23}.TM (2).blf
[2010/04/17 21:35:43 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{6452f106-49f0-11df-9e42-00219b1c2f23}.TM.blf
[2010/04/17 21:35:43 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{6452f106-49f0-11df-9e42-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2010/04/17 21:35:43 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{6452f106-49f0-11df-9e42-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2010/04/17 21:35:43 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{6452f106-49f0-11df-9e42-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2010/04/17 21:35:43 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{6452f106-49f0-11df-9e42-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2010/04/17 21:35:43 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{6452f106-49f0-11df-9e42-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2010/04/17 21:35:43 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{6452f106-49f0-11df-9e42-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/01/28 11:53:12 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{678fb743-49a6-11e1-a7df-00219b1c2f23}.TM (1).blf
[2012/01/28 11:53:12 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{678fb743-49a6-11e1-a7df-00219b1c2f23}.TM (2).blf
[2012/01/28 11:53:12 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{678fb743-49a6-11e1-a7df-00219b1c2f23}.TM.blf
[2012/01/28 11:53:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{678fb743-49a6-11e1-a7df-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/01/28 11:53:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{678fb743-49a6-11e1-a7df-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/01/28 11:53:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{678fb743-49a6-11e1-a7df-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/01/28 11:53:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{678fb743-49a6-11e1-a7df-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/01/28 11:53:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{678fb743-49a6-11e1-a7df-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/01/28 11:53:12 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{678fb743-49a6-11e1-a7df-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/05/28 08:06:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{74c60549-c769-11e2-8cd3-00219b1c2f23}.TM (1).blf
[2013/05/28 08:06:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{74c60549-c769-11e2-8cd3-00219b1c2f23}.TM (2).blf
[2013/05/28 08:06:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{74c60549-c769-11e2-8cd3-00219b1c2f23}.TM.blf
[2013/05/28 08:06:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{74c60549-c769-11e2-8cd3-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/05/28 08:06:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{74c60549-c769-11e2-8cd3-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/05/28 08:06:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{74c60549-c769-11e2-8cd3-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/05/28 08:06:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{74c60549-c769-11e2-8cd3-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/05/28 08:06:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{74c60549-c769-11e2-8cd3-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/05/28 08:06:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{74c60549-c769-11e2-8cd3-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/10/26 03:31:35 | 000,065,536 | -HS- | M] () -- C:\Users\Marion\ntuser.dat{7dc60bcc-3dc7-11e3-9998-00219b1c2f23}.TM.blf
[2013/10/26 03:31:35 | 000,524,288 | -HS- | M] () -- C:\Users\Marion\ntuser.dat{7dc60bcc-3dc7-11e3-9998-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/10/26 03:31:35 | 000,524,288 | -HS- | M] () -- C:\Users\Marion\ntuser.dat{7dc60bcc-3dc7-11e3-9998-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/04/05 00:18:41 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{7eb12626-9d2d-11e2-8165-00219b1c2f23}.TM (1).blf
[2013/04/05 00:18:41 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{7eb12626-9d2d-11e2-8165-00219b1c2f23}.TM (2).blf
[2013/04/05 00:18:41 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{7eb12626-9d2d-11e2-8165-00219b1c2f23}.TM.blf
[2013/04/05 00:18:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{7eb12626-9d2d-11e2-8165-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/04/05 00:18:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{7eb12626-9d2d-11e2-8165-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/04/05 00:18:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{7eb12626-9d2d-11e2-8165-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/04/05 00:18:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{7eb12626-9d2d-11e2-8165-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/04/05 00:18:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{7eb12626-9d2d-11e2-8165-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/04/05 00:18:41 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{7eb12626-9d2d-11e2-8165-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/09/29 11:42:46 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8b7c597b-28d8-11e3-a62e-00219b1c2f23}.TM.blf
[2013/09/29 11:42:46 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8b7c597b-28d8-11e3-a62e-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/09/29 11:42:46 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8b7c597b-28d8-11e3-a62e-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/01/21 23:24:01 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8bf40fc4-62f7-11e2-8d4c-00219b1c2f23}.TM (1).blf
[2013/01/21 23:24:01 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8bf40fc4-62f7-11e2-8d4c-00219b1c2f23}.TM (2).blf
[2013/01/21 23:24:01 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8bf40fc4-62f7-11e2-8d4c-00219b1c2f23}.TM.blf
[2013/01/21 23:24:01 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8bf40fc4-62f7-11e2-8d4c-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/01/21 23:24:01 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8bf40fc4-62f7-11e2-8d4c-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/01/21 23:24:01 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8bf40fc4-62f7-11e2-8d4c-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/01/21 23:24:01 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8bf40fc4-62f7-11e2-8d4c-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/01/21 23:24:01 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8bf40fc4-62f7-11e2-8d4c-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/01/21 23:24:01 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8bf40fc4-62f7-11e2-8d4c-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/08/04 21:33:09 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8d0beaf2-de39-11e1-aa7a-00219b1c2f23}.TM (1).blf
[2012/08/04 21:33:09 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8d0beaf2-de39-11e1-aa7a-00219b1c2f23}.TM (2).blf
[2012/08/04 21:33:09 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8d0beaf2-de39-11e1-aa7a-00219b1c2f23}.TM.blf
[2012/08/04 21:33:09 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8d0beaf2-de39-11e1-aa7a-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/08/04 21:33:09 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8d0beaf2-de39-11e1-aa7a-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/08/04 21:33:09 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8d0beaf2-de39-11e1-aa7a-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/08/04 21:33:09 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8d0beaf2-de39-11e1-aa7a-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/08/04 21:33:09 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8d0beaf2-de39-11e1-aa7a-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/08/04 21:33:09 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{8d0beaf2-de39-11e1-aa7a-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/05/28 07:36:54 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{938e5069-c701-11e2-870b-00219b1c2f23}.TM (1).blf
[2013/05/28 07:36:54 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{938e5069-c701-11e2-870b-00219b1c2f23}.TM (2).blf
[2013/05/28 07:36:54 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{938e5069-c701-11e2-870b-00219b1c2f23}.TM.blf
[2013/05/28 07:36:54 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{938e5069-c701-11e2-870b-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/05/28 07:36:54 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{938e5069-c701-11e2-870b-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/05/28 07:36:54 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{938e5069-c701-11e2-870b-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/05/28 07:36:54 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{938e5069-c701-11e2-870b-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/05/28 07:36:54 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{938e5069-c701-11e2-870b-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/05/28 07:36:54 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{938e5069-c701-11e2-870b-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2011/12/11 11:03:03 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{94cf3b11-23e7-11e1-bf2e-00219b1c2f23}.TM (1).blf
[2011/12/11 11:03:03 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{94cf3b11-23e7-11e1-bf2e-00219b1c2f23}.TM (2).blf
[2011/12/11 11:03:03 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{94cf3b11-23e7-11e1-bf2e-00219b1c2f23}.TM.blf
[2011/12/11 11:03:03 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{94cf3b11-23e7-11e1-bf2e-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2011/12/11 11:03:03 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{94cf3b11-23e7-11e1-bf2e-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2011/12/11 11:03:03 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{94cf3b11-23e7-11e1-bf2e-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2011/12/11 11:03:03 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{94cf3b11-23e7-11e1-bf2e-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2011/12/11 11:03:03 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{94cf3b11-23e7-11e1-bf2e-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2011/12/11 11:03:03 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{94cf3b11-23e7-11e1-bf2e-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/04/06 11:04:13 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{95f121bc-9dc8-11e2-9831-00219b1c2f23}.TM (1).blf
[2013/04/06 11:04:13 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{95f121bc-9dc8-11e2-9831-00219b1c2f23}.TM (2).blf
[2013/04/06 11:04:13 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{95f121bc-9dc8-11e2-9831-00219b1c2f23}.TM.blf
[2013/04/06 11:04:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{95f121bc-9dc8-11e2-9831-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/04/06 11:04:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{95f121bc-9dc8-11e2-9831-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/04/06 11:04:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{95f121bc-9dc8-11e2-9831-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/04/06 11:04:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{95f121bc-9dc8-11e2-9831-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/04/06 11:04:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{95f121bc-9dc8-11e2-9831-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/04/06 11:04:13 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{95f121bc-9dc8-11e2-9831-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/10/18 17:29:36 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{9f2a2a20-37cb-11e3-abbb-00219b1c2f23}.TM.blf
[2013/10/18 17:29:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{9f2a2a20-37cb-11e3-abbb-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/10/18 17:29:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{9f2a2a20-37cb-11e3-abbb-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/05/28 07:40:20 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a330e9e7-c743-11e2-95f9-00219b1c2f23}.TM (1).blf
[2013/05/28 07:40:20 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a330e9e7-c743-11e2-95f9-00219b1c2f23}.TM (2).blf
[2013/05/28 07:40:20 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a330e9e7-c743-11e2-95f9-00219b1c2f23}.TM.blf
[2013/05/28 07:40:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a330e9e7-c743-11e2-95f9-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/05/28 07:40:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a330e9e7-c743-11e2-95f9-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/05/28 07:40:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a330e9e7-c743-11e2-95f9-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/05/28 07:40:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a330e9e7-c743-11e2-95f9-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/05/28 07:40:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a330e9e7-c743-11e2-95f9-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/05/28 07:40:20 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a330e9e7-c743-11e2-95f9-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/01/10 15:28:48 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a6756125-5b25-11e2-8d64-00219b1c2f23}.TM (1).blf
[2013/01/10 15:28:48 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a6756125-5b25-11e2-8d64-00219b1c2f23}.TM (2).blf
[2013/01/10 15:28:48 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a6756125-5b25-11e2-8d64-00219b1c2f23}.TM.blf
[2013/01/10 15:28:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a6756125-5b25-11e2-8d64-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/01/10 15:28:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a6756125-5b25-11e2-8d64-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/01/10 15:28:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a6756125-5b25-11e2-8d64-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/01/10 15:28:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a6756125-5b25-11e2-8d64-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/01/10 15:28:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a6756125-5b25-11e2-8d64-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/01/10 15:28:48 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{a6756125-5b25-11e2-8d64-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/10/06 21:19:21 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{aa6d1014-0f81-11e2-855f-00219b1c2f23}.TM (1).blf
[2012/10/06 21:19:21 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{aa6d1014-0f81-11e2-855f-00219b1c2f23}.TM (2).blf
[2012/10/06 21:19:21 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{aa6d1014-0f81-11e2-855f-00219b1c2f23}.TM.blf
[2012/10/06 21:19:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{aa6d1014-0f81-11e2-855f-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/10/06 21:19:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{aa6d1014-0f81-11e2-855f-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/10/06 21:19:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{aa6d1014-0f81-11e2-855f-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/10/06 21:19:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{aa6d1014-0f81-11e2-855f-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/10/06 21:19:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{aa6d1014-0f81-11e2-855f-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/10/06 21:19:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{aa6d1014-0f81-11e2-855f-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/08/13 13:36:36 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b23fe0a9-03ea-11e3-8d22-00219b1c2f23}.TM.blf
[2013/08/13 13:36:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b23fe0a9-03ea-11e3-8d22-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/08/13 13:36:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b23fe0a9-03ea-11e3-8d22-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2010/05/11 09:16:18 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b7148580-5cdc-11df-9d3e-00219b1c2f23}.TM (1).blf
[2010/05/11 09:16:18 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b7148580-5cdc-11df-9d3e-00219b1c2f23}.TM (2).blf
[2010/05/11 09:16:18 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b7148580-5cdc-11df-9d3e-00219b1c2f23}.TM.blf
[2010/05/11 09:16:18 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b7148580-5cdc-11df-9d3e-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2010/05/11 09:16:18 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b7148580-5cdc-11df-9d3e-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2010/05/11 09:16:18 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b7148580-5cdc-11df-9d3e-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2010/05/11 09:16:18 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b7148580-5cdc-11df-9d3e-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2010/05/11 09:16:18 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b7148580-5cdc-11df-9d3e-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2010/05/11 09:16:18 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{b7148580-5cdc-11df-9d3e-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/02/12 23:59:16 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{bf968272-716a-11e2-9745-00219b1c2f23}.TM (1).blf
[2013/02/12 23:59:16 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{bf968272-716a-11e2-9745-00219b1c2f23}.TM (2).blf
[2013/02/12 23:59:16 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{bf968272-716a-11e2-9745-00219b1c2f23}.TM.blf
[2013/02/12 23:59:16 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{bf968272-716a-11e2-9745-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/02/12 23:59:16 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{bf968272-716a-11e2-9745-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/02/12 23:59:16 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{bf968272-716a-11e2-9745-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/02/12 23:59:16 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{bf968272-716a-11e2-9745-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/02/12 23:59:16 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{bf968272-716a-11e2-9745-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/02/12 23:59:16 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{bf968272-716a-11e2-9745-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/04/06 12:16:15 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c317ffaf-9eae-11e2-947c-00219b1c2f23}.TM (1).blf
[2013/04/06 12:16:15 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c317ffaf-9eae-11e2-947c-00219b1c2f23}.TM (2).blf
[2013/04/06 12:16:15 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c317ffaf-9eae-11e2-947c-00219b1c2f23}.TM.blf
[2013/04/06 12:16:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c317ffaf-9eae-11e2-947c-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/04/06 12:16:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c317ffaf-9eae-11e2-947c-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/04/06 12:16:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c317ffaf-9eae-11e2-947c-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/04/06 12:16:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c317ffaf-9eae-11e2-947c-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/04/06 12:16:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c317ffaf-9eae-11e2-947c-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/04/06 12:16:15 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c317ffaf-9eae-11e2-947c-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/06/12 11:20:51 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c47e7f70-b341-11e1-aac9-00219b1c2f23}.TM (1).blf
[2012/06/12 11:20:51 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c47e7f70-b341-11e1-aac9-00219b1c2f23}.TM (2).blf
[2012/06/12 11:20:51 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c47e7f70-b341-11e1-aac9-00219b1c2f23}.TM.blf
[2012/06/12 11:20:51 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c47e7f70-b341-11e1-aac9-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/06/12 11:20:51 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c47e7f70-b341-11e1-aac9-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/06/12 11:20:51 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c47e7f70-b341-11e1-aac9-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/06/12 11:20:51 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c47e7f70-b341-11e1-aac9-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/06/12 11:20:51 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c47e7f70-b341-11e1-aac9-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/06/12 11:20:51 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{c47e7f70-b341-11e1-aac9-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/03/12 20:26:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{cf16146f-8b27-11e2-ad6d-00219b1c2f23}.TM (1).blf
[2013/03/12 20:26:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{cf16146f-8b27-11e2-ad6d-00219b1c2f23}.TM (2).blf
[2013/03/12 20:26:42 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{cf16146f-8b27-11e2-ad6d-00219b1c2f23}.TM.blf
[2013/03/12 20:26:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{cf16146f-8b27-11e2-ad6d-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/03/12 20:26:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{cf16146f-8b27-11e2-ad6d-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/03/12 20:26:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{cf16146f-8b27-11e2-ad6d-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/03/12 20:26:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{cf16146f-8b27-11e2-ad6d-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/03/12 20:26:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{cf16146f-8b27-11e2-ad6d-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/03/12 20:26:42 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{cf16146f-8b27-11e2-ad6d-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2012/09/17 11:44:45 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{dcb5cd9b-ffd0-11e1-8a99-00219b1c2f23}.TM (1).blf
[2012/09/17 11:44:45 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{dcb5cd9b-ffd0-11e1-8a99-00219b1c2f23}.TM (2).blf
[2012/09/17 11:44:45 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{dcb5cd9b-ffd0-11e1-8a99-00219b1c2f23}.TM.blf
[2012/09/17 11:44:45 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{dcb5cd9b-ffd0-11e1-8a99-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2012/09/17 11:44:45 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{dcb5cd9b-ffd0-11e1-8a99-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2012/09/17 11:44:45 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{dcb5cd9b-ffd0-11e1-8a99-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2012/09/17 11:44:45 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{dcb5cd9b-ffd0-11e1-8a99-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2012/09/17 11:44:45 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{dcb5cd9b-ffd0-11e1-8a99-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2012/09/17 11:44:45 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{dcb5cd9b-ffd0-11e1-8a99-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2011/12/12 23:14:21 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e311fbcf-24d2-11e1-b7c2-00219b1c2f23}.TM (1).blf
[2011/12/12 23:14:21 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e311fbcf-24d2-11e1-b7c2-00219b1c2f23}.TM (2).blf
[2011/12/12 23:14:21 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e311fbcf-24d2-11e1-b7c2-00219b1c2f23}.TM.blf
[2011/12/12 23:14:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e311fbcf-24d2-11e1-b7c2-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2011/12/12 23:14:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e311fbcf-24d2-11e1-b7c2-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2011/12/12 23:14:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e311fbcf-24d2-11e1-b7c2-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2011/12/12 23:14:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e311fbcf-24d2-11e1-b7c2-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2011/12/12 23:14:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e311fbcf-24d2-11e1-b7c2-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2011/12/12 23:14:21 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e311fbcf-24d2-11e1-b7c2-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/07/12 23:55:10 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e4226979-eb0b-11e2-9441-00219b1c2f23}.TM.blf
[2013/07/12 23:55:10 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e4226979-eb0b-11e2-9441-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/07/12 23:55:10 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{e4226979-eb0b-11e2-9441-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2010/04/13 18:51:50 | 000,065,536 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{e8116b11-470b-11df-bce6-00219b1c2f23}.TM (1).blf
[2010/04/13 18:51:50 | 000,065,536 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{e8116b11-470b-11df-bce6-00219b1c2f23}.TM (2).blf
[2010/04/13 18:51:50 | 000,065,536 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{e8116b11-470b-11df-bce6-00219b1c2f23}.TM.blf
[2010/04/13 18:51:50 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{e8116b11-470b-11df-bce6-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2010/04/13 18:51:50 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{e8116b11-470b-11df-bce6-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2010/04/13 18:51:50 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{e8116b11-470b-11df-bce6-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2010/04/13 18:51:50 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{e8116b11-470b-11df-bce6-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2010/04/13 18:51:50 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{e8116b11-470b-11df-bce6-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2010/04/13 18:51:50 | 000,524,288 | ---- | M] () -- C:\Users\Marion\NTUSER.DAT{e8116b11-470b-11df-bce6-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/04/27 16:01:36 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{ead6b020-af0a-11e2-84ef-00219b1c2f23}.TM (1).blf
[2013/04/27 16:01:36 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{ead6b020-af0a-11e2-84ef-00219b1c2f23}.TM (2).blf
[2013/04/27 16:01:36 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{ead6b020-af0a-11e2-84ef-00219b1c2f23}.TM.blf
[2013/04/27 16:01:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{ead6b020-af0a-11e2-84ef-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/04/27 16:01:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{ead6b020-af0a-11e2-84ef-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/04/27 16:01:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{ead6b020-af0a-11e2-84ef-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/04/27 16:01:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{ead6b020-af0a-11e2-84ef-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/04/27 16:01:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{ead6b020-af0a-11e2-84ef-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/04/27 16:01:36 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{ead6b020-af0a-11e2-84ef-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2013/02/28 23:28:49 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f352ce25-80b8-11e2-8d50-00219b1c2f23}.TM (1).blf
[2013/02/28 23:28:49 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f352ce25-80b8-11e2-8d50-00219b1c2f23}.TM (2).blf
[2013/02/28 23:28:49 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f352ce25-80b8-11e2-8d50-00219b1c2f23}.TM.blf
[2013/02/28 23:28:49 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f352ce25-80b8-11e2-8d50-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2013/02/28 23:28:49 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f352ce25-80b8-11e2-8d50-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2013/02/28 23:28:49 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f352ce25-80b8-11e2-8d50-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2013/02/28 23:28:49 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f352ce25-80b8-11e2-8d50-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2013/02/28 23:28:49 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f352ce25-80b8-11e2-8d50-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2013/02/28 23:28:49 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f352ce25-80b8-11e2-8d50-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2011/12/11 11:55:44 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f94429f2-23ee-11e1-a7c3-00219b1c2f23}.TM (1).blf
[2011/12/11 11:55:44 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f94429f2-23ee-11e1-a7c3-00219b1c2f23}.TM (2).blf
[2011/12/11 11:55:44 | 000,065,536 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f94429f2-23ee-11e1-a7c3-00219b1c2f23}.TM.blf
[2011/12/11 11:55:44 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f94429f2-23ee-11e1-a7c3-00219b1c2f23}.TMContainer00000000000000000001 (1).regtrans-ms
[2011/12/11 11:55:44 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f94429f2-23ee-11e1-a7c3-00219b1c2f23}.TMContainer00000000000000000001 (2).regtrans-ms
[2011/12/11 11:55:44 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f94429f2-23ee-11e1-a7c3-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2011/12/11 11:55:44 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f94429f2-23ee-11e1-a7c3-00219b1c2f23}.TMContainer00000000000000000002 (1).regtrans-ms
[2011/12/11 11:55:44 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f94429f2-23ee-11e1-a7c3-00219b1c2f23}.TMContainer00000000000000000002 (2).regtrans-ms
[2011/12/11 11:55:44 | 000,524,288 | ---- | M] () -- C:\Users\Marion\ntuser.dat{f94429f2-23ee-11e1-a7c3-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms
[2010/04/12 07:40:20 | 000,000,020 | -HS- | M] () -- C:\Users\Marion\ntuser.ini

