Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Random Audio Ads -- Need Help Removing B ...
Go to first new post windows XP OBJECT DELAY LOAD
Go to first new post I've tried everything yet my computer is ...
Go to first new post Audio Ads Playing in the Background + Ot ...
Go to first new post Files keep deleting themselves! NEED HEL ...
Go to first new post win32.trojan.agent on Ad-Aware
Go to first new post email hacked
Go to first new post Fubar virus?
Go to first new post contains a virus and deleted
Go to first new post Browser shutdown
Go to first new post Suspected Malware - Radio plays randomly ...
Go to first new post Infected with "Police Cybercrime In ...
Go to first new post Virus
Go to first new post cant connect to internet!!
Go to first new post Suspected virus is causing havoc
Search Search
Search for:
Tech Support Guy Forums > > >

My computer is slowly dying

(In Progress)
(!)

Reply
Page 11 of 18 « First 8910 11 121314 Last »
ep2002's Avatar
Computer Specs
Member with 182 posts.
THREAD STARTER
  
Join Date: Oct 2006
Location: Windsor, Ontario (Canada)
Experience: Intermediate
22-Jun-2012, 10:19 PM #151
Are you okay?

I'm having serious issues here.

2 sites (could be more, but so far it's just these 2) aren't loading properly. They take forver to load & then the graphics are missing.

I thought maybe the IP address from my terrible ISP got put on the blacklist again, but one of the sites www.speedtest.net said my IP address nor the ISP is blocked.

The only way I can reach the site is thru a proxy, then it works (both of the sites do.).

And this is a problem on both computers, not just one & I tried it on both Fx & Chrome on the laptop & Fx, Chrome & IE on the desktop.

I hope you are around, I've been trying to deal with this & everything else for a week now.

Thanks & I hope you are okay.


Michelle
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,287 posts.
  
Join Date: Mar 2001
Location: Bradford, England
25-Jun-2012, 06:33 AM #152
I'm okay

Okay, you know when you're opening Firefox windows etc, are you opening a seperate one for each site? If so, that could be the main reason for crashing, as each window takes a certain amount of memory.

Try using the tab functions, maybe 10 tabs per window, so that it doesn't use as much memory.

If you're unsure about tabs, take a look here:

http://support.mozilla.org/en-US/kb/...-single-window
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
ep2002's Avatar
Computer Specs
Member with 182 posts.
THREAD STARTER
  
Join Date: Oct 2006
Location: Windsor, Ontario (Canada)
Experience: Intermediate
25-Jun-2012, 02:27 PM #153
This isn't a crashing issue anymore. I sent you numerous posts about what is going on. Didn't you read them?

I also have another problem where I can't log into a site with Chrome or Fx , only IE. Others say they can log in using Fx, so it has to be just my computer.

If you are too busy, please let me know. This is very serious now & it's preventing me from working & paying bills.

Thank you


Michelle
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,287 posts.
  
Join Date: Mar 2001
Location: Bradford, England
27-Jun-2012, 10:01 AM #154
I did read them, but as the majority were about the crashing of Firefox etc, I was seeing if anything was linked.

Okay, lets see if setting the swapfile higher will help.

You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure

1. Open System in Control Panel.

2. On the Advanced tab, under Performance, click Settings.

3. On the Advanced tab, under Virtual memory, click Change.

4. Untick the option Automatically manage page file size for all drives

5. Under Drive [Volume Label], click the drive that contains the paging file you want to change.

6. Click Custom Size and then in Maximum Size, type in 4987

7. Select System Managed Size and click OK.

OK out of the screens and then restart as prompted.

Let me know how that goes.

5.
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
ep2002's Avatar
Computer Specs
Member with 182 posts.
THREAD STARTER
  
Join Date: Oct 2006
Location: Windsor, Ontario (Canada)
Experience: Intermediate
27-Jun-2012, 09:13 PM #155
Hi,

I thought I lost you

Ok, those instructions must be for win 7 b/c I can't follow them at all. I tried to figure out what you were saying, but I failed as most of the tabs aren't there, there's no "change" button or customize size. I'm on XP Proff.

Also it wasn't just about Fx crashing, I mentioned that 2 sites aren't loading the CSS files (no graphics) & it's happening on both my computers.

No one is able to figure out what the problem is. www.speedtest.net also can't figure it out & has escalated it (that's one of the sites.)

I still think it's my ISP playing games as they are terrible & don't know what they are doing, someone else thinks I have a virus or it's Anti Vir since that's the only common denominator on both computers. Or it's the router all of a sudden.

It can't be Fx b/c I can't pull up the sites on all 3 browsers. The only time I can is when I use a proxy.

While Fx is running slightly better since I started a new profile, it's still not functioning 100% properly & just now on one site I couldn't type any text. I'd type it & have to wait 1-2 minutes for the site/computer to catch up with what I wrote.

We haven't scanned the computer for viruses/maleware in a while, so I was hoping we could go thru that again.