[color=#A23BEC]< %USERPROFILE%\*. >[/color]
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\Application Data
[2013/11/29 07:00:01 | 000,000,000 | ---D | M] -- C:\Users\Marion\Contacts
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\Cookies
[2013/12/05 20:44:58 | 000,000,000 | R--D | M] -- C:\Users\Marion\Desktop
[2013/12/02 20:55:07 | 000,000,000 | ---D | M] -- C:\Users\Marion\Documents
[2013/12/05 20:44:58 | 000,000,000 | ---D | M] -- C:\Users\Marion\Downloads
[2013/12/05 17:10:42 | 000,000,000 | R--D | M] -- C:\Users\Marion\Dropbox
[2013/11/17 20:27:16 | 000,000,000 | ---D | M] -- C:\Users\Marion\Favorites
[2013/11/27 18:33:55 | 000,000,000 | ---D | M] -- C:\Users\Marion\Links
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\Local Settings
[2013/11/22 17:09:51 | 000,000,000 | ---D | M] -- C:\Users\Marion\Music
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\My Documents
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\NetHood
[2013/12/02 10:42:34 | 000,000,000 | ---D | M] -- C:\Users\Marion\Pictures
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\PrintHood
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\Recent
[2013/11/17 20:27:16 | 000,000,000 | ---D | M] -- C:\Users\Marion\Saved Games
[2013/11/21 12:08:07 | 000,000,000 | ---D | M] -- C:\Users\Marion\Searches
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\SendTo
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\Start Menu
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\Templates
[2013/11/10 09:58:14 | 000,000,000 | ---D | M] -- C:\Users\Marion\Tracing
[2013/11/10 09:58:14 | 000,000,000 | ---D | M] -- C:\Users\Marion\Videos

[color=#A23BEC]< %USERPROFILE%\*.exe /s >[/color]
[2010/04/12 08:38:47 | 000,061,224 | ---- | M] () -- C:\Users\Marion\GoToAssistDownloadHelper (1).exe
[2010/04/12 08:38:47 | 000,061,224 | ---- | M] () -- C:\Users\Marion\GoToAssistDownloadHelper (2).exe
[2010/04/12 08:38:47 | 000,061,224 | ---- | M] () -- C:\Users\Marion\GoToAssistDownloadHelper.exe
[2013/06/04 23:47:02 | 000,142,576 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Marion\AppData\Local\Akamai\admintool.exe
[2013/06/05 00:55:50 | 004,415,736 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Marion\AppData\Local\Akamai\ControlPanel.exe
[2013/11/03 01:19:10 | 010,028,936 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Marion\AppData\Local\Akamai\installer_no_upload_silent.exe
[2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Marion\AppData\Local\Akamai\netsession_win.exe
[2013/06/05 01:01:50 | 006,339,816 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Marion\AppData\Local\Akamai\rswinui.exe
[2013/06/05 01:01:50 | 002,244,336 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Marion\AppData\Local\Akamai\uninstall.exe
[2013/01/26 06:02:32 | 004,415,736 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Marion\AppData\Local\Akamai\ControlPanel.old\ControlPanel.exe
[2013/11/11 11:39:50 | 000,077,136 | ---- | M] (Apple Inc.) -- C:\Users\Marion\AppData\Local\Apple\Apple Software Update\SetupAdmin.exe
[2010/04/12 08:38:44 | 000,038,912 | ---- | M] (Citrix Online) -- C:\Users\Marion\AppData\Local\Apps\2.0\H0T3JGL3.JGK\BMB4RVJK.XV3\citr..rter_1f7b1ea3a3243e4a_0001.0000_0b3e9c346e6aaa9f\AppCore.exe
[2010/04/12 08:38:51 | 001,106,728 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Marion\AppData\Local\Citrix\GoToAssist\GoToAssist_chat2way_service_514_en.exe
[2012/04/13 10:50:42 | 001,287,528 | ---- | M] (Microsoft Corporation) -- C:\Users\Marion\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe
[1623/03/26 06:11:20 | 000,375,072 | ---- | M] (Conduit Ltd.) -- C:\Users\Marion\AppData\Local\NativeMessaging\CT3292715\1_0_0_2\TBMessagingHost.exe
[2013/09/29 17:02:27 | 000,821,568 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Users\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\FC-setup.exe
[2013/09/29 16:38:36 | 000,549,091 | ---- | M] () -- C:\Users\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Downloads\00D9E9A9052F01F386A3E962111EBDBAF700000000000860E3.exe
[2013/09/29 19:08:49 | 059,632,525 | ---- | M] () -- C:\Users\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Downloads\00DC1251C27AFD94F23B0F5666E988B5C100000000038DEB8D.exe
[2013/09/29 16:34:58 | 026,129,808 | ---- | M] () -- C:\Users\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Downloads\00E7864BFCBB3C8586EDD1E2C540F5374900000000018EB590.exe
[2013/09/01 11:58:28 | 000,488,960 | ---- | M] () -- C:\Users\Marion\AppData\Local\Temp\sqlite3.exe
[8 C:\Users\Marion\AppData\Local\Temp\*.tmp files -> C:\Users\Marion\AppData\Local\Temp\*.tmp -> ]
[2012/04/15 09:40:03 | 000,065,896 | ---- | M] () -- C:\Users\Marion\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\0g73u2ek\na3z0zgb (1).exe
[2012/04/15 09:40:03 | 000,065,896 | ---- | M] () -- C:\Users\Marion\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\0g73u2ek\na3z0zgb (2).exe
[2012/04/15 09:40:03 | 000,065,896 | ---- | M] () -- C:\Users\Marion\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\0g73u2ek\na3z0zgb.exe
[2012/04/15 09:40:03 | 000,065,896 | ---- | M] () -- C:\Users\Marion\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\df3u7m23\bk29k0qq (1).exe
[2012/04/15 09:40:03 | 000,065,896 | ---- | M] () -- C:\Users\Marion\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\df3u7m23\bk29k0qq (2).exe
[2012/04/15 09:40:03 | 000,065,896 | ---- | M] () -- C:\Users\Marion\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\df3u7m23\bk29k0qq.exe
[2012/04/15 09:40:03 | 000,065,896 | ---- | M] () -- C:\Users\Marion\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\tlngbbrx\sa8my2rg (1).exe
[2012/04/15 09:40:03 | 000,065,896 | ---- | M] () -- C:\Users\Marion\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\tlngbbrx\sa8my2rg (2).exe
[2012/04/15 09:40:03 | 000,065,896 | ---- | M] () -- C:\Users\Marion\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\tlngbbrx\sa8my2rg.exe
[2013/08/13 09:54:31 | 000,889,416 | ---- | M] (Microsoft Corporation) -- C:\Users\Marion\AppData\Roaming\dotNetFx40_Full_setup.exe
[2009/05/12 04:35:30 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\atibtmon (1).exe
[2009/05/12 04:35:30 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\atibtmon (2).exe
[2009/05/12 04:35:30 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\atibtmon.exe
[2009/08/18 09:36:54 | 000,420,352 | ---- | M] (AMD) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\atieclxx (1).exe
[2009/08/18 09:36:54 | 000,420,352 | ---- | M] (AMD) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\atieclxx (2).exe
[2009/08/18 09:36:54 | 000,420,352 | ---- | M] (AMD) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\atieclxx.exe
[2009/08/18 09:36:20 | 000,203,264 | ---- | M] (AMD) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\atiesrxx (1).exe
[2009/08/18 09:36:20 | 000,203,264 | ---- | M] (AMD) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\atiesrxx (2).exe
[2009/08/18 09:36:20 | 000,203,264 | ---- | M] (AMD) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\atiesrxx.exe
[2009/02/04 03:52:08 | 000,051,200 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\ATIODCLI (1).exe
[2009/02/04 03:52:08 | 000,051,200 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\ATIODCLI (2).exe
[2009/02/04 03:52:08 | 000,051,200 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\ATIODCLI.exe
[2009/02/19 00:55:24 | 000,332,288 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\ATIODE (1).exe
[2009/02/19 00:55:24 | 000,332,288 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\ATIODE (2).exe
[2009/02/19 00:55:24 | 000,332,288 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\ATI Radeon HD 4800 Series - 8.632.1.2000\ATIODE.exe
[2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\AERTSr64 (1).exe
[2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\AERTSr64 (2).exe
[2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\AERTSr64.exe
[2010/07/06 17:31:12 | 002,103,912 | ---- | M] (Realtek Semiconductor) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\RAVBg64 (1).exe
[2010/07/06 17:31:12 | 002,103,912 | ---- | M] (Realtek Semiconductor) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\RAVBg64 (2).exe
[2010/07/06 17:31:12 | 002,103,912 | ---- | M] (Realtek Semiconductor) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\RAVBg64.exe
[2010/07/06 17:31:18 | 011,057,768 | ---- | M] (Realtek Semiconductor) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\RAVCpl64 (1).exe
[2010/07/06 17:31:18 | 011,057,768 | ---- | M] (Realtek Semiconductor) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\RAVCpl64 (2).exe
[2010/07/06 17:31:18 | 011,057,768 | ---- | M] (Realtek Semiconductor) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\RAVCpl64.exe
[2010/07/06 17:31:36 | 001,679,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\RtlUpd64 (1).exe
[2010/07/06 17:31:36 | 001,679,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\RtlUpd64 (2).exe
[2010/07/06 17:31:36 | 001,679,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Realtek High Definition Audio - 6.0.1.6151\RtlUpd64.exe
[2010/11/25 01:01:47 | 080,984,908 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\104139\Vista_Win7_R254 (1).exe
[2010/11/25 01:01:47 | 080,984,908 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\104139\Vista_Win7_R254 (2).exe
[2010/11/25 01:01:47 | 080,984,908 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\104139\Vista_Win7_R254.exe
[2010/07/31 08:29:25 | 000,136,848 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\65252\DELL_S2309W-MONITOR_A00-00_R222241 (1).exe
[2010/07/31 08:29:25 | 000,136,848 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\65252\DELL_S2309W-MONITOR_A00-00_R222241 (2).exe
[2010/07/31 08:29:25 | 000,136,848 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\65252\DELL_S2309W-MONITOR_A00-00_R222241.exe
[2010/07/31 08:30:21 | 020,719,880 | ---- | M] (Intel                                                       ) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\75961\Intel-PROWinx64 (1).exe
[2010/07/31 08:30:21 | 020,719,880 | ---- | M] (Intel                                                       ) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\75961\Intel-PROWinx64 (2).exe
[2010/07/31 08:30:21 | 020,719,880 | ---- | M] (Intel                                                       ) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\75961\Intel-PROWinx64.exe
[2010/07/31 08:27:52 | 076,127,344 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\80017\10-6_vista64_win7_64_dd_ccc_enu (1).exe
[2010/07/31 08:27:52 | 076,127,344 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\80017\10-6_vista64_win7_64_dd_ccc_enu (2).exe
[2010/07/31 08:27:52 | 076,127,344 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\80017\10-6_vista64_win7_64_dd_ccc_enu.exe
[2010/07/31 08:30:35 | 002,869,784 | ---- | M] (Intel Corporation) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\81823\INF_allOS_9.1.2.1007_PV (1).exe
[2010/07/31 08:30:35 | 002,869,784 | ---- | M] (Intel Corporation) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\81823\INF_allOS_9.1.2.1007_PV (2).exe
[2010/07/31 08:30:35 | 002,869,784 | ---- | M] (Intel Corporation) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\81823\INF_allOS_9.1.2.1007_PV.exe
[2010/07/31 08:29:23 | 041,623,735 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\82036\Vista_Win7_R250_x64 (1).exe
[2010/07/31 08:29:23 | 041,623,735 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\82036\Vista_Win7_R250_x64 (2).exe
[2010/07/31 08:29:23 | 041,623,735 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marion\AppData\Roaming\DriverFinder\Download\82036\Vista_Win7_R250_x64.exe
[2013/11/09 02:51:36 | 029,770,248 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2013/11/09 02:51:50 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marion\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2013/11/09 02:51:40 | 000,919,016 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marion\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2013/11/03 01:36:38 | 000,110,080 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\Icon1226A4C5.exe
[2012/10/12 23:54:32 | 000,565,760 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\OpenClipArtLibraryPackages\UninstallPackages\Uninstall (1).exe
[2012/10/12 23:54:32 | 000,565,760 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\OpenClipArtLibraryPackages\UninstallPackages\Uninstall (2).exe
[2012/10/12 23:54:32 | 000,565,760 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\OpenClipArtLibraryPackages\UninstallPackages\Uninstall.exe
[2013/11/15 10:44:59 | 015,412,488 | ---- | M] (Dell Inc) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Binaries\patch_dsc_630828to636148_64_02.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\1ab4c4c1-e3a5-4613-aac4-f8faa9eddda6\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\1ba6a1b8-59b1-457e-b230-fae7dc3fbd76\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2012/07/05 12:51:46 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\24a729b3-e675-452d-b208-37709b433f7d\appupdaterrules_dell\AddCertificate.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\4fdc8fde-9d58-45d4-9132-936ffee177a4\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\52c6edd0-ff38-42b9-b7ef-0932dc1f5a4c\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\5b3d0243-64e0-44d1-b022-cce092b408c3\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2012/07/05 12:51:46 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\8b7d5cd4-c303-42c1-91ae-fc18c6770a2e\appupdaterrules_dell\AddCertificate.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\8e6330c1-6c63-4c12-8369-3080b5851cd3\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\a1048767-7d0f-4734-a32d-4f71d6cb599d\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\bcc6f796-514a-4b4e-a836-61472d9b94d8\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\d3e63b9a-a865-4b0e-8400-891923e520af\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\d52bfeb8-b3c9-4cbf-b5a7-7ccab666143d\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\f184a63b-362f-4564-a883-1e98b3a1704b\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013/07/24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marion\AppData\Roaming\PCDr\Update\Rules\f4c37d52-012a-4c52-a9aa-59e50aa0005b\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013/03/07 19:22:20 | 002,959,376 | ---- | M] (Microsoft Corporation) -- C:\Users\Marion\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\dotnetfx35setup.exe
[2013/10/17 00:10:38 | 116,383,248 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\Extractor.exe
[2013/03/07 19:22:20 | 000,128,472 | ---- | M] (Macrovision Corporation) -- C:\Users\Marion\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\Helper.exe
[2013/03/07 19:22:20 | 004,216,840 | ---- | M] (Microsoft Corporation) -- C:\Users\Marion\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\vcredist_x86.exe
[2013/03/07 19:22:20 | 000,424,976 | ---- | M] (Research In Motion Limited) -- C:\Users\Marion\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\InstallerUtils\InstallerUtils.exe
[2013/03/07 19:22:20 | 000,083,472 | ---- | M] (Research In Motion Limited) -- C:\Users\Marion\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\InstallerUtils\Setup.exe
[2013/05/10 13:08:04 | 000,061,328 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AdminDelegator (1).exe
[2013/05/10 13:08:04 | 000,061,328 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AdminDelegator (2).exe
[2013/05/10 13:08:04 | 000,061,328 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AdminDelegator.exe
[2013/05/10 13:08:04 | 000,088,464 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller (1).exe
[2013/05/10 13:08:04 | 000,088,464 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller (2).exe
[2013/05/10 13:08:04 | 000,088,464 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2013/05/10 13:08:05 | 000,077,704 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate (1).exe
[2013/05/10 13:08:05 | 000,077,704 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate (2).exe
[2013/05/10 13:08:05 | 000,077,704 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2013/05/10 13:08:06 | 000,844,168 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR (1).exe
[2013/05/10 13:08:06 | 000,844,168 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR (2).exe
[2013/05/10 13:08:06 | 000,844,168 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2013/04/23 12:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2013/04/23 12:48:14 | 000,559,984 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesAgent.exe
[2013/04/23 12:48:16 | 000,277,872 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2013/04/23 12:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2013/04/23 12:36:02 | 000,173,568 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
[2013/04/23 12:38:58 | 000,344,576 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
[2013/04/23 12:36:54 | 000,692,224 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2013/04/23 12:48:18 | 000,067,952 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2013/04/23 12:48:24 | 000,065,904 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\RegisterCOM.exe
[2013/05/10 13:08:04 | 000,061,328 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AdminDelegator.exe
[2013/05/10 13:08:04 | 000,088,464 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
[2013/05/10 13:08:05 | 000,077,704 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
[2013/05/10 13:08:06 | 000,844,168 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2013/04/23 03:48:22 | 003,768,712 | ---- | M] (Freeware) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2013/04/23 12:48:22 | 000,602,992 | ---- | M] (ml) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Updater\Kies.Update.exe
[2013/04/03 07:16:34 | 015,359,912 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2013/11/06 01:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2013/11/06 01:55:40 | 000,559,984 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAgent.exe
[2013/11/06 01:55:42 | 000,277,872 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2013/11/06 01:55:40 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2013/11/06 01:42:10 | 000,173,568 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2013/11/06 01:44:58 | 000,351,232 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2013/11/06 01:43:48 | 000,693,760 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2013/11/06 01:55:44 | 000,067,952 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2013/11/06 01:55:50 | 000,065,904 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\RegisterCOM.exe
[2013/10/30 03:12:52 | 000,061,840 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AdminDelegator.exe
[2013/10/30 03:12:52 | 000,088,464 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2013/10/30 03:12:56 | 000,078,216 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2013/11/06 01:55:46 | 000,845,168 | ---- | M] (Samsung) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2013/10/30 03:12:54 | 000,017,408 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\Uncompress.exe
[2013/11/06 01:55:48 | 003,835,088 | ---- | M] (Freeware) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2013/10/30 03:06:58 | 000,061,440 | ---- | M] ((주)마크애니) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MaAgent.exe
[2013/10/30 03:06:58 | 000,032,768 | ---- | M] (MarkAny Co, Ltd) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MaCSMgr.exe
[2013/10/30 03:06:58 | 000,065,536 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MAWebControl.exe
[2013/10/30 03:06:58 | 000,401,056 | ---- | M] (Marktek Inc.) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MPXBox.exe
[2013/10/30 03:06:54 | 000,020,480 | ---- | M] ( ) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\UpdateClient\MAUpdate.exe
[2013/10/30 03:06:54 | 000,057,344 | ---- | M] ((주)마크애니) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\UpdateClient\MAUpdateBoot.exe
[2013/10/30 03:06:54 | 000,126,976 | ---- | M] ((주)마크애니) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\UpdateClient\MaUpdateClient.exe
[2013/10/30 03:09:20 | 025,591,752 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\StoryAlbumViewer\StoryAlbumViewer_setup.exe
[2013/11/06 01:55:48 | 000,623,984 | ---- | M] (ml) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Updater\Kies.Update.exe
[2013/10/30 04:45:28 | 015,369,584 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2013/04/23 12:48:22 | 000,602,992 | ---- | M] (ml) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update (1).exe
[2013/04/23 12:48:22 | 000,602,992 | ---- | M] (ml) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update (2).exe
[2013/04/23 12:48:22 | 000,602,992 | ---- | M] (ml) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2013/04/23 12:48:22 | 000,602,992 | ---- | M] (ml) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update (1).exe
[2013/04/23 12:48:22 | 000,602,992 | ---- | M] (ml) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update (2).exe
[2013/11/06 01:55:48 | 000,623,984 | ---- | M] (ml) -- C:\Users\Marion\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2005/06/06 09:29:14 | 000,110,592 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\U3\03715B60F0A018D9\cleanup.exe
[2006/03/30 10:34:56 | 002,592,768 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\U3\03715B60F0A018D9\LaunchPad.exe
[2013/11/18 23:46:18 | 000,274,944 | ---- | M] (SingularLabs) -- C:\Users\Marion\Desktop\JavaRa.exe
[2013/11/28 18:28:59 | 000,387,776 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Marion\Desktop\PsExec.exe
[2013/11/29 12:20:12 | 000,286,720 | ---- | M] (SteelWerX) -- C:\Users\Marion\Desktop\swreg.exe
[2013/11/20 19:29:08 | 000,165,376 | ---- | M] () -- C:\Users\Marion\Desktop\SystemLook_x64.exe
[2013/11/25 19:19:01 | 001,958,474 | ---- | M] (Farbar) -- C:\Users\Marion\Desktop\Maintainence\FRST64 (1).exe
[2013/11/18 23:46:18 | 000,274,944 | ---- | M] (SingularLabs) -- C:\Users\Marion\Desktop\Maintainence\JavaRa.exe
[2009/12/22 04:16:20 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Marion\Desktop\Maintainence\Adobe Reader 9 Installer\Setup (1).exe
[2009/12/22 04:16:20 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Marion\Desktop\Maintainence\Adobe Reader 9 Installer\Setup (2).exe
[2009/12/22 04:16:20 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Marion\Desktop\Maintainence\Adobe Reader 9 Installer\Setup.exe
[2013/07/03 11:47:30 | 003,161,648 | ---- | M] (VS Revo Group) -- C:\Users\Marion\Desktop\Maintainence\Revo Uninstaller\Revouninstaller.exe
[2013/11/20 18:49:36 | 000,087,550 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Marion\Desktop\Maintainence\Revo Uninstaller\uninst.exe
[2013/07/03 11:47:30 | 003,161,648 | ---- | M] (VS Revo Group) -- C:\Users\Marion\Desktop\Revo Uninstaller\Revouninstaller.exe
[2013/04/06 20:05:16 | 004,137,976 | ---- | M] () -- C:\Users\Marion\Documents\CW1356A1.exe
[1 C:\Users\Marion\Documents\*.tmp files -> C:\Users\Marion\Documents\*.tmp -> ]
[2013/10/18 19:43:19 | 154,092,488 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Marion\Downloads\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
[2012/03/17 17:36:42 | 155,182,440 | ---- | M] (NVIDIA Corporation) -- C:\Users\Marion\Downloads\285.62-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/25 13:29:08 | 122,601,808 | ---- | M] () -- C:\Users\Marion\Downloads\610_b038_multilanguage (1).exe
[2012/04/25 13:39:15 | 122,601,808 | ---- | M] () -- C:\Users\Marion\Downloads\610_b038_multilanguage (2).exe
[2012/03/17 17:45:08 | 122,601,808 | ---- | M] () -- C:\Users\Marion\Downloads\610_b038_multilanguage.exe
[2013/11/10 09:40:12 | 021,548,944 | ---- | M] (Innovative Solutions                                        ) -- C:\Users\Marion\Downloads\Advanced_Uninstaller11.exe
[2013/11/03 01:33:17 | 000,819,208 | ---- | M] (Google Inc.) -- C:\Users\Marion\Downloads\ChromeSetup.exe
[2013/10/18 18:24:25 | 001,998,248 | ---- | M] (Driver Whiz) -- C:\Users\Marion\Downloads\Driverwhiz.exe
[2013/11/23 09:46:13 | 035,334,016 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marion\Downloads\Dropbox 2.4.7 (1).exe
[2013/11/23 09:41:22 | 035,334,016 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marion\Downloads\Dropbox 2.4.7.exe
[2013/11/20 19:37:42 | 001,957,964 | ---- | M] (Farbar) -- C:\Users\Marion\Downloads\FRST64.exe
[2013/11/12 00:14:39 | 023,960,472 | ---- | M] (NVIDIA Corporation) -- C:\Users\Marion\Downloads\GeForce_Experience_v1.7.0.0.exe
[2013/11/15 16:03:37 | 010,264,904 | ---- | M] (SurfRight B.V.) -- C:\Users\Marion\Downloads\HitmanPro_x64.exe
[2013/11/29 11:51:43 | 100,400,976 | ---- | M] (Apple Inc.) -- C:\Users\Marion\Downloads\iTunes64Setup (1).exe
[2013/10/12 12:15:32 | 097,206,096 | ---- | M] (Apple Inc.) -- C:\Users\Marion\Downloads\iTunes64Setup.exe
[2013/11/17 14:36:48 | 029,040,552 | ---- | M] (Oracle Corporation) -- C:\Users\Marion\Downloads\jre-7u45-windows-i586 (1).exe
[2013/11/17 13:07:38 | 029,040,552 | ---- | M] (Oracle Corporation) -- C:\Users\Marion\Downloads\jre-7u45-windows-i586.exe
[2013/11/17 16:12:32 | 001,850,306 | ---- | M] (Dominik Reichl                                              ) -- C:\Users\Marion\Downloads\KeePass-1.26-Setup (1).exe
[2013/11/17 16:12:02 | 001,850,306 | ---- | M] (Dominik Reichl                                              ) -- C:\Users\Marion\Downloads\KeePass-1.26-Setup.exe
[2013/11/14 14:07:35 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marion\Downloads\mbam-setup-1.75.0.1300.exe
[2013/11/19 00:21:08 | 000,347,304 | ---- | M] (Microsoft Corporation) -- C:\Users\Marion\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.31308247663186633.1.1.Run.exe
[2013/11/18 23:55:26 | 000,347,304 | ---- | M] (Microsoft Corporation) -- C:\Users\Marion\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.63308246104186734.1.1.Run.exe
[2013/11/29 07:56:20 | 013,294,808 | ---- | M] (Mozy, Inc.) -- C:\Users\Marion\Downloads\mozysetup (1).exe
[2013/11/29 08:03:03 | 013,294,808 | ---- | M] (Mozy, Inc.) -- C:\Users\Marion\Downloads\mozysetup (2).exe
[2013/11/29 07:07:05 | 013,294,808 | ---- | M] (Mozy, Inc.) -- C:\Users\Marion\Downloads\mozysetup.exe
[2013/11/21 00:31:53 | 000,578,640 | ---- | M] (McAfee, Inc.) -- C:\Users\Marion\Downloads\MVTInstaller (1).exe
[2013/11/21 00:30:22 | 000,578,640 | ---- | M] (McAfee, Inc.) -- C:\Users\Marion\Downloads\MVTInstaller.exe
[2013/11/17 16:31:06 | 029,515,104 | ---- | M] (Symantec Corporation) -- C:\Users\Marion\Downloads\NortonIdentitySafe-EN-v1.exe
[2013/11/21 11:40:02 | 000,482,896 | ---- | M] (www.patchmypc.net) -- C:\Users\Marion\Downloads\PatchMyPC (1).exe
[2013/11/17 14:04:03 | 000,482,896 | ---- | M] (www.patchmypc.net) -- C:\Users\Marion\Downloads\PatchMyPC.exe
[2013/11/11 11:53:21 | 000,236,648 | ---- | M] (Big Fish Games) -- C:\Users\Marion\Downloads\peggle_s1_l1_gF1465T1L1_d2194852066.exe
[2013/10/31 22:57:36 | 001,520,376 | ---- | M] (Uniblue Systems Limited                                     ) -- C:\Users\Marion\Downloads\powersuite.exe
[2013/10/21 12:33:07 | 002,712,592 | ---- | M] () -- C:\Users\Marion\Downloads\R199967.exe
[2013/10/19 09:46:06 | 000,571,728 | ---- | M] () -- C:\Users\Marion\Downloads\R205900.exe
[2013/10/19 09:46:40 | 002,445,208 | ---- | M] () -- C:\Users\Marion\Downloads\R213714.EXE
[2013/10/19 09:45:18 | 110,976,048 | ---- | M] () -- C:\Users\Marion\Downloads\R227524.exe
[2013/11/05 07:43:39 | 000,272,664 | ---- | M] (Trusteer Ltd.) -- C:\Users\Marion\Downloads\RapportSetup.exe
[2013/11/27 16:54:30 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair (1).exe
[2013/11/27 17:03:15 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair (2).exe
[2013/11/27 17:06:08 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair (3).exe
[2013/11/28 18:24:42 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair (4).exe
[2013/11/28 18:24:53 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair (5).exe
[2013/11/27 16:51:14 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair.exe
[2013/11/20 18:49:07 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Marion\Downloads\revosetup.exe
[2013/11/20 18:50:07 | 010,031,224 | ---- | M] (VS Revo Group                                               ) -- C:\Users\Marion\Downloads\RevoUninProSetup.exe
[2013/10/12 09:37:44 | 000,272,664 | ---- | M] (Trusteer Ltd.) -- C:\Users\Marion\Downloads\RpprtSetup.exe
[2013/11/28 18:32:54 | 000,286,720 | ---- | M] (SteelWerX) -- C:\Users\Marion\Downloads\swreg (1).exe
[2013/11/29 12:15:19 | 000,286,720 | ---- | M] (SteelWerX) -- C:\Users\Marion\Downloads\swreg (2).exe
[2013/11/29 12:50:08 | 000,165,376 | ---- | M] () -- C:\Users\Marion\Downloads\SystemLook_x64 (1).exe
[2013/11/17 12:14:31 | 003,927,696 | ---- | M] () -- C:\Users\Marion\Downloads\tweaking.com_registry_backup_setup.exe
[2013/10/23 11:34:56 | 000,236,648 | ---- | M] (Big Fish Games) -- C:\Users\Marion\Downloads\viking-saga_s1_l1_gF7645T1L1_d2182559580.exe
[2013/11/11 18:38:39 | 000,661,184 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Marion\Downloads\Autoruns\autoruns.exe
[2013/11/11 18:38:39 | 000,579,264 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Marion\Downloads\Autoruns\autorunsc.exe
[2013/10/18 20:00:20 | 081,891,861 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marion\Downloads\Driver Whiz\Driver Whiz\64bit_Vista_Win7_Win8_R271.exe
[2013/11/05 14:26:56 | 107,949,327 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Marion\Downloads\Driver Whiz\Driver Whiz\64bit_Win7_Win8_Win81_R272.exe
[2013/10/18 18:57:49 | 026,129,808 | ---- | M] () -- C:\Users\Marion\Downloads\Driver Whiz\Driver Whiz\md64-win-mp260-1_02-ea24.exe