Like I said, I've been DLing a lot of TV shows. I was hoping Anti vir would catch any show that has something, but who knows. I have been defraging more now as the forum said I need to do that if I'm watching so much on my computers.

Thanks


Michelle
ep2002's Avatar
Computer Specs
Member with 182 posts.
THREAD STARTER
  
Join Date: Oct 2006
Location: Windsor, Ontario (Canada)
Experience: Intermediate
29-Jun-2012, 03:23 AM #156
Hi Eddie,

I know you are very busy, but I'm having HUGE problems with Fx now. I can't get pages to load once I click on the link, the same problem I was having before where the URL doesn't show up in the address bar, when I use the google search field on the top right, it doesn't do anything & I found another site that is missing the CSS, so there's something major going on here.

If you can't help me b/c you are too busy, just let me know & I'll just find another forum to start a thread on. I have to have a virus or something b/c this is just nuts.

Thanks


Michelle
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,287 posts.
  
Join Date: Mar 2001
Location: Bradford, England
01-Jul-2012, 01:03 PM #157
Okay, lets recheck for viruses again.

Is it just the one site its having problems with?

Do you still have MBAM installed? If not, can you install and run as follows:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.


-----------------

Also, can you do this. Delete any copies of OTL you have, and download a fresh one as follows:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    Code:
    netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
ep2002's Avatar
Computer Specs
Member with 182 posts.
THREAD STARTER
  
Join Date: Oct 2006
Location: Windsor, Ontario (Canada)
Experience: Intermediate
04-Jul-2012, 09:13 PM #158
Quote:
Originally Posted by eddie5659 View Post
Okay, lets recheck for viruses again.

Is it just the one site its having problems with?
No, I thought I mentioned already that the other person was right, it was the router. Once both my computer & router were shut down at the same time (that's very rare unless the electricity goes off), it fixed those 2 sites, BUT yesterday I had tons of problems with other sites & I know it's not the router this time b/c the other 2 sites in question are now working fine <sigh>.

Same issues, CSS files won't load. Links won't open pages, URLs won't show up in the address bar, etc.

I thought it was just Fx, but then I was even having problems with Chrome on a site I am on all the time.


Quote:
Originally Posted by eddie5659 View Post
Do you still have MBAM installed? If not, can you install and run as follows:
No remember you asked me to uninstall it & I did & I remember wondering why you had me uninstall it as I didn't think my computer would be safe with it gone. Why did you tell me to uninstall it?

It found 7 objects the first time, then 2 the next. I have to reboot, but wanted to give this to you in the meantime.

2012/07/04 17:47:22 -0600 EXOTIC-3C629299 Michelle MESSAGE Starting protection
2012/07/04 17:47:29 -0600 EXOTIC-3C629299 Michelle MESSAGE Protection started successfully
2012/07/04 17:47:32 -0600 EXOTIC-3C629299 Michelle MESSAGE Starting IP protection
2012/07/04 17:47:38 -0600 EXOTIC-3C629299 Michelle MESSAGE IP Protection started successfully
2012/07/04 17:59:36 -0600 EXOTIC-3C629299 Michelle MESSAGE Executing scheduled update: Daily
2012/07/04 17:59:38 -0600 EXOTIC-3C629299 Michelle MESSAGE Database already up-to-date
2012/07/04 19:17:34 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:37 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:37 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:43 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:43 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:55 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:55 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:58 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:18:04 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)

-----------------------------------------

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.04.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michelle :: EXOTIC-3C629299 [administrator]

Protection: Enabled

7/4/2012 5:48:04 PM
mbam-log-2012-07-04 (19-21-37).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 383226
Time elapsed: 1 hour(s), 33 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Documents and Settings\Michelle\Local Settings\Temp\wz1f37\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wz45e8\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wzb8f8\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wzdd23\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wze1ce\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
D:\RECYCLER\S-1-5-21-725345543-1844237615-839522115-1003\Dd22.exe (Affiliate.Downloader) -> No action taken.

(end)
ep2002's Avatar
Computer Specs
Member with 182 posts.
THREAD STARTER
  
Join Date: Oct 2006
Location: Windsor, Ontario (Canada)
Experience: Intermediate
04-Jul-2012, 09:32 PM #159
Quote:
Originally Posted by eddie5659 View Post
I'm okay

Okay, you know when you're opening Firefox windows etc, are you opening a seperate one for each site? If so, that could be the main reason for crashing, as each window takes a certain amount of memory.

Try using the tab functions, maybe 10 tabs per window, so that it doesn't use as much memory.

If you're unsure about tabs, take a look here:

http://support.mozilla.org/en-US/kb/...-single-window
Sorry, forgot to answer your question here.

Yes I know all about tabs, I've been using Fx for years.

I have both tons of windows & tabs opened.


Michelle
ep2002's Avatar
Computer Specs
Member with 182 posts.
THREAD STARTER
  
Join Date: Oct 2006
Location: Windsor, Ontario (Canada)
Experience: Intermediate
04-Jul-2012, 11:32 PM #160
Here's one file...