[color=#A23BEC]< %USERPROFILE%\Documents\*.* >[/color]
[2013/01/28 16:56:43 | 000,013,046 | ---- | M] () -- C:\Users\Marion\Documents\154 C  Chicken Soup.docx
[2011/10/28 14:27:06 | 000,014,859 | ---- | M] () -- C:\Users\Marion\Documents\Apple Crumble Recipe.docx
[2010/10/01 20:07:21 | 000,134,163 | ---- | M] () -- C:\Users\Marion\Documents\Ashton letters.docx
[2010/10/05 16:14:09 | 000,108,856 | ---- | M] () -- C:\Users\Marion\Documents\Ashton name.docx
[2012/02/06 18:27:53 | 000,673,654 | ---- | M] () -- C:\Users\Marion\Documents\ashton questions.docx
[2013/06/28 10:51:28 | 000,673,656 | ---- | M] () -- C:\Users\Marion\Documents\ashton questions.docx.518b.part
[2010/10/02 12:12:40 | 000,012,932 | ---- | M] () -- C:\Users\Marion\Documents\Ashton.docx
[2013/06/28 13:56:01 | 000,050,303 | ---- | M] () -- C:\Users\Marion\Documents\bell (2).docx
[2013/06/28 10:51:29 | 000,050,304 | ---- | M] () -- C:\Users\Marion\Documents\bell.docx.52be.part
[2013/12/02 10:42:34 | 000,012,067 | ---- | M] () -- C:\Users\Marion\Documents\Capture.PNG
[2013/06/28 13:56:01 | 000,013,500 | ---- | M] () -- C:\Users\Marion\Documents\cinema tickets (2).docx
[2013/06/28 10:51:29 | 000,013,504 | ---- | M] () -- C:\Users\Marion\Documents\cinema tickets.docx.5456.part
[2013/04/06 20:08:44 | 004,202,393 | ---- | M] () -- C:\Users\Marion\Documents\CL1356A1.bin
[2013/04/06 20:05:16 | 004,137,976 | ---- | M] () -- C:\Users\Marion\Documents\CW1356A1.exe
[2013/11/17 20:22:50 | 000,003,228 | ---- | M] () -- C:\Users\Marion\Documents\Database.kdb
[2012/06/19 17:13:48 | 000,658,201 | ---- | M] () -- C:\Users\Marion\Documents\Dear Ashton.docx
[2012/07/12 08:29:59 | 000,000,402 | ---- | M] () -- C:\Users\Marion\Documents\desktop (1).ini
[2013/06/28 13:56:02 | 000,000,402 | ---- | M] () -- C:\Users\Marion\Documents\desktop (2).ini
[2013/09/14 10:15:55 | 000,000,402 | -HS- | M] () -- C:\Users\Marion\Documents\desktop.ini
[2013/06/28 10:51:32 | 000,000,408 | ---- | M] () -- C:\Users\Marion\Documents\desktop.ini.01b6.part
[2013/08/09 17:10:51 | 000,055,444 | ---- | M] () -- C:\Users\Marion\Documents\Doc2.docx
[2012/02/05 11:42:40 | 000,031,118 | ---- | M] () -- C:\Users\Marion\Documents\DOG POO.docx
[2013/06/28 13:56:02 | 000,000,756 | ---- | M] () -- C:\Users\Marion\Documents\downloads (2).txt
[2013/06/28 10:51:47 | 000,000,760 | ---- | M] () -- C:\Users\Marion\Documents\downloads.txt.39f9.part
[2013/06/28 10:51:47 | 000,096,984 | ---- | M] () -- C:\Users\Marion\Documents\fatface.docx.3bc6.part
[2013/04/27 15:57:35 | 000,023,229 | ---- | M] () -- C:\Users\Marion\Documents\Global Sleepover Letter 1 April 2013v2.docx
[2011/09/09 16:54:59 | 000,043,258 | ---- | M] () -- C:\Users\Marion\Documents\Great_Fire.docx
[2011/05/18 20:19:44 | 000,026,027 | ---- | M] () -- C:\Users\Marion\Documents\HAPPY.docx
[2012/01/02 13:27:22 | 000,010,972 | ---- | M] () -- C:\Users\Marion\Documents\Institute of Health and Wellbeing.docx
[2013/06/28 13:56:03 | 000,000,552 | ---- | M] () -- C:\Users\Marion\Documents\iTunes (2).txt
[2013/06/28 13:56:02 | 000,004,164 | ---- | M] () -- C:\Users\Marion\Documents\iTunes Diagnostics (2).rtf
[2013/06/28 13:56:03 | 000,042,354 | ---- | M] () -- C:\Users\Marion\Documents\iTunes Diagnostics (2).spx
[2013/06/28 10:51:47 | 000,004,168 | ---- | M] () -- C:\Users\Marion\Documents\iTunes Diagnostics.rtf.3d8f.part
[2013/06/28 10:51:47 | 000,042,360 | ---- | M] () -- C:\Users\Marion\Documents\iTunes Diagnostics.spx.3f27.part
[2013/06/28 10:51:47 | 000,000,560 | ---- | M] () -- C:\Users\Marion\Documents\iTunes.txt.40f0.part
[2013/03/10 07:45:37 | 000,017,741 | ---- | M] () -- C:\Users\Marion\Documents\Kidderminster-Gym-Timetable.pdf
[2011/05/19 09:13:17 | 000,011,685 | ---- | M] () -- C:\Users\Marion\Documents\LEAH.docx
[2012/07/06 00:19:37 | 000,105,703 | ---- | M] () -- C:\Users\Marion\Documents\Nick and Lou 2.jpg
[2013/06/28 13:56:04 | 000,011,113 | ---- | M] () -- C:\Users\Marion\Documents\overpayment letter (2).docx
[2013/06/28 10:51:47 | 000,011,120 | ---- | M] () -- C:\Users\Marion\Documents\overpayment letter.docx.4223.part
[2010/12/27 19:01:43 | 000,015,442 | ---- | M] () -- C:\Users\Marion\Documents\Pension complaint letter.docx
[2013/06/28 13:56:04 | 000,011,061 | ---- | M] () -- C:\Users\Marion\Documents\pension proposal (2).docx
[2013/06/28 10:51:47 | 000,011,064 | ---- | M] () -- C:\Users\Marion\Documents\pension proposal.docx.4387.part
[2013/06/28 13:56:04 | 000,026,964 | ---- | M] () -- C:\Users\Marion\Documents\quote_108617 (2).pdf
[2013/06/28 10:51:48 | 000,026,968 | ---- | M] () -- C:\Users\Marion\Documents\quote_108617.pdf.44eb.part
[2011/10/28 14:22:00 | 000,015,339 | ---- | M] () -- C:\Users\Marion\Documents\Recipes.docx
[2013/06/28 10:51:48 | 000,166,872 | ---- | M] () -- C:\Users\Marion\Documents\request.pdf.46b8.part
[2011/10/28 10:42:59 | 000,012,156 | ---- | M] () -- C:\Users\Marion\Documents\Rock Cakes Recipe.docx
[2010/10/05 12:46:40 | 000,167,165 | ---- | M] () -- C:\Users\Marion\Documents\satpin.docx
[2011/10/27 10:59:08 | 000,035,961 | ---- | M] () -- C:\Users\Marion\Documents\The Victoria Sponge.docx
[2012/02/05 12:12:09 | 000,010,746 | ---- | M] () -- C:\Users\Marion\Documents\WHERE.docx
[2010/11/29 12:46:02 | 000,073,176 | ---- | M] () -- C:\Users\Marion\Documents\WOODY.docx
[2010/10/04 09:25:51 | 000,000,162 | ---- | M] () -- C:\Users\Marion\Documents\~$satpin.docx
[1 C:\Users\Marion\Documents\*.tmp files -> C:\Users\Marion\Documents\*.tmp -> ]

[color=#A23BEC]< %USERPROFILE%\Downloads\*.* >[/color]
[2009/02/15 23:45:17 | 006,190,278 | ---- | M] () -- C:\Users\Marion\Downloads\05 You're The First Time I've Though.m4a
[2013/10/18 19:43:19 | 154,092,488 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Marion\Downloads\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
[2013/10/18 19:42:42 | 415,761,013 | ---- | M] () -- C:\Users\Marion\Downloads\13.151-130819a-161838C-EDG_Direct.zip
[2013/11/02 10:20:10 | 000,124,678 | ---- | M] () -- C:\Users\Marion\Downloads\1729042N (1).pdf
[2013/11/01 12:45:33 | 000,124,678 | ---- | M] () -- C:\Users\Marion\Downloads\1729042N.pdf
[2013/11/06 23:14:31 | 003,222,081 | ---- | M] () -- C:\Users\Marion\Downloads\1895973 doc01616820131030171823 (1).pdf
[2013/11/06 23:13:43 | 003,222,081 | ---- | M] () -- C:\Users\Marion\Downloads\1895973 doc01616820131030171823.pdf
[2013/01/07 22:04:53 | 000,212,180 | ---- | M] () -- C:\Users\Marion\Downloads\250099_10151102318438859_2018073678_n.jpg
[2012/03/17 17:36:42 | 155,182,440 | ---- | M] (NVIDIA Corporation) -- C:\Users\Marion\Downloads\285.62-desktop-win7-winvista-64bit-english-whql.exe
[2012/04/25 13:29:08 | 122,601,808 | ---- | M] () -- C:\Users\Marion\Downloads\610_b038_multilanguage (1).exe
[2012/04/25 13:39:15 | 122,601,808 | ---- | M] () -- C:\Users\Marion\Downloads\610_b038_multilanguage (2).exe
[2012/03/17 17:45:08 | 122,601,808 | ---- | M] () -- C:\Users\Marion\Downloads\610_b038_multilanguage.exe
[2013/11/20 19:39:18 | 000,029,651 | ---- | M] () -- C:\Users\Marion\Downloads\Addition.txt
[2013/11/10 09:40:12 | 021,548,944 | ---- | M] (Innovative Solutions                                        ) -- C:\Users\Marion\Downloads\Advanced_Uninstaller11.exe
[2013/10/18 19:37:57 | 217,681,405 | ---- | M] () -- C:\Users\Marion\Downloads\AMD_Catalyst_13.4_Vista_W7_W8_WHQL.zip
[2013/11/11 18:29:11 | 000,550,371 | ---- | M] () -- C:\Users\Marion\Downloads\Autoruns.zip
[2013/10/19 09:44:22 | 002,911,266 | ---- | M] () -- C:\Users\Marion\Downloads\BH20N-C106 (1).zip
[2013/11/03 01:33:17 | 000,819,208 | ---- | M] (Google Inc.) -- C:\Users\Marion\Downloads\ChromeSetup.exe
[2013/10/21 10:58:28 | 000,027,305 | ---- | M] () -- C:\Users\Marion\Downloads\DellPerformanceDiagnostic (1).diagcab
[2013/10/21 10:46:24 | 000,027,305 | ---- | M] () -- C:\Users\Marion\Downloads\DellPerformanceDiagnostic.diagcab
[2013/10/13 11:43:33 | 000,010,591 | ---- | M] () -- C:\Users\Marion\Downloads\dellsystemdetect (1).application
[2012/07/12 08:29:59 | 000,000,282 | ---- | M] () -- C:\Users\Marion\Downloads\desktop (1).ini
[2012/07/12 08:29:59 | 000,000,282 | ---- | M] () -- C:\Users\Marion\Downloads\desktop (2).ini
[2013/11/17 20:27:16 | 000,000,282 | -HS- | M] () -- C:\Users\Marion\Downloads\desktop.ini
[2013/10/18 18:24:25 | 001,998,248 | ---- | M] (Driver Whiz) -- C:\Users\Marion\Downloads\Driverwhiz.exe
[2013/11/23 09:46:13 | 035,334,016 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marion\Downloads\Dropbox 2.4.7 (1).exe
[2013/11/23 09:41:22 | 035,334,016 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marion\Downloads\Dropbox 2.4.7.exe
[2013/11/17 13:00:52 | 000,001,450 | ---- | M] () -- C:\Users\Marion\Downloads\fix.reg
[2013/11/17 14:58:50 | 000,000,060 | ---- | M] () -- C:\Users\Marion\Downloads\fixlist (1).txt
[2013/11/24 18:58:54 | 000,011,526 | ---- | M] () -- C:\Users\Marion\Downloads\fixlist (2).txt
[2013/11/25 00:18:58 | 000,011,526 | ---- | M] () -- C:\Users\Marion\Downloads\fixlist (3).txt
[2013/11/25 09:24:32 | 000,011,526 | ---- | M] () -- C:\Users\Marion\Downloads\fixlist (4).txt
[2013/11/20 19:39:18 | 000,082,760 | ---- | M] () -- C:\Users\Marion\Downloads\FRST.txt
[2013/11/20 19:37:42 | 001,957,964 | ---- | M] (Farbar) -- C:\Users\Marion\Downloads\FRST64.exe
[2013/11/12 00:14:39 | 023,960,472 | ---- | M] (NVIDIA Corporation) -- C:\Users\Marion\Downloads\GeForce_Experience_v1.7.0.0.exe
[2013/01/13 14:15:45 | 000,001,837 | ---- | M] () -- C:\Users\Marion\Downloads\graph.pdf
[2013/11/15 16:30:01 | 000,004,626 | ---- | M] () -- C:\Users\Marion\Downloads\HitmanPro_20131115_1629.log
[2013/11/15 16:03:37 | 010,264,904 | ---- | M] (SurfRight B.V.) -- C:\Users\Marion\Downloads\HitmanPro_x64.exe
[2013/11/29 11:51:43 | 100,400,976 | ---- | M] (Apple Inc.) -- C:\Users\Marion\Downloads\iTunes64Setup (1).exe
[2013/10/12 12:15:32 | 097,206,096 | ---- | M] (Apple Inc.) -- C:\Users\Marion\Downloads\iTunes64Setup.exe
[2013/11/18 23:45:44 | 000,157,265 | ---- | M] () -- C:\Users\Marion\Downloads\JavaRa-2.3.zip
[2013/11/17 13:24:17 | 029,040,552 | ---- | M] (Oracle Corporation) -- C:\Users\Marion\Downloads\jre-7u45-windows-i586
[2013/11/17 14:36:48 | 029,040,552 | ---- | M] (Oracle Corporation) -- C:\Users\Marion\Downloads\jre-7u45-windows-i586 (1).exe
[2013/11/17 13:07:38 | 029,040,552 | ---- | M] (Oracle Corporation) -- C:\Users\Marion\Downloads\jre-7u45-windows-i586.exe
[2013/11/17 16:12:32 | 001,850,306 | ---- | M] (Dominik Reichl                                              ) -- C:\Users\Marion\Downloads\KeePass-1.26-Setup (1).exe
[2013/11/17 16:12:02 | 001,850,306 | ---- | M] (Dominik Reichl                                              ) -- C:\Users\Marion\Downloads\KeePass-1.26-Setup.exe
[2013/11/18 23:44:44 | 000,451,928 | ---- | M] () -- C:\Users\Marion\Downloads\linecount (1).txt
[2013/11/18 00:19:22 | 000,451,928 | ---- | M] () -- C:\Users\Marion\Downloads\linecount.txt
[2013/11/19 20:01:31 | 000,000,393 | ---- | M] () -- C:\Users\Marion\Downloads\live-calls-by-topic.csv
[2012/07/10 14:49:39 | 000,005,323 | ---- | M] () -- C:\Users\Marion\Downloads\lunapic_134193091269708_6.jpg
[2013/04/14 12:16:27 | 000,031,744 | ---- | M] () -- C:\Users\Marion\Downloads\Marion April 2013.xls
[2013/11/14 14:07:35 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marion\Downloads\mbam-setup-1.75.0.1300.exe
[2013/04/11 21:22:01 | 000,345,515 | ---- | M] () -- C:\Users\Marion\Downloads\ME FAT (1).htm
[2013/11/19 00:21:08 | 000,347,304 | ---- | M] (Microsoft Corporation) -- C:\Users\Marion\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.31308247663186633.1.1.Run.exe
[2013/11/18 23:55:26 | 000,347,304 | ---- | M] (Microsoft Corporation) -- C:\Users\Marion\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.63308246104186734.1.1.Run.exe
[2012/05/20 17:53:24 | 000,000,363 | ---- | M] () -- C:\Users\Marion\Downloads\MOV079.MOI
[2013/11/29 06:40:28 | 002,394,624 | ---- | M] () -- C:\Users\Marion\Downloads\MozyRestoreManager.msi
[2013/11/29 07:56:20 | 013,294,808 | ---- | M] (Mozy, Inc.) -- C:\Users\Marion\Downloads\mozysetup (1).exe
[2013/11/29 08:03:03 | 013,294,808 | ---- | M] (Mozy, Inc.) -- C:\Users\Marion\Downloads\mozysetup (2).exe
[2013/11/29 07:07:05 | 013,294,808 | ---- | M] (Mozy, Inc.) -- C:\Users\Marion\Downloads\mozysetup.exe
[2013/10/18 09:00:45 | 001,445,133 | ---- | M] () -- C:\Users\Marion\Downloads\MS STEPIEN.PDF
[2013/11/11 12:17:32 | 000,987,961 | ---- | M] () -- C:\Users\Marion\Downloads\MS STEPIEN.zip
[2013/11/21 00:31:53 | 000,578,640 | ---- | M] (McAfee, Inc.) -- C:\Users\Marion\Downloads\MVTInstaller (1).exe
[2013/11/21 00:30:22 | 000,578,640 | ---- | M] (McAfee, Inc.) -- C:\Users\Marion\Downloads\MVTInstaller.exe
[2013/11/17 16:31:06 | 029,515,104 | ---- | M] (Symantec Corporation) -- C:\Users\Marion\Downloads\NortonIdentitySafe-EN-v1.exe
[2013/12/05 20:19:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marion\Downloads\OTL.scr
[2013/11/14 14:00:47 | 000,001,816 | ---- | M] () -- C:\Users\Marion\Downloads\pastebin_backup_20131114.zip
[2013/11/21 11:40:02 | 000,482,896 | ---- | M] (www.patchmypc.net) -- C:\Users\Marion\Downloads\PatchMyPC (1).exe
[2013/11/17 14:04:03 | 000,482,896 | ---- | M] (www.patchmypc.net) -- C:\Users\Marion\Downloads\PatchMyPC.exe
[2013/11/11 11:53:21 | 000,236,648 | ---- | M] (Big Fish Games) -- C:\Users\Marion\Downloads\peggle_s1_l1_gF1465T1L1_d2194852066.exe
[2013/02/17 14:53:16 | 000,029,314 | ---- | M] () -- C:\Users\Marion\Downloads\photo 2 (1).JPG
[2013/01/16 16:51:22 | 000,034,367 | ---- | M] () -- C:\Users\Marion\Downloads\photo 2.JPG
[2013/10/31 22:57:36 | 001,520,376 | ---- | M] (Uniblue Systems Limited                                     ) -- C:\Users\Marion\Downloads\powersuite.exe
[2013/11/28 18:27:37 | 001,662,360 | ---- | M] () -- C:\Users\Marion\Downloads\PSTools.zip
[2013/10/21 12:33:07 | 002,712,592 | ---- | M] () -- C:\Users\Marion\Downloads\R199967.exe
[2013/10/19 09:46:06 | 000,571,728 | ---- | M] () -- C:\Users\Marion\Downloads\R205900.exe
[2013/10/19 09:46:40 | 002,445,208 | ---- | M] () -- C:\Users\Marion\Downloads\R213714.EXE
[2013/10/19 09:45:18 | 110,976,048 | ---- | M] () -- C:\Users\Marion\Downloads\R227524.exe
[2013/11/05 07:43:39 | 000,272,664 | ---- | M] (Trusteer Ltd.) -- C:\Users\Marion\Downloads\RapportSetup.exe
[2013/11/27 16:54:30 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair (1).exe
[2013/11/27 17:03:15 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair (2).exe
[2013/11/27 17:06:08 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair (3).exe
[2013/11/28 18:24:42 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair (4).exe
[2013/11/28 18:24:53 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair (5).exe
[2013/11/27 16:51:14 | 000,767,448 | ---- | M] (Reimage®) -- C:\Users\Marion\Downloads\ReimageRepair.exe
[2013/11/29 12:43:49 | 000,000,226 | ---- | M] () -- C:\Users\Marion\Downloads\reset (1).bat
[2013/11/29 06:41:37 | 000,000,170 | ---- | M] () -- C:\Users\Marion\Downloads\restore_2037934.mzd
[2013/11/20 18:49:07 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Marion\Downloads\revosetup.exe
[2013/11/20 18:50:07 | 010,031,224 | ---- | M] (VS Revo Group                                               ) -- C:\Users\Marion\Downloads\RevoUninProSetup.exe
[2013/10/12 09:37:44 | 000,272,664 | ---- | M] (Trusteer Ltd.) -- C:\Users\Marion\Downloads\RpprtSetup.exe
[2013/11/22 16:53:53 | 002,825,011 | ---- | M] () -- C:\Users\Marion\Downloads\SmartSwitch_1.0.13041_14.zip
[2013/01/07 22:04:40 | 000,533,342 | ---- | M] () -- C:\Users\Marion\Downloads\Summer 2012 (1).htm
[2013/11/28 18:32:54 | 000,286,720 | ---- | M] (SteelWerX) -- C:\Users\Marion\Downloads\swreg (1).exe
[2013/11/29 12:15:19 | 000,286,720 | ---- | M] (SteelWerX) -- C:\Users\Marion\Downloads\swreg (2).exe
[2013/11/25 00:45:09 | 001,828,864 | ---- | M] () -- C:\Users\Marion\Downloads\synctunes (1).msi
[2013/11/23 02:13:00 | 001,828,864 | ---- | M] () -- C:\Users\Marion\Downloads\synctunes.msi
[2013/11/20 19:33:01 | 000,047,676 | ---- | M] () -- C:\Users\Marion\Downloads\SystemLook.txt
[2013/11/29 12:50:08 | 000,165,376 | ---- | M] () -- C:\Users\Marion\Downloads\SystemLook_x64 (1).exe
[2013/11/17 12:14:31 | 003,927,696 | ---- | M] () -- C:\Users\Marion\Downloads\tweaking.com_registry_backup_setup.exe
[2013/10/23 11:34:56 | 000,236,648 | ---- | M] (Big Fish Games) -- C:\Users\Marion\Downloads\viking-saga_s1_l1_gF7645T1L1_d2182559580.exe
[2013/11/14 13:01:08 | 000,001,017 | ---- | M] () -- C:\Users\Marion\Downloads\XkFYh0gP.txt

[color=#A23BEC]< %USERPROFILE%\AppData\Local\*.* >[/color]
[2011/11/29 10:40:00 | 000,196,608 | ---- | M] () -- C:\Users\Marion\AppData\Local\common_functions.dll
[2013/11/21 00:13:25 | 000,005,120 | ---- | M] () -- C:\Users\Marion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/14 08:55:32 | 000,000,094 | ---- | M] () -- C:\Users\Marion\AppData\Local\fusioncache.dat
[2010/04/19 03:22:53 | 000,068,328 | ---- | M] () -- C:\Users\Marion\AppData\Local\GDIPFONTCACHEV1.DAT
[2013/12/03 13:53:20 | 008,031,545 | -H-- | M] () -- C:\Users\Marion\AppData\Local\IconCache.db
[2011/10/25 17:54:06 | 000,940,544 | ---- | M] (Apache Software Foundation) -- C:\Users\Marion\AppData\Local\log4cxx.dll
[2013/06/24 06:44:53 | 000,007,623 | ---- | M] () -- C:\Users\Marion\AppData\Local\Resmon.ResmonCfg
[2008/02/05 12:28:20 | 000,000,051 | ---- | M] () -- C:\Users\Marion\AppData\Local\setup.txt

[color=#A23BEC]< %USERPROFILE%\AppData\Local\*. >[/color]
[2013/11/22 15:59:50 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Adobe
[2013/11/03 01:19:30 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Akamai
[2013/11/10 13:53:03 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Apple
[2013/11/10 09:55:35 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Apple Computer
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Application Data
[2013/03/12 20:05:31 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\ApplicationHistory
[2010/04/12 08:38:40 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Apps
[2010/12/22 22:46:41 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Astar Games
[2010/08/11 14:13:15 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\ATI
[2013/09/24 22:21:27 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Big Fish
[2013/11/23 02:17:48 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Bit_Studio
[2010/04/12 08:38:47 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Citrix
[2013/12/05 17:39:18 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\CrashDumps
[2013/11/12 00:24:48 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Deployment
[2013/11/24 19:45:01 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Diagnostics
[2013/11/22 16:33:30 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Downloaded Installations
[2013/11/29 12:33:59 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\ElevatedDiagnostics
[2010/11/25 00:45:57 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Emerald
[2013/11/17 12:01:51 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\History
[2013/11/10 09:44:12 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Innovative Solutions
[2013/03/12 00:17:10 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\InWorldz
[2013/11/21 11:56:58 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Microsoft
[2013/11/12 16:08:41 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Microsoft Games
[2013/03/12 20:05:31 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Microsoft Help
[2012/09/01 13:08:42 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\MigWiz
[2013/11/29 07:05:47 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Mozy Restore Manager
[2013/11/02 12:06:12 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\NativeMessaging
[2013/11/10 09:55:50 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\PCM4Everio
[2011/12/20 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\PhoenixViewer
[2013/11/14 14:07:45 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Programs
[2013/01/17 13:50:43 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Research In Motion
[2013/04/30 11:27:41 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Samsung
[2013/03/12 01:30:51 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\SecondLife
[2011/11/12 14:21:08 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\SlimWare Utilities Inc
[2010/04/27 12:13:47 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\sowhat
[2013/01/14 14:54:51 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Stronghold_LLC
[2013/12/05 20:52:18 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Temp
[2010/04/12 07:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Temporary Internet Files
[2011/03/16 20:37:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Trusteer
[2013/09/03 11:51:03 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Turtix
[2013/11/14 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\VirtualStore
[2013/11/20 19:02:04 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\VS Revo Group
[2012/08/18 22:34:04 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Windows Live
[2011/06/08 09:47:16 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Windows Live Writer
[2013/11/21 14:20:12 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\{20884471-0E7E-4940-A053-1F0B12FF9589}
[2013/11/20 22:39:04 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\{DB584E07-379E-41CB-9996-243B7BE00B07}
[2013/11/28 17:38:12 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\{E0669A64-556C-40F3-BD00-25C15A9466F1}

[color=#A23BEC]< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.* >[/color]
[2013/11/10 13:09:27 | 000,114,688 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2013/04/29 00:15:38 | 000,110,592 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Archived History (1)
[2013/04/29 00:15:38 | 000,110,592 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Archived History (2)
[2013/11/10 13:09:27 | 000,008,720 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2013/04/29 00:15:38 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal (1)
[2013/04/29 00:15:38 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal (2)
[2013/11/29 12:40:18 | 000,034,082 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2012/05/11 23:29:12 | 000,001,849 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Bookmarks (1)
[2012/05/11 23:29:12 | 000,001,849 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Bookmarks (1).bak
[2012/05/11 23:29:12 | 000,001,849 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Bookmarks (2)
[2012/05/11 23:29:12 | 000,001,849 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Bookmarks (2).bak
[2013/11/29 12:40:18 | 000,034,082 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2013/03/12 18:16:09 | 000,083,968 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (1)
[2013/03/12 18:16:09 | 000,083,968 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (2)
[2013/03/12 23:16:57 | 000,095,836 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (1)
[2013/03/12 23:16:57 | 000,095,836 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (2)
[2013/12/05 20:52:18 | 000,670,720 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2013/04/29 00:13:47 | 000,068,608 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Cookies (1)
[2013/04/29 00:13:47 | 000,068,608 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Cookies (2)
[2013/12/05 20:52:18 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2013/04/29 00:13:47 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal (1)
[2013/04/29 00:13:47 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal (2)
[2013/11/11 12:41:40 | 000,670,720 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\cookies_2013-11-11_14-1-14-744
[2013/12/05 20:45:50 | 000,000,000 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2013/04/29 00:15:38 | 000,070,934 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Current Session (1)
[2013/04/29 00:15:38 | 000,070,934 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Current Session (2)
[2013/12/05 20:45:04 | 000,032,312 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2013/04/29 00:15:38 | 000,013,571 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Current Tabs (1)
[2013/04/29 00:15:38 | 000,013,571 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Current Tabs (2)
[2013/11/03 00:06:51 | 000,006,144 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2013/03/12 18:16:09 | 000,006,144 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies (1)
[2013/03/12 18:16:09 | 000,006,144 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies (2)
[2013/11/03 00:06:51 | 000,003,608 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
[2013/03/12 18:16:09 | 000,001,544 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal (1)
[2013/03/12 18:16:09 | 000,001,544 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal (2)
[2013/12/05 18:42:18 | 004,517,888 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2013/04/29 00:13:28 | 000,069,632 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Favicons (1)
[2013/04/29 00:13:28 | 000,069,632 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Favicons (2)
[2013/12/05 18:42:18 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2013/04/29 00:13:28 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal (1)
[2013/04/29 00:13:28 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal (2)
[2012/04/25 13:37:39 | 000,150,798 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Google Profile (1).ico
[2012/04/25 13:37:39 | 000,150,798 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Google Profile (2).ico
[2013/11/17 12:02:09 | 000,181,623 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
[2013/12/05 20:46:14 | 005,414,912 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\History
[2013/04/29 00:15:37 | 000,143,360 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\History (1)
[2013/04/29 00:15:37 | 000,143,360 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\History (2)
[2013/12/05 20:45:04 | 000,516,389 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2013/04/29 00:15:37 | 000,003,231 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache (1)
[2013/04/29 00:15:37 | 000,003,231 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache (2)
[2013/12/05 20:46:14 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2013/04/29 00:15:37 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\History-journal (1)
[2013/04/29 00:15:37 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\History-journal (2)
[2013/12/05 20:45:05 | 000,345,234 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2013/03/24 19:22:42 | 000,086,926 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Last Session (1)
[2013/03/24 19:22:42 | 000,086,926 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Last Session (2)
[2013/12/05 20:14:47 | 000,087,204 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2013/03/24 19:22:42 | 000,007,619 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Last Tabs (1)
[2013/03/24 19:22:42 | 000,007,619 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Last Tabs (2)
[2013/12/05 18:30:19 | 000,030,720 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/08/28 12:51:43 | 000,012,288 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Login Data (1)
[2011/08/28 12:51:43 | 000,012,288 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Login Data (2)
[2013/12/05 18:30:19 | 000,008,736 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
[2013/11/17 10:15:35 | 000,000,008 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Managed Mode Settings
[2013/04/29 00:13:25 | 000,000,008 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Managed Mode Settings (1)
[2013/04/29 00:13:25 | 000,000,008 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Managed Mode Settings (2)
[2013/12/03 12:14:13 | 000,080,896 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2013/03/12 18:16:08 | 000,013,312 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor (1)
[2013/03/12 18:16:08 | 000,013,312 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor (2)
[2013/12/03 12:14:13 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2013/03/12 18:16:08 | 000,003,608 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal (1)
[2013/03/12 18:16:08 | 000,003,608 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal (2)
[2013/12/05 18:32:19 | 000,032,768 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
[2013/03/24 19:21:58 | 000,007,168 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs (1)
[2013/03/24 19:21:58 | 000,007,168 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs (2)
[2013/12/05 18:32:19 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal
[2013/03/24 19:21:58 | 000,003,608 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal (1)
[2013/03/24 19:21:58 | 000,003,608 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal (2)
[2013/12/05 20:50:07 | 000,087,482 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2013/04/29 00:15:38 | 000,089,949 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Preferences (1)
[2013/04/29 00:15:38 | 000,089,949 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Preferences (2)
[2013/12/02 22:55:06 | 000,013,312 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2013/03/24 19:16:17 | 000,013,312 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\QuotaManager (1)
[2013/03/24 19:16:17 | 000,013,312 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\QuotaManager (2)
[2013/12/02 22:55:06 | 000,008,768 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
[2013/03/24 19:16:17 | 000,008,768 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal (1)
[2013/03/24 19:16:17 | 000,008,768 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal (2)
[2012/06/11 10:31:19 | 000,000,180 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\README
[2012/06/11 10:31:19 | 000,000,180 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\README (1)
[2012/06/11 10:31:19 | 000,000,180 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\README (2)
[2013/12/03 11:31:58 | 000,024,576 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/04/25 13:49:06 | 000,012,288 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Shortcuts (1)
[2012/04/25 13:49:06 | 000,012,288 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Shortcuts (2)
[2013/12/03 11:31:58 | 000,012,824 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
[2012/04/25 13:49:06 | 000,012,824 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal (1)
[2012/04/25 13:49:06 | 000,012,824 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal (2)
[2013/12/05 18:30:00 | 000,176,128 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/08/03 18:48:01 | 000,110,592 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Top Sites (1)
[2012/08/03 18:48:01 | 000,110,592 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Top Sites (2)
[2013/12/05 18:30:00 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2012/08/03 18:48:01 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal (1)
[2012/08/03 18:48:01 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal (2)
[2013/12/05 20:46:15 | 000,004,158 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
[2013/12/05 20:14:47 | 000,262,160 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2013/04/29 00:15:38 | 000,131,072 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Visited Links (1)
[2013/04/29 00:15:38 | 000,131,072 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Visited Links (2)
[2013/12/05 18:42:06 | 000,129,024 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2013/04/29 00:13:16 | 000,083,968 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Web Data (1)
[2013/04/29 00:13:16 | 000,083,968 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Web Data (2)
[2013/12/05 18:42:06 | 000,016,384 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2013/04/29 00:13:16 | 000,012,848 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal (1)
[2013/04/29 00:13:16 | 000,012,848 | ---- | M] () -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal (2)
[17 C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\*.tmp files -> C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\*.tmp -> ]

[color=#A23BEC]< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*. >[/color]
[2013/12/05 20:46:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Cache
[2013/11/12 01:54:55 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\databases
[2013/12/05 20:45:47 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
[2013/12/05 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extension State
[2013/11/17 16:47:19 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions
[2013/11/14 01:18:05 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\File System
[2013/11/12 01:55:07 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\GPUCache
[2013/12/05 20:46:03 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
[2013/12/05 20:45:05 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld
[2013/11/02 12:07:31 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings
[2013/12/05 18:34:44 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Local Storage
[2013/11/25 01:01:13 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Media Cache
[2012/11/23 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data
[2013/12/05 20:45:48 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Session Storage
[2013/10/11 18:04:24 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Sync Data
[2013/06/28 08:53:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets

[color=#A23BEC]< %USERPROFILE%\AppData\Local\temp\*.exe >[/color]
[2013/09/01 11:58:28 | 000,488,960 | ---- | M] () -- C:\Users\Marion\AppData\Local\temp\sqlite3.exe
[8 C:\Users\Marion\AppData\Local\temp\*.tmp files -> C:\Users\Marion\AppData\Local\temp\*.tmp -> ]

[color=#A23BEC]< %USERPROFILE%\AppData\Roaming\*.* >[/color]
[2013/08/13 09:54:31 | 000,889,416 | ---- | M] (Microsoft Corporation) -- C:\Users\Marion\AppData\Roaming\dotNetFx40_Full_setup.exe
[2013/04/12 08:36:32 | 000,001,617 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Rim.Desktop.Exception (1).log
[2013/04/12 08:36:32 | 000,001,617 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Rim.Desktop.Exception (2).log
[2013/11/24 19:17:32 | 000,002,464 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Rim.Desktop.Exception.log
[2013/01/06 10:56:40 | 000,002,257 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Rim.Desktop.HttpServerSetup (1).log
[2013/01/06 10:56:40 | 000,002,257 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Rim.Desktop.HttpServerSetup (2).log
[2013/11/24 19:18:26 | 000,006,437 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2013/02/07 21:08:13 | 000,001,463 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Rim.DesktopHelper.Exception (1).log
[2013/02/07 21:08:13 | 000,001,463 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Rim.DesktopHelper.Exception (2).log
[2013/11/20 22:48:21 | 000,001,771 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Rim.DesktopHelper.Exception.log
[2013/11/24 19:17:32 | 000,000,539 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Rim.Transcoder.Exception.log

[color=#A23BEC]< %USERPROFILE%\AppData\Roaming\*. >[/color]
[2013/11/10 11:21:59 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Adobe
[2013/11/02 01:33:39 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\AlawarEntertainment
[2012/08/19 12:38:10 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\aliasworlds
[2010/06/03 10:27:43 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Amazon
[2013/11/10 09:56:30 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Ancient Quest of Saqqarah__bfg
[2012/08/31 13:41:45 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Anuman
[2013/01/06 11:57:04 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Apple Computer
[2013/11/10 09:56:31 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\ATI
[2010/12/22 23:11:16 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Awem
[2013/09/24 22:21:25 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\BBB
[2013/06/28 09:02:43 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Be a King 2
[2013/11/01 19:27:10 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Big Fish Games
[2013/06/28 09:03:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\BigFish All My Gods
[2010/04/29 21:22:42 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\BigFishGames
[2012/08/24 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Boolat Games
[2013/06/28 09:03:15 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Boomzap
[2010/04/17 15:36:29 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Braintonik
[2013/12/02 20:49:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Clip Art Collection
[2013/11/10 09:56:31 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\CyberLink
[2013/09/13 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DarkManor
[2013/06/28 09:11:38 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Deadly Sin
[2013/08/13 10:02:44 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Dell
[2011/09/09 16:26:22 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DriverFinder
[2013/12/05 17:10:44 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Dropbox
[2012/08/09 09:37:18 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\EdAlive
[2013/02/04 15:51:31 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Elephant Games
[2013/09/29 08:25:30 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\ERS Game Studios
[2013/06/28 09:17:08 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Faerie Solitaire
[2013/10/13 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\FixCleaner
[2013/11/10 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Foresight Software
[2013/06/28 09:17:09 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\ForrestGump
[2012/11/09 00:32:12 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\funkitron
[2010/04/28 17:59:55 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\G-HeadGames
[2012/04/05 10:51:14 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\GAMESHASTRA
[2013/11/10 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\GirlsDateChat
[2010/04/18 07:09:26 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\GOA
[2013/11/10 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Google
[2013/11/10 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Identities
[2013/09/06 00:31:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Inertia Game Studios
[2013/11/10 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\InstallShield
[2012/08/23 11:48:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\InWorldz
[2013/11/17 16:41:44 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\KeePass
[2013/10/22 13:52:28 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\kidoz
[2012/08/31 15:15:41 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\LegacyGames
[2013/03/20 00:57:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Liam games
[2013/09/26 15:58:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Macromedia
[2013/11/14 14:09:44 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Malwarebytes
[2011/12/12 15:51:40 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\McAfee
[2013/10/27 19:46:36 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Melesta
[2013/11/21 11:57:00 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Microsoft
[2013/10/27 19:09:10 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Nimbus Games
[2012/02/03 19:44:35 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\NVIDIA
[2012/10/03 12:25:45 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Oberon Media
[2013/01/14 14:54:31 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\OpenClipArtLibraryPackages
[2010/05/17 22:11:18 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Orneon
[2013/08/13 10:00:37 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\PCDr
[2013/11/10 09:57:08 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Pengu Wars
[2013/11/11 12:08:32 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Picsoft
[2013/09/26 15:58:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\PlayFirst
[2013/02/04 13:35:56 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Publisher
[2010/05/24 15:32:17 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\QB9
[2013/11/29 06:54:40 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Research In Motion
[2013/11/22 16:21:13 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Samsung
[2012/05/16 18:51:11 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\SecondLife
[2013/10/24 18:44:56 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Skyborn
[2013/06/28 10:02:03 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Super-Cow
[2013/11/25 02:54:40 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\SyncTunesDesktop
[2010/04/13 14:42:02 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\System Tweaker
[2013/10/24 19:22:42 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\The Witch and The Warrior
[2010/06/12 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Trusteer
[2013/06/28 10:03:23 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Turbine
[2013/07/16 15:51:11 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\U3
[2013/11/13 09:30:12 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Uniblue
[2013/11/10 09:57:21 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\vcards
[2013/10/23 12:06:34 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\viking_saga_bfg_en
[2013/06/28 10:07:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Virtual City
[2012/04/21 19:15:05 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\WendigoStudios
[2013/10/03 16:44:59 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\when_in_rome_bfg
[2013/07/14 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Windows Live Writer