OTL logfile created on: 7/4/2012 8:39:54 PM - Run 6
OTL by OldTimer - Version 3.2.53.1 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 67.45% Memory free
6.09 Gb Paging File | 4.98 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.72 Gb Total Space | 116.23 Gb Free Space | 78.68% Space Free | Partition Type: NTFS
Drive D: | 142.83 Gb Total Space | 127.97 Gb Free Space | 89.60% Space Free | Partition Type: NTFS
Drive E: | 175.22 Gb Total Space | 148.21 Gb Free Space | 84.59% Space Free | Partition Type: NTFS
Drive G: | 3.65 Gb Total Space | 0.07 Gb Free Space | 1.91% Space Free | Partition Type: FAT32
Drive H: | 3.01 Gb Total Space | 2.94 Gb Free Space | 97.65% Space Free | Partition Type: FAT32

Computer Name: EXOTIC-3C629299 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/04 20:36:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/01 11:33:56 | 002,531,104 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/11/01 11:33:52 | 001,163,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2011/10/19 15:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 15:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/06/29 03:21:40 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/03/07 10:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/02/23 15:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2011/02/02 17:37:22 | 000,500,992 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2011/02/02 17:37:18 | 000,038,144 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2010/05/31 09:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/02/09 15:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/08/18 17:27:06 | 005,137,648 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2008/01/31 12:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 23:08:56 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3 e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 21:03:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbad afaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 21:02:50 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4 cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 21:00:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll
MOD - [2012/05/12 18:25:12 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b736 8bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 18:25:04 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3 d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/12 18:11:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be2 38b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 18:10:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f93 22f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 18:10:03 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d72 37aa70e935900\mscorlib.ni.dll
MOD - [2012/03/21 01:41:18 | 000,166,400 | ---- | M] () -- C:\Program Files\CrashPlan\cpnative.dll
MOD - [2012/03/21 01:41:18 | 000,013,312 | ---- | M] () -- C:\Program Files\CrashPlan\md5.dll
MOD - [2012/02/14 21:45:52 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/19 15:56:38 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/04/13 23:19:48 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/04/13 23:19:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/04/13 23:19:48 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/04/13 23:19:48 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/04/13 23:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/04/13 23:19:48 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/04/13 23:19:48 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/04/13 23:19:48 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/04/13 23:19:48 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/04/13 23:19:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/04/13 23:19:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/04/13 23:19:47 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/04/13 23:19:47 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/04/13 23:19:47 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/04/13 23:19:46 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/04/13 23:19:46 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/04/13 23:19:46 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/04/13 23:19:46 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/04/13 23:19:46 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/04/13 23:19:46 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/04/13 23:19:45 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/04/13 23:19:45 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/04/13 23:19:45 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/04/13 23:19:45 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/04/13 23:19:45 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/04/13 23:19:44 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/04/13 23:19:44 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/04/13 23:19:44 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/04/13 23:19:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/04/13 23:19:44 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/04/13 23:19:43 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/04/13 23:19:42 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/04/13 23:19:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/04/13 23:19:41 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/02/02 17:38:46 | 001,049,856 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCTH.dll
MOD - [2011/02/02 17:38:28 | 000,369,920 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCABEx.dll
MOD - [2011/02/02 17:31:32 | 001,548,288 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\Characters\RCSPSkSPVista.dll
MOD - [2010/05/05 10:21:58 | 000,126,976 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\NetFixDll.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/18 17:27:04 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/28 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
MOD - [2003/02/16 11:06:44 | 000,122,880 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\tcdbtext.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/16 23:28:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/15 13:24:36 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/26 12:40:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RT2860.sys -- (RT80x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Folder\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys -- (cpuz129)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/14 21:44:58 | 007,585,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/01/14 15:02:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/12/20 01:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/12/15 13:24:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/09 04:58:16 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/11/01 11:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/11/01 11:34:10 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/11/01 11:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/11/01 11:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2011/10/19 15:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 15:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/07 16:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/31 09:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Notes\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 09:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/02 21:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/11/02 21:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2008/07/24 00:55:23 | 000,007,296 | --S- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.SYS -- (EIO)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/02/27 11:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/23 15:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/09 02:14:09 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/03/02 02:36:10 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/11/15 22:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/24 15:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/02/17 09:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 09:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/24 17:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/20 12:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004/07/06 17:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D)
DRV - [2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 95 A5 63 2D 6B CB 01 [binary data]
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
FF - prefs.js..extensions.enabledItems: areadecoder@kevski:1.0.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://srp.freecause.com/?ourmark=3&sid=100311&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 23:28:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 23:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 17:07:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/27 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions
[2012/06/16 23:30:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/06/04 01:56:09 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/06/04 01:56:07 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\extension@freepricealerts.com
[2012/06/04 01:56:08 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\info@stretchclock.com
[2012/06/26 23:26:05 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\support@lastpass.com
[2012/06/04 01:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\extension@freepricealerts.com\chrome
[2012/06/04 01:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\extension@freepricealerts.com\defaults
[2012/06/27 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions
[