[color=#A23BEC]< %ProgramData%\*.* >[/color]

[color=#A23BEC]< %ProgramData%\*. >[/color]
[2012/08/04 12:59:36 | 000,000,000 | ---D | M] -- C:\ProgramData\225932D202D48936DAFC29C6F875F002
[2013/11/29 11:54:50 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/10 09:54:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2011/10/21 09:26:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2010/04/12 15:43:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009/07/14 05:08:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data
[2011/12/12 15:16:02 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI
[2013/09/13 17:38:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Big Fish
[2013/11/11 11:59:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Big Fish Games
[2013/11/13 20:19:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Braintonik
[2010/04/12 19:31:33 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonBJ
[2013/11/27 16:56:15 | 000,000,000 | ---D | M] -- C:\ProgramData\CDB
[2010/04/12 08:39:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Citrix
[2013/11/10 09:42:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Common Files
[2011/09/09 16:19:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Computer Updater
[2011/04/09 13:30:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Cyberlink
[2009/07/14 05:08:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Desktop
[2009/07/14 05:08:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Documents
[2013/10/18 18:30:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Whiz
[2013/11/10 09:54:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Elephant Games
[2009/07/14 05:08:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Favorites
[2010/12/27 19:06:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Fenomen Games
[2012/08/24 18:37:46 | 000,000,000 | ---D | M] -- C:\ProgramData\FireGlow
[2013/11/10 09:54:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Foresight Software
[2010/04/23 16:33:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Fugazo
[2012/04/19 13:25:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Funny Bear Studio
[2012/04/05 10:51:14 | 000,000,000 | ---D | M] -- C:\ProgramData\GAMESHASTRA
[2013/11/10 09:54:05 | 000,000,000 | ---D | M] -- C:\ProgramData\GOA
[2010/04/12 15:31:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2013/11/15 16:13:06 | 000,000,000 | ---D | M] -- C:\ProgramData\HitmanPro
[2013/11/17 23:36:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Innovative Solutions
[2013/11/14 14:09:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2013/07/12 22:55:21 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2013/08/14 18:54:00 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee Security Scan
[2013/11/22 15:45:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft
[2013/11/13 12:52:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2010/04/17 15:41:39 | 000,000,000 | ---D | M] -- C:\ProgramData\MythPeople
[2013/11/17 16:31:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2013/11/17 16:31:14 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2010/04/13 06:25:15 | 000,000,000 | ---D | M] -- C:\ProgramData\NOS
[2013/11/12 08:49:32 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2012/01/29 17:04:32 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation
[2012/10/03 12:25:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Media
[2013/11/17 14:40:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Oracle
[2013/10/18 16:35:59 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor for Windows
[2013/12/03 12:22:48 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2010/04/17 16:04:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Playrix Entertainment
[2013/11/26 17:01:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Publisher
[2013/04/30 11:24:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2010/04/12 08:52:30 | 000,000,000 | ---D | M] -- C:\ProgramData\SiteAdvisor
[2009/07/14 05:08:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Start Menu
[2010/09/29 10:36:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2013/12/05 17:41:41 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 05:08:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Templates
[2010/06/12 19:33:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Trusteer
[2013/11/10 09:54:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue
[2013/11/20 19:02:00 | 000,000,000 | ---D | M] -- C:\ProgramData\VS Revo Group
[2010/04/12 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[color=#A23BEC]< %programdata%\Microsoft\Windows\DRM\*.tmp >[/color]

[color=#A23BEC]< %programdata%\Microsoft\DRM\*.tmp >[/color]

[color=#A23BEC]< C:\Users\All Users\*.exe /s >[/color]
[2012/08/21 13:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe
[2012/08/21 13:01:20 | 000,131,544 | ---- | M] (GEAR Software, Inc.) -- C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\10521\AcrobatUpdater.exe
[2010/09/21 18:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\10521\AdobeARM.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\10521\ReaderUpdater.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\13019\AcrobatUpdater.exe
[2010/09/21 18:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\13019\AdobeARM.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\13019\ReaderUpdater.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\16958\AcrobatUpdater.exe
[2010/09/21 18:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\16958\AdobeARM.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\16958\ReaderUpdater.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\19042\AcrobatUpdater.exe
[2010/09/21 18:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\19042\AdobeARM.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\19042\ReaderUpdater.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\19319\AcrobatUpdater.exe
[2010/09/21 18:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\19319\AdobeARM.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\19319\ReaderUpdater.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\20080\AcrobatUpdater.exe
[2010/09/21 18:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\20080\AdobeARM.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\20080\ReaderUpdater.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\20107\AcrobatUpdater.exe
[2010/09/21 18:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\20107\AdobeARM.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\20107\ReaderUpdater.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\20474\AcrobatUpdater.exe
[2010/09/21 18:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\20474\AdobeARM.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\20474\ReaderUpdater.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\28591\AcrobatUpdater.exe
[2010/09/21 18:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\28591\AdobeARM.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\28591\ReaderUpdater.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\31115\AcrobatUpdater.exe
[2012/01/03 07:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\31115\AdobeARM.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\31115\AdobeARMHelper.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\31115\ReaderUpdater.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\6511\AcrobatUpdater.exe
[2010/09/21 18:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\6511\AdobeARM.exe
[2010/09/21 18:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\6511\ReaderUpdater.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\7379\AcrobatUpdater.exe
[2012/01/03 07:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\7379\AdobeARM.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\7379\AdobeARMHelper.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\7379\ReaderUpdater.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\8207\AcrobatUpdater.exe
[2012/01/03 07:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\8207\AdobeARM.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\8207\AdobeARMHelper.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\8207\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.5\ARM\12838\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.5\ARM\12838\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.5\ARM\12838\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.5\ARM\12838\ReaderUpdater.exe
[2012/01/03 17:46:15 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-A95000000001}\Setup.exe
[2012/09/24 03:47:39 | 000,364,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\setup.exe
[2013/11/11 11:39:50 | 000,077,136 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\iTunes 11.1.3.8\SetupAdmin.exe
[2010/05/02 19:03:19 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
[2010/11/24 11:53:49 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\Safari 5.33.19.4\SetupAdmin.exe
[2011/03/16 23:21:16 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\Safari 5.33.20.27\SetupAdmin.exe
[2011/05/02 22:52:32 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\Safari 5.33.21.1\SetupAdmin.exe
[2011/08/25 09:50:55 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\Safari 5.34.50.0\SetupAdmin.exe
[2011/10/21 09:29:47 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\Safari 5.34.51.22\SetupAdmin.exe
[2011/12/20 17:29:56 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\Safari 5.34.52.7\SetupAdmin.exe
[2012/03/26 18:43:08 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\Safari 5.34.54.16\SetupAdmin.exe
[2012/04/03 12:28:25 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\Safari 5.34.55.3\SetupAdmin.exe
[2011/10/21 13:26:35 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple\Installer Cache\iCloud Control Panel 1.0.1.29\SetupAdmin.exe
[2011/12/20 17:28:46 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple\Installer Cache\iCloud Control Panel 1.0.2.17\SetupAdmin.exe
[2012/03/09 11:24:59 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple\Installer Cache\iCloud Control Panel 1.1.0.40\SetupAdmin.exe
[2012/12/10 17:58:37 | 000,076,688 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple\Installer Cache\iCloud Control Panel 2.1.0.39\SetupAdmin.exe
[2013/02/04 08:57:09 | 000,077,280 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple\Installer Cache\iCloud Control Panel 2.1.1.3\SetupAdmin.exe
[2013/05/06 09:59:20 | 000,077,128 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple\Installer Cache\iCloud Control Panel 2.1.2.8\SetupAdmin.exe
[2013/10/28 13:21:45 | 000,077,128 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple\Installer Cache\iCloud Control Panel 3.0.2.163\SetupAdmin.exe
[2012/11/13 18:29:06 | 001,411,072 | ---- | M] () -- C:\Users\All Users\Big Fish\cef\1.963.439\cefclient.exe
[2013/08/29 21:59:06 | 002,340,184 | ---- | M] () -- C:\Users\All Users\Big Fish\Game Manager\Addons\gmActivator.exe
[2013/08/29 21:59:10 | 000,689,152 | ---- | M] () -- C:\Users\All Users\Big Fish\Game Manager\Addons\BFGameLauncher\BFGameLauncher.exe
[2013/08/29 21:59:12 | 002,340,664 | ---- | M] () -- C:\Users\All Users\Big Fish\Game Manager\Addons\BFGameLauncher\CasinoActivator.exe
[2012/11/13 18:28:46 | 002,026,496 | ---- | M] () -- C:\Users\All Users\Big Fish\In Game Purchase\1.0.1\bfgbrowser.exe
[2013/10/24 00:45:22 | 002,027,520 | ---- | M] (Big Fish, Inc.) -- C:\Users\All Users\Big Fish\In Game Purchase\1.0.2\bfgbrowser.exe
[2011/08/18 17:30:08 | 000,527,024 | ---- | M] (Google Inc.) -- C:\Users\All Users\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2010/04/12 15:31:17 | 000,086,016 | ---- | M] () -- C:\Users\All Users\NOS\Adobe_Downloads\arh.exe
[2011/10/15 08:53:00 | 000,195,904 | ---- | M] (NVIDIA Corporation) -- C:\Users\All Users\NVIDIA\Updatus\WLMerger.exe
[1970/01/01 00:00:00 | 000,118,212 | ---- | M] () -- C:\Users\All Users\NVIDIA\Updatus\Download\8789D51\drsupdate.11403901_RUNASUSER.exe
[2013/11/12 08:49:55 | 000,125,480 | ---- | M] () -- C:\Users\All Users\NVIDIA\Updatus\Packages\00000000\drsupdate.11403901_RUNASUSER.exe
[2013/11/13 08:39:40 | 000,353,128 | ---- | M] () -- C:\Users\All Users\NVIDIA\Updatus\Packages\00000eaf\drsupdate.13728286_RUNASUSER.exe
[2013/09/04 06:16:00 | 000,025,336 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\All Users\PC-Doctor for Windows\startmenu\startmenu-localizer.exe
[2013/11/18 12:44:31 | 013,294,808 | ---- | M] (Mozy, Inc.) -- C:\Users\All Users\TEMP\mozy-autoupdate-b6ef32f74275da3b7074b1f807e71343.exe
[2013/08/13 20:26:51 | 013,206,744 | ---- | M] (Mozy, Inc.) -- C:\Users\All Users\TEMP\mozy-manualupdate-b7a98b96ee32dd5287d4d7d58fa788c3.exe
[2009/07/14 05:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 05:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/12 15:40:00 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/04/12 15:40:01 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/06/28 16:40:01 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[color=#A23BEC]< C:\Users\Default\*.exe /s >[/color]
[2013/11/17 14:05:01 | 000,054,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[color=#A23BEC]< C:\Users\Public\*.exe /s >[/color]

[color=#A23BEC]< %CommonProgramFiles%\*.* >[/color]

[color=#A23BEC]< %CommonProgramFiles%\*. >[/color]
[2013/06/28 16:52:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/17 14:05:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/11/11 11:44:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Apple
[2010/08/11 14:10:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013/08/14 18:53:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/11/10 09:44:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2011/04/09 13:13:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/11/17 14:40:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Java
[2013/03/12 20:04:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\McAfee
[2013/07/12 22:54:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\microsoft shared
[2013/11/24 19:18:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Research In Motion
[2013/03/12 20:12:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Services
[2009/07/14 03:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\SpeechEngines
[2013/07/12 22:57:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\System
[2010/04/12 08:57:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/11/19 00:17:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/11/24 19:19:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM

[color=#A23BEC]< %CommonProgramFiles%\ComObjects\*.* >[/color]

[color=#A23BEC]< %ProgramFiles%\*.* >[/color]
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[color=#A23BEC]< %ProgramFiles%\*. >[/color]
[2013/11/17 14:05:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2013/08/14 18:52:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\All My Gods
[2010/06/03 10:26:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
[2011/12/12 15:15:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD APP
[2013/08/14 18:52:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ancient Quest of Saqqarah
[2013/08/14 18:52:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2013/11/21 11:43:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI
[2011/12/12 15:15:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2013/08/14 18:52:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Awakening - Moonfell Wood
[2013/08/14 18:52:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Awakening - The Dreamless Castle
[2013/09/10 22:56:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\bfgclient
[2013/08/14 18:52:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/04/15 08:01:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Canon
[2010/04/12 08:39:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2013/08/14 18:52:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\City of Fools
[2013/08/14 18:52:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Clip Art Collection
[2013/11/21 11:49:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Codemasters
[2013/11/17 14:40:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/04/09 13:20:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2013/10/27 19:11:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery
[2011/12/11 15:16:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2013/11/14 00:21:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Diego`s Dinosaur Adventure
[2013/07/12 22:54:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Digital Photo Navigator 1.5
[2013/08/14 18:53:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dora Saves the Crystal Kingdom
[2013/08/28 17:40:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dora the Explorer - Swiper's Big Adventure!
[2013/08/14 18:53:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Doras Carnival 2 - At the Boardwalk
[2013/11/01 23:44:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Drawn - Dark Flight
[2013/11/13 09:28:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DriverUpdate
[2013/07/30 11:09:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EdAlive
[2013/08/14 18:53:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Faerie Solitaire
[2013/10/15 16:46:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FixCleaner
[2013/03/12 20:04:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GirlsDateChat
[2013/11/17 14:06:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2013/08/14 18:53:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\House of 1000 Doors - The Palm of Zoroaster
[2013/11/10 09:44:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Innovative Solutions
[2013/11/22 16:27:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/10/19 10:59:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2013/11/12 14:04:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2013/07/12 22:54:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\InWorldz
[2013/11/11 11:45:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2013/09/10 22:57:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jar of Marbles II - Journey to the West
[2013/11/17 14:39:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2013/08/14 18:53:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jigs@w Puzzle 2
[2013/11/17 16:13:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\KeePass Password Safe
[2013/08/14 18:53:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kingdom Chronicles
[2013/08/14 18:53:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\La Casa De Dora
[2013/08/14 18:53:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Legends of Atlantis - Exodus
[2013/08/14 18:53:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Magic Maze
[2013/08/28 23:31:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Margrave - The Blacksmiths Daughter
[2013/11/22 16:22:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny
[2012/09/12 11:18:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2010/08/28 10:57:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee.com
[2013/11/17 16:45:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/12/20 21:45:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2013/10/11 12:54:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/08/14 18:53:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/09/15 02:01:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2013/10/06 08:10:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/29 06:41:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozy
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/04/09 16:28:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2013/11/22 16:26:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MyFree Codec
[2013/10/27 19:20:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nick Jr. Bingo
[2013/11/17 16:31:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Identity Safe
[2013/11/17 16:31:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2013/04/06 20:23:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/10/03 12:25:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oberon Media SIDR
[2013/08/14 18:53:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Open Clip Art Library
[2013/11/11 11:58:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Peggle Deluxe
[2013/09/10 23:35:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Plants vs Zombies
[2013/08/14 18:53:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Plumeboom - The First Chapter
[2013/03/12 20:04:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pony World 2
[2013/09/13 17:36:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Puppetshow - Return to Joyville
[2013/10/27 19:08:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Putt-Putt Saves the Zoo
[2013/08/14 18:53:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2013/08/14 18:53:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Rangy Lil's Wild West Adventure
[2013/10/18 19:52:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2013/11/22 16:26:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2013/08/14 18:53:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SecondLifeViewer
[2013/11/20 15:36:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SpongeBob SquarePants Diner Dash
[2013/10/27 19:21:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SpongeBob SquarePants Obstacle Odyssey
[2013/08/14 18:53:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Strimko
[2013/03/12 20:04:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Supercow
[2013/08/14 18:53:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
[2013/10/18 19:52:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Temp
[2013/11/23 02:14:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\The Bit Studio
[2013/08/14 18:53:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\The Timebuilders - Caveman's Prophecy
[2013/08/14 18:53:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\The Timebuilders - Pyramid Rising
[2012/10/03 10:33:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TotalRecipeSearch_14
[2013/08/14 18:53:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trial of the Gods - Ariadnes Journey
[2013/11/13 09:30:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uniblue
[2009/07/14 04:57:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uninstall Information
[2013/10/23 11:37:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Viking Saga
[2013/08/14 18:53:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Virus 3
[2013/08/28 23:34:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\When_In_Rome
[2013/07/13 11:25:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/06/07 23:14:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2013/07/12 22:57:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2013/08/14 18:55:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2013/07/12 22:57:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2013/03/12 20:10:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2013/07/12 22:57:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/09/09 16:29:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

[color=#A23BEC]< %Public%\Documents\*.* >[/color]
[2009/07/14 04:54:24 | 000,000,278 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini

[color=#A23BEC]< %Public%\Documents\*. >[/color]
[2013/11/22 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\CrashDump
[2013/09/29 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\Downloaded Installers
[2010/04/12 09:05:02 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\microsoft
[2009/07/14 05:08:56 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\My Music
[2009/07/14 05:08:56 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\My Pictures
[2009/07/14 05:08:56 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\My Videos
[2013/11/22 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\NativeFus_Log

[color=#A23BEC]< %systemroot%\System32\config\systemprofile\*.exe /s >[/color]

[color=#A23BEC]< %systemroot%\System32\config\systemprofile\*.* >[/color]
[2010/08/21 21:48:15 | 000,262,144 | ---- | M] () -- C:\Windows\System32\config\systemprofile\NTUSER.DAT
[2010/08/21 21:48:15 | 000,005,120 | ---- | M] () -- C:\Windows\System32\config\systemprofile\NTUSER.DAT.LOG1
[2010/08/21 21:48:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config\systemprofile\NTUSER.DAT.LOG2
[2010/08/21 21:48:15 | 000,065,536 | ---- | M] () -- C:\Windows\System32\config\systemprofile\NTUSER.DAT{b01e5d4d-ad40-11df-b922-00219b1c2f23}.TM.blf
[2010/08/21 21:48:15 | 000,524,288 | ---- | M] () -- C:\Windows\System32\config\systemprofile\NTUSER.DAT{b01e5d4d-ad40-11df-b922-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2010/08/21 21:48:15 | 000,524,288 | ---- | M] () -- C:\Windows\System32\config\systemprofile\NTUSER.DAT{b01e5d4d-ad40-11df-b922-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms

[color=#A23BEC]< %systemroot%\System32\config\systemprofile\*. >[/color]
[2009/07/14 04:55:33 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Application Data
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Contacts
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Cookies
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Desktop
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Documents
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Downloads
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Favorites
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Links
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Local Settings
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Music
[2013/10/18 19:12:50 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\My Documents
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\NetHood
[2013/10/18 19:12:52 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Pictures
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\PrintHood
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Recent
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Saved Games
[2013/10/18 19:12:52 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Searches
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\SendTo
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Start Menu
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Templates
[2013/10/18 19:12:52 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Videos

[color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >[/color]

[color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Local\*. >[/color]
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Application Data
[2013/08/01 22:01:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Google
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\History
[2013/10/18 19:12:50 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft
[2013/10/18 19:12:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Programs
[2010/10/21 10:54:50 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Temp
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files
[2013/11/02 10:04:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Trusteer

[color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >[/color]

[color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Roaming\*. >[/color]
[2010/11/24 11:55:03 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
[2011/09/02 13:03:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\McAfee
[2013/10/18 19:12:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft
[2010/04/12 08:56:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\SACore

[color=#A23BEC]< %systemroot%\SysWow64\config\systemprofile\*.exe /s >[/color]

[color=#A23BEC]< %systemroot%\SysWow64\config\systemprofile\*.* >[/color]
[2010/08/21 21:48:15 | 000,262,144 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\NTUSER.DAT
[2010/08/21 21:48:15 | 000,005,120 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\NTUSER.DAT.LOG1
[2010/08/21 21:48:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\NTUSER.DAT.LOG2
[2010/08/21 21:48:15 | 000,065,536 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\NTUSER.DAT{b01e5d4d-ad40-11df-b922-00219b1c2f23}.TM.blf
[2010/08/21 21:48:15 | 000,524,288 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\NTUSER.DAT{b01e5d4d-ad40-11df-b922-00219b1c2f23}.TMContainer00000000000000000001.regtrans-ms
[2010/08/21 21:48:15 | 000,524,288 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\NTUSER.DAT{b01e5d4d-ad40-11df-b922-00219b1c2f23}.TMContainer00000000000000000002.regtrans-ms

[color=#A23BEC]< %systemroot%\SysWow64\config\systemprofile\*. >[/color]
[2009/07/14 04:55:33 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\AppData
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Application Data
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Contacts
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Cookies
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Desktop
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Documents
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Downloads
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Favorites
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Links
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Local Settings
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Music
[2013/10/18 19:12:50 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\My Documents
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\NetHood
[2013/10/18 19:12:52 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Pictures
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\PrintHood
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Recent
[2013/10/18 19:12:53 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Saved Games
[2013/10/18 19:12:52 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Searches
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\SendTo
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Start Menu
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Templates
[2013/10/18 19:12:52 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Videos

[color=#A23BEC]< %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.* >[/color]

[color=#A23BEC]< %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*. >[/color]
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data
[2013/08/01 22:01:07 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History
[2013/10/18 19:12:50 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft
[2013/10/18 19:12:47 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Programs
[2010/10/21 10:54:50 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp
[2013/10/18 19:12:51 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files
[2013/11/02 10:04:55 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Trusteer

[color=#A23BEC]< %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >[/color]

[color=#A23BEC]< %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*. >[/color]
[2010/11/24 11:55:03 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Apple Computer
[2011/09/02 13:03:20 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\McAfee
[2013/10/18 19:12:46 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft
[2010/04/12 08:56:07 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SACore

[color=#A23BEC]< %systemroot%\ServiceProfiles\*.exe /s >[/color]

[color=#A23BEC]< %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.* >[/color]
[2012/08/04 13:55:57 | 000,275,836 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
[2013/03/15 00:04:17 | 002,864,141 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1013639583-4134777893-1337409647-1001-12288.dat
[2013/03/15 00:04:16 | 045,570,742 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1013639583-4134777893-1337409647-1001-4096.dat
[2013/03/15 00:04:14 | 009,086,996 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1013639583-4134777893-1337409647-1001-8192.dat
[2013/11/23 14:37:33 | 005,429,504 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
[2013/12/05 17:09:56 | 000,002,048 | -HS- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
[2013/12/05 17:09:56 | 000,002,048 | -HS- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
[2013/11/24 19:41:53 | 016,777,216 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat
[2013/11/24 19:46:08 | 008,388,608 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-1013639583-4134777893-1337409647-1001.dat
[2013/11/24 19:42:10 | 000,387,652 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat

[color=#A23BEC]< %systemroot%\ServiceProfiles\LocalService\AppData\Local\*. >[/color]
[2009/07/14 04:45:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft
[2010/04/12 07:40:37 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
[2013/09/02 17:30:14 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp

[color=#A23BEC]< %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >[/color]

[color=#A23BEC]< %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.* >[/color]

[color=#A23BEC]< %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*. >[/color]
[2010/07/03 16:55:14 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft
[2013/03/12 20:06:33 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking

[color=#A23BEC]< %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.* >[/color]

[color=#A23BEC]< %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*. >[/color]
[2010/04/13 06:25:57 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft
[2013/12/05 20:46:19 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp

[color=#A23BEC]< %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >[/color]

[color=#A23BEC]< %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.* >[/color]

[color=#A23BEC]< %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*. >[/color]
[2010/04/12 09:29:23 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft

[color=#A23BEC]< %windir%\temp\*.exe >[/color]

[color=#A23BEC]< %windir%\*. >[/color]
[2013/11/13 10:45:36 | 000,000,000 | ---D | M] -- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
[2013/03/12 20:12:03 | 000,000,000 | ---D | M] -- C:\Windows\addins
[2013/08/14 18:54:17 | 000,000,000 | ---D | M] -- C:\Windows\AppCompat
[2013/10/11 17:25:04 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch
[2013/11/13 09:22:53 | 000,000,000 | ---D | M] -- C:\Windows\assembly
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Boot
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Branding
[2013/11/20 19:04:10 | 000,000,000 | ---D | M] -- C:\Windows\CD09642E061D4844BA37ED1480916404.TMP
[2013/08/14 18:55:12 | 000,000,000 | ---D | M] -- C:\Windows\Cursors
[2013/11/13 12:48:22 | 000,000,000 | ---D | M] -- C:\Windows\debug
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\diagnostics
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\DigitalLocker
[2013/11/10 13:06:15 | 000,000,000 | ---D | M] -- C:\Windows\Downloaded Program Files
[2013/08/14 18:55:06 | 000,000,000 | ---D | M] -- C:\Windows\ehome
[2013/07/12 22:57:33 | 000,000,000 | ---D | M] -- C:\Windows\en-US
[2013/11/10 09:44:17 | 000,000,000 | ---D | M] -- C:\Windows\Fonts
[2009/07/14 07:50:14 | 000,000,000 | ---D | M] -- C:\Windows\Globalization
[2012/01/29 17:05:02 | 000,000,000 | ---D | M] -- C:\Windows\Help
[2013/08/14 18:55:12 | 000,000,000 | ---D | M] -- C:\Windows\IME
[2013/12/02 10:22:13 | 000,000,000 | ---D | M] -- C:\Windows\inf
[2013/11/29 11:54:55 | 000,000,000 | -HSD | M] -- C:\Windows\Installer
[2013/03/12 20:12:04 | 000,000,000 | ---D | M] -- C:\Windows\L2Schemas
[2010/04/28 18:55:55 | 000,000,000 | ---D | M] -- C:\Windows\LiveKernelReports
[2013/11/12 08:54:02 | 000,000,000 | ---D | M] -- C:\Windows\Logs
[2013/08/14 18:55:06 | 000,000,000 | ---D | M] -- C:\Windows\Media
[2013/11/22 17:35:39 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET
[2013/11/24 19:34:55 | 000,000,000 | ---D | M] -- C:\Windows\Minidump
[2012/04/25 13:41:37 | 000,000,000 | ---D | M] -- C:\Windows\ModemLogs
[2012/03/20 12:07:48 | 000,000,000 | ---D | M] -- C:\Windows\msdownld.tmp
[2013/03/12 20:12:04 | 000,000,000 | ---D | M] -- C:\Windows\Offline Web Pages
[2010/04/12 07:40:12 | 000,000,000 | ---D | M] -- C:\Windows\Panther
[2010/04/12 09:04:12 | 000,000,000 | ---D | M] -- C:\Windows\PCHEALTH
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Performance
[2009/07/14 03:20:10 | 000,000,000 | ---D | M] -- C:\Windows\PLA
[2013/11/12 14:04:52 | 000,000,000 | ---D | M] -- C:\Windows\PolicyDefinitions
[2013/12/05 20:45:19 | 000,000,000 | ---D | M] -- C:\Windows\Prefetch
[2013/03/20 02:19:07 | 000,000,000 | ---D | M] -- C:\Windows\Profiles
[2013/03/12 20:06:33 | 000,000,000 | ---D | M] -- C:\Windows\pss
[2013/08/14 18:51:20 | 000,000,000 | ---D | M] -- C:\Windows\registration
[2013/11/13 22:28:02 | 000,000,000 | ---D | M] -- C:\Windows\rescache
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Resources
[2009/07/14 02:35:47 | 000,000,000 | ---D | M] -- C:\Windows\SchCache
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\schemas
[2009/07/14 03:20:10 | 000,000,000 | ---D | M] -- C:\Windows\security
[2009/07/14 04:45:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles
[2013/08/14 19:01:02 | 000,000,000 | ---D | M] -- C:\Windows\servicing
[2009/07/14 04:45:50 | 000,000,000 | ---D | M] -- C:\Windows\Setup
[2013/03/12 20:11:07 | 000,000,000 | ---D | M] -- C:\Windows\ShellNew
[2013/08/13 09:55:04 | 000,000,000 | ---D | M] -- C:\Windows\SoftwareDistribution
[2009/07/14 05:37:44 | 000,000,000 | ---D | M] -- C:\Windows\Speech
[2011/08/12 10:16:53 | 000,000,000 | ---D | M] -- C:\Windows\Sun
[2013/03/12 20:07:32 | 000,000,000 | ---D | M] -- C:\Windows\system
[2013/12/02 10:22:13 | 000,000,000 | ---D | M] -- C:\Windows\System32
[2013/11/29 11:54:52 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\TAPI
[2013/11/20 19:07:13 | 000,000,000 | ---D | M] -- C:\Windows\Tasks
[2013/12/05 20:46:49 | 000,000,000 | ---D | M] -- C:\Windows\Temp
[2009/07/14 02:34:33 | 000,000,000 | ---D | M] -- C:\Windows\tracing
[2013/10/18 18:42:41 | 000,000,000 | ---D | M] -- C:\Windows\twain_32
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\Vss
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Web
[2013/11/24 19:29:14 | 000,000,000 | ---D | M] -- C:\Windows\winsxs

[color=#A23BEC]< %windir%\AppPatch\*.exe /s >[/color]

[color=#A23BEC]< %windir%\ShellNew\*.* >[/color]
[2006/09/21 23:25:46 | 000,008,714 | ---- | M] () -- C:\Windows\ShellNew\EXCEL12.XLSX
[2009/06/10 20:44:28 | 000,004,544 | ---- | M] () -- C:\Windows\ShellNew\Journal.jnt
[2006/09/21 23:32:50 | 000,027,140 | ---- | M] () -- C:\Windows\ShellNew\PWRPNT12.PPTX

[color=#A23BEC]< %windir%\installer\*. >[/color]
[2010/04/12 09:06:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\$PatchCache$
[2013/01/14 14:54:37 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI3D25.tmp-
[2013/01/14 14:54:42 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI5495.tmp-
[2013/01/14 14:54:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI5995.tmp-
[2013/01/14 14:54:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI6BCF.tmp-
[2013/01/14 14:54:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI6BDF.tmp-
[2013/01/18 11:42:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI78B2.tmp-
[2013/01/18 11:42:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI81A9.tmp-
[2013/01/18 11:42:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSIC0FC.tmp-
[2013/01/18 11:42:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSIC293.tmp-
[2013/01/18 11:42:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSID0B2.tmp-
[2013/01/18 11:42:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSIE240.tmp-
[2013/05/20 21:21:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0225AD21-F3E2-4916-BFF3-65D3F9052582}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{158104AB-D92E-45BC-8268-5D351C95F6AD}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{19A492A0-888F-44A0-9B21-D91700763F62}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1BF82343-8EE6-8B76-90CF-31059B9D1842}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{27735B09-9EFE-419F-A377-10AA8111C30A}
[2013/09/23 08:59:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}
[2013/09/23 08:59:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2F72F540-1F60-4266-9506-952B21D6640D}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4286E640-B5FB-11DF-AC4B-005056C00008}
[2013/08/01 22:01:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}
[2013/09/23 08:58:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{46F044A5-CE8B-4196-984E-5BD6525E361D}
[2013/11/23 02:14:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{48C16095-BE15-48C7-9F13-FF2242587AEB}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4B55F339-396E-29A9-B6D0-24B6D251C90A}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}
[2013/11/17 14:06:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4FBB2E98-1A3B-396A-A662-73E17009C076}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}
[2013/03/24 16:44:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}
[2013/11/29 08:14:53 | 000,000,000 | ---D | M] -- C:\Windows\installer\{65F6392F-4967-832D-817B-296E3C673C03}
[2013/11/22 16:27:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{698BBAD8-B116-495D-B879-0F07A533E57F}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}
[2013/10/18 16:14:03 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
[2013/10/28 13:23:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{704C0303-D20C-45AF-BD2B-556EAF31BE09}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}
[2013/07/12 22:56:29 | 000,000,000 | ---D | M] -- C:\Windows\installer\{758C8301-2696-4855-AF45-534B1200980A}
[2013/08/14 18:54:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
[2013/10/17 00:14:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}
[2013/07/12 22:56:29 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}
[2013/10/11 08:12:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90120000-002A-0000-1000-0000000FF1CE}
[2013/11/13 12:52:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90120000-006E-0409-0000-0000000FF1CE}
[2013/10/11 17:47:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91120000-002F-0000-0000-0000000FF1CE}
[2013/11/17 14:06:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{96ED9087-7A6A-22A9-135F-901AF77474AC}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
[2013/11/01 12:49:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
[2013/06/03 22:35:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C73F2967-062E-48F2-A462-D335B8950183}
[2013/05/06 10:00:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}
[2013/11/29 11:54:52 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DA97BDF9-BC72-46FD-8E76-427F2BB951EE}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}
[2013/10/28 13:23:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
[2013/10/17 00:14:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}
[2013/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{FA54C4B1-98E3-AEFA-7254-C4038DC739AF}

[color=#A23BEC]< %windir%\system32\*. >[/color]
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2013/03/12 20:11:26 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2013/01/18 11:42:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\AI_RecycleBin
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2009/07/14 02:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2009/07/14 02:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2011/12/11 15:16:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dell
[2012/03/16 11:22:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\directx
[2013/03/12 20:11:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism
[2013/11/12 00:03:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2013/11/13 19:56:53 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2012/09/20 20:43:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\Extensions
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp
[2009/07/14 02:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy
[2009/07/14 02:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2013/03/15 07:45:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2009/07/14 02:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\InstallShield
[2013/03/15 07:45:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2013/03/15 07:45:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2013/03/12 20:07:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2013/03/12 20:11:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2013/11/12 14:04:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2009/07/14 02:34:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2013/03/12 20:11:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2013/03/15 07:45:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2013/03/15 07:45:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2013/03/15 07:45:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2013/10/18 19:15:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\RTCOM
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2012/09/20 20:43:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\searchplugins
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2013/03/12 20:12:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2013/03/12 20:07:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\URTTEMP
[2013/07/12 22:57:04 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat
[2013/08/14 18:55:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2013/03/15 07:45:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW

[color=#A23BEC]< %windir%\sysnative\*. >[/color]
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\0409
[2013/03/12 20:12:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\AdvancedInstallers
[2013/03/12 20:12:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ar-SA
[2013/03/12 20:12:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\bg-BG
[2013/03/12 20:11:07 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Boot
[2010/04/15 12:39:06 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\CanonIJ Uninstaller Information
[2013/11/24 19:18:59 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot
[2013/11/29 08:17:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot2
[2013/07/12 22:56:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\CodeIntegrity
[2013/03/12 20:12:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\com
[2013/12/05 17:24:42 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\config
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\cs-CZ
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\da-DK
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\de-DE
[2013/04/05 08:27:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Dism
[2013/11/29 08:14:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\drivers
[2013/11/24 19:18:59 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DriverStore
[2013/11/29 08:14:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DRVSTORE
[2013/03/15 07:45:41 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\el-GR
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en
[2013/11/13 19:56:53 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en-US
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\es-ES
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\et-EE
[2013/03/12 20:07:21 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\EventProviders
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fi-FI
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fr-FR
[2010/04/15 08:03:17 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\FxsTmp
[2009/07/14 02:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicy
[2009/07/14 02:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicyUsers
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\he-IL
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hr-HR
[2013/03/15 07:45:41 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hu-HU
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ias
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\icsxml
[2009/07/14 03:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\IME
[2009/07/14 02:36:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\inetsrv
[2013/03/15 07:45:41 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\it-IT
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ja-JP
[2013/03/15 07:45:41 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ko-KR
[2011/02/10 23:42:02 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\LogFiles
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lt-LT
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lv-LV
[2013/06/23 19:48:07 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Macromed
[2013/03/12 20:11:22 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\manifeststore
[2009/07/14 04:45:42 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Microsoft
[2013/11/12 14:04:52 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migration
[2013/07/12 22:57:35 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migwiz
[2013/11/13 12:51:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MRT
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Msdtc
[2009/07/14 05:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MUI
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nb-NO
[2013/11/28 05:02:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NDF
[2009/07/14 03:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NetworkList
[2013/03/15 07:45:41 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nl-NL
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\oobe
[2013/03/15 07:45:41 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pl-PL
[2009/07/14 05:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Printing_Admin_Scripts
[2013/03/15 07:45:41 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-BR
[2013/03/15 07:45:41 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-PT
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ras
[2010/04/12 07:40:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Recovery
[2013/08/14 18:54:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\restore
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ro-RO
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ru-RU
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Setup
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sk-SK
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sl-SI
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\slmgr
[2009/07/14 03:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SMI
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Speech
[2013/07/12 22:57:00 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spool
[2009/07/14 03:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spp
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sppui
[2013/03/12 20:07:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SPReview
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sr-Latn-CS
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sv-SE
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sysprep
[2013/11/29 08:14:05 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Tasks
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\th-TH
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\tr-TR
[2013/03/12 20:12:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\uk-UA
[2013/08/14 18:54:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Wat
[2013/08/14 19:01:05 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wbem
[2009/07/14 05:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WCN
[2011/11/06 15:58:06 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wdi
[2013/08/14 19:01:05 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wfp
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioDatabase
[2013/03/12 20:11:26 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioPlugIns
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WindowsPowerShell
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winevt
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winrm
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-CN
[2013/03/15 07:45:41 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-HK
[2013/03/15 07:45:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-TW

[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\syswow64\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /90 >[/color]

[color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. /rp /s >[/color]

[color=#A23BEC]< %systemroot%\assembly\tmp\*.* /S /MD5 >[/color]

[color=#A23BEC]< %systemroot%\assembly\temp\*.* /S /MD5 >[/color]

[color=#A23BEC]< %systemroot%\assembly\GAC\*.ini >[/color]

[color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color]

[color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color]

[color=#A23BEC]< %SystemRoot%\assembly\GAC_MSIL\*.ini >[/color]

[color=#A23BEC]< wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >[/color]

[color=#A23BEC]< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >[/color]

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >[/color]
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/14 01:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >[/color]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >[/color]
"" = MruPidlList
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >[/color]
"" = Start Menu Pin
"ImplementsVerbs" = startpin;startunpin
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >[/color]
"" = PSFactoryBuffer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/14 01:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#A23BEC]< HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >[/color]
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[color=#A23BEC]< HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >[/color]
"" = ShellFolder for CD Burning
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
"Attributes" = 0x0
"AttributeMask" = 0xffffffff
"Location" = @shell32.dll,-12591 -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2009/07/14 01:06:03 | 020,268,032 | ---- | M] (Microsoft Corporation)

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >[/color]
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor /s >[/color]
"CompletionChar" = 64
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 64

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s >[/color]

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s >[/color]

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s >[/color]

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s >[/color]

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s >[/color]

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s >[/color]

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s >[/color]

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s >[/color]

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >[/color]

[color=#A23BEC]< HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s >[/color]
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem]
"" = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
"" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}

[color=#A23BEC]< HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s >[/color]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s >[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem]
"" = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing]
"" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}

[color=#A23BEC]< HKEY_CURRENT_USER\Software\MSOLoad /s >[/color]

[color=#A23BEC]< type C:\WINDOWS\system.ini >> test.txt /c >[/color]
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]

[color=#A23BEC]< bcdedit /enum all /v >C:\boot.txt /c >[/color]

[color=#A23BEC]< type c:\diskreport.txt /c >[/color]
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: MARION-PC
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     D                       DVD-ROM         0 B  No Media
  Volume 1         System Rese  NTFS   Partition    100 MB  Healthy    System
  Volume 2     C                NTFS   Partition    596 GB  Healthy    Boot
  Volume 3     E                       Removable       0 B  No Media
  Volume 4     H                       Removable       0 B  No Media
  Volume 5     I                       Removable       0 B  No Media
  Volume 6     J                       Removable       0 B  No Media
  Volume 7     K                       Removable       0 B  No Media
  Volume 8     F   Iomega HDD   NTFS   Partition    298 GB  Healthy

[color=#A23BEC]< MD5 for: AFD.SYS  >[/color]
[2013/09/14 01:11:05 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=26EF7E0DF4EDCD898EB7A671529410B8 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_366f8b668e482477\afd.sys
[2013/09/14 01:10:19 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=314C17917AC8523EC77A710215012A65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_35d81beb75355772\afd.sys
[2013/09/28 01:14:56 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=50AB05903CBEF298D135A943D4432E3C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22467_none_3664bb7a8e504068\afd.sys
[2013/09/28 01:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\SysNative\drivers\afd.sys
[2013/09/28 01:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18272_none_35cb4b6b753f40b5\afd.sys
[2010/11/20 09:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Documents and Settings\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T163337119900\internal_ide_channel\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Documents and Settings\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T190434247306\internal_ide_channel\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Documents and Settings\Marion\AppData\Roaming\DriverFinder\Backup\Standard Dual Channel PCI IDE Controller - 6.1.7600.16385\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T163337119900\internal_ide_channel\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T190434247306\internal_ide_channel\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Marion\AppData\Roaming\DriverFinder\Backup\Standard Dual Channel PCI IDE Controller - 6.1.7600.16385\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

[color=#A23BEC]< MD5 for: CSC.SYS  >[/color]
[2010/11/20 09:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457\csc.sys

[color=#A23BEC]< MD5 for: DFSC.SYS  >[/color]
[2010/11/20 09:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\SysNative\drivers\dfsc.sys
[2010/11/20 09:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys

[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Documents and Settings\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T163337119900\gendisk\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Documents and Settings\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T190434247306\gendisk\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Users\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T163337119900\gendisk\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Users\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T190434247306\gendisk\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[color=#A23BEC]< MD5 for: FASTFAT.SYS  >[/color]
[2009/07/13 23:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\SysNative\drivers\fastfat.sys
[2009/07/13 23:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys

[color=#A23BEC]< MD5 for: I8042PRT.SYS  >[/color]
[2009/07/13 23:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
[2009/07/13 23:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/13 23:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/13 23:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/13 23:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys

[color=#A23BEC]< MD5 for: KBDCLASS.SYS  >[/color]
[2009/07/14 01:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\drivers\kbdclass.sys
[2009/07/14 01:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
[2009/07/14 01:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys

[color=#A23BEC]< MD5 for: KBDHID.SYS  >[/color]
[2010/11/20 10:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\drivers\kbdhid.sys
[2010/11/20 10:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdhid.sys
[2010/11/20 10:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdhid.sys

[color=#A23BEC]< MD5 for: LSASS.EXE  >[/color]
[2009/07/14 01:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 06:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2013/09/25 01:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\SysNative\lsass.exe
[2013/09/25 01:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2012/08/24 17:43:36 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=77119F1F9B492B260030C34F9BE327FA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[2013/09/25 01:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe

[color=#A23BEC]< MD5 for: MOUCLASS.SYS  >[/color]
[2009/07/14 01:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\drivers\mouclass.sys
[2009/07/14 01:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouclass.sys
[2009/07/14 01:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouclass.sys

[color=#A23BEC]< MD5 for: MOUHID.SYS  >[/color]
[2009/07/14 00:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\drivers\mouhid.sys
[2009/07/14 00:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouhid.sys
[2009/07/14 00:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouhid.sys

[color=#A23BEC]< MD5 for: NETBT.SYS  >[/color]
[2010/11/20 09:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 09:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

[color=#A23BEC]< MD5 for: SERIAL.SYS  >[/color]
[2009/07/14 00:00:40 | 000,094,208 | ---- | M] (Brother Industries Ltd.) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\drivers\serial.sys
[2009/07/14 00:00:40 | 000,094,208 | ---- | M] (Brother Industries Ltd.) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/07/14 00:00:40 | 000,094,208 | ---- | M] (Brother Industries Ltd.) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys

[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[color=#A23BEC]< MD5 for: SMSS.EXE  >[/color]
[2009/07/14 01:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2013/03/19 02:57:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=498E2A20E145199709CD100CDBA8603D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2013/08/29 01:04:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013/08/02 05:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013/03/19 03:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013/08/02 00:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\SysNative\smss.exe
[2013/08/02 00:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe

[color=#A23BEC]< MD5 for: SPLDR.SYS  >[/color]
[2009/07/14 01:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\SysNative\drivers\spldr.sys
[2009/07/14 01:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys

[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2012/10/03 17:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013/05/08 06:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013/09/08 02:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013/09/08 02:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010/11/20 13:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/09/07 02:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012/08/22 18:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2013/05/08 06:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2013/07/06 05:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013/01/03 06:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013/01/04 05:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012/10/03 17:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 06:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2012/08/22 18:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys

[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: VOLSNAP.SYS  >[/color]
[2010/11/20 13:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Documents and Settings\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T163337119900\storage\volume\volsnap.sys
[2010/11/20 13:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Documents and Settings\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T190434247306\storage\volume\volsnap.sys
[2010/11/20 13:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Users\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T163337119900\storage\volume\volsnap.sys
[2010/11/20 13:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Users\Marion\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20130929T190434247306\storage\volume\volsnap.sys
[2010/11/20 13:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 13:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 13:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]
[C:\Documents and Settings\All Users\Application Data] -> C:\ProgramData -> Junction
[C:\Documents and Settings\All Users\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\Documents and Settings\All Users\Documents] -> C:\Users\Public\Documents -> Junction
[C:\Documents and Settings\All Users\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\Documents and Settings\All Users\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Documents and Settings\All Users\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Documents and Settings\All Users] ->  -> Unknown point type
[C:\Documents and Settings\Default User] -> C:\Users\Default -> Junction
[C:\Documents and Settings\Default\AppData\Local\Application Data] -> C:\Users\Default\AppData\Local -> Junction
[C:\Documents and Settings\Default\AppData\Local\History] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Documents and Settings\Default\AppData\Local\Temporary Internet Files] -> C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Documents and Settings\Default\Application Data] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Documents and Settings\Default\Cookies] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Documents and Settings\Default\Documents\My Music] -> C:\Users\Default\Music -> Junction
[C:\Documents and Settings\Default\Documents\My Pictures] -> C:\Users\Default\Pictures -> Junction
[C:\Documents and Settings\Default\Documents\My Videos] -> C:\Users\Default\Videos -> Junction
[C:\Documents and Settings\Default\Local Settings] -> C:\Users\Default\AppData\Local -> Junction
[C:\Documents and Settings\Default\My Documents] -> C:\Users\Default\Documents -> Junction
[C:\Documents and Settings\Default\NetHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Documents and Settings\Default\PrintHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Documents and Settings\Default\Recent] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Documents and Settings\Default\SendTo] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Documents and Settings\Default\Start Menu] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Documents and Settings\Default\Templates] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Documents and Settings\Marion\AppData\Local\Application Data] -> C:\Users\Marion\AppData\Local -> Junction
[C:\Documents and Settings\Marion\AppData\Local\History] -> C:\Users\Marion\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Documents and Settings\Marion\AppData\Local\Temporary Internet Files] -> C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Documents and Settings\Marion\Application Data] -> C:\Users\Marion\AppData\Roaming -> Junction
[C:\Documents and Settings\Marion\Cookies] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Documents and Settings\Marion\Documents\My Music] -> C:\Users\Marion\Music -> Junction
[C:\Documents and Settings\Marion\Documents\My Pictures] -> C:\Users\Marion\Pictures -> Junction
[C:\Documents and Settings\Marion\Documents\My Videos] -> C:\Users\Marion\Videos -> Junction
[C:\Documents and Settings\Marion\Local Settings] -> C:\Users\Marion\AppData\Local -> Junction
[C:\Documents and Settings\Marion\My Documents] -> C:\Users\Marion\Documents -> Junction
[C:\Documents and Settings\Marion\NetHood] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Documents and Settings\Marion\PrintHood] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Documents and Settings\Marion\Recent] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Documents and Settings\Marion\SendTo] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Documents and Settings\Marion\Start Menu] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Documents and Settings\Marion\Templates] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Documents and Settings\Public\Documents\My Music] -> C:\Users\Public\Music -> Junction
[C:\Documents and Settings\Public\Documents\My Pictures] -> C:\Users\Public\Pictures -> Junction
[C:\Documents and Settings\Public\Documents\My Videos] -> C:\Users\Public\Videos -> Junction
[C:\Documents and Settings\UpdatusUser\AppData\Local\Application Data] -> C:\Users\UpdatusUser\AppData\Local -> Junction
[C:\Documents and Settings\UpdatusUser\AppData\Local\History] -> C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Documents and Settings\UpdatusUser\AppData\Local\Temporary Internet Files] -> C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Documents and Settings\UpdatusUser\Application Data] -> C:\Users\UpdatusUser\AppData\Roaming -> Junction
[C:\Documents and Settings\UpdatusUser\Cookies] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Documents and Settings\UpdatusUser\Documents\My Music] -> C:\Users\UpdatusUser\Music -> Junction
[C:\Documents and Settings\UpdatusUser\Documents\My Pictures] -> C:\Users\UpdatusUser\Pictures -> Junction
[C:\Documents and Settings\UpdatusUser\Documents\My Videos] -> C:\Users\UpdatusUser\Videos -> Junction
[C:\Documents and Settings\UpdatusUser\Local Settings] -> C:\Users\UpdatusUser\AppData\Local -> Junction
[C:\Documents and Settings\UpdatusUser\My Documents] -> C:\Users\UpdatusUser\Documents -> Junction
[C:\Documents and Settings\UpdatusUser\NetHood] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Documents and Settings\UpdatusUser\PrintHood] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Documents and Settings\UpdatusUser\Recent] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Documents and Settings\UpdatusUser\SendTo] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Documents and Settings\UpdatusUser\Start Menu] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Documents and Settings\UpdatusUser\Templates] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Documents and Settings] -> C:\Users -> Junction
[C:\ProgramData\Application Data] -> C:\ProgramData -> Junction
[C:\ProgramData\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\ProgramData\Documents] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users\Application Data] -> C:\ProgramData -> Junction
[C:\Users\All Users\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\Users\All Users\Documents] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users] ->  -> Unknown point type
[C:\Users\Default User] -> C:\Users\Default -> Junction
[C:\Users\Default\AppData\Local\Application Data] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\History] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Local\Temporary Internet Files] -> C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Default\Application Data] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\Cookies] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\Default\Documents\My Music] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\My Pictures] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\My Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Local Settings] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\My Documents] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\NetHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\PrintHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Recent] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Default\SendTo] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Default\Start Menu] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Templates] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Marion\AppData\Local\Application Data] -> C:\Users\Marion\AppData\Local -> Junction
[C:\Users\Marion\AppData\Local\History] -> C:\Users\Marion\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Marion\AppData\Local\Temporary Internet Files] -> C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Marion\Application Data] -> C:\Users\Marion\AppData\Roaming -> Junction
[C:\Users\Marion\Cookies] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\Marion\Documents\My Music] -> C:\Users\Marion\Music -> Junction
[C:\Users\Marion\Documents\My Pictures] -> C:\Users\Marion\Pictures -> Junction
[C:\Users\Marion\Documents\My Videos] -> C:\Users\Marion\Videos -> Junction
[C:\Users\Marion\Local Settings] -> C:\Users\Marion\AppData\Local -> Junction
[C:\Users\Marion\My Documents] -> C:\Users\Marion\Documents -> Junction
[C:\Users\Marion\NetHood] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Marion\PrintHood] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Marion\Recent] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Marion\SendTo] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Marion\Start Menu] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Marion\Templates] -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Public\Documents\My Music] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\My Pictures] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\My Videos] -> C:\Users\Public\Videos -> Junction
[C:\Users\UpdatusUser\AppData\Local\Application Data] -> C:\Users\UpdatusUser\AppData\Local -> Junction
[C:\Users\UpdatusUser\AppData\Local\History] -> C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files] -> C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\UpdatusUser\Application Data] -> C:\Users\UpdatusUser\AppData\Roaming -> Junction
[C:\Users\UpdatusUser\Cookies] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\UpdatusUser\Documents\My Music] -> C:\Users\UpdatusUser\Music -> Junction
[C:\Users\UpdatusUser\Documents\My Pictures] -> C:\Users\UpdatusUser\Pictures -> Junction
[C:\Users\UpdatusUser\Documents\My Videos] -> C:\Users\UpdatusUser\Videos -> Junction
[C:\Users\UpdatusUser\Local Settings] -> C:\Users\UpdatusUser\AppData\Local -> Junction
[C:\Users\UpdatusUser\My Documents] -> C:\Users\UpdatusUser\Documents -> Junction
[C:\Users\UpdatusUser\NetHood] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\UpdatusUser\PrintHood] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\UpdatusUser\Recent] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\UpdatusUser\SendTo] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\UpdatusUser\Start Menu] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\UpdatusUser\Templates] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 249 bytes -> C:\Users\All Users\TEMP:F5E30F6A
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:F5E30F6A
@Alternate Data Stream - 249 bytes -> C:\Documents and Settings\All Users\TEMP:F5E30F6A
@Alternate Data Stream - 238 bytes -> C:\Users\All Users\TEMP:CF75D88F
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:CF75D88F
@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\TEMP:CF75D88F
@Alternate Data Stream - 236 bytes -> C:\Users\All Users\TEMP:FBA79096
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:FBA79096
@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\TEMP:FBA79096
@Alternate Data Stream - 210 bytes -> C:\Users\All Users\TEMP:70B3C619
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:70B3C619
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\TEMP:70B3C619
@Alternate Data Stream - 197 bytes -> C:\Users\All Users\TEMP:114BD271
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\TEMP:114BD271
@Alternate Data Stream - 195 bytes -> C:\Users\All Users\TEMP:7BA6D322
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:7BA6D322
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\TEMP:7BA6D322
@Alternate Data Stream - 134 bytes -> C:\Users\All Users\TEMP:2CB9631F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\TEMP:2CB9631F

< End of report >
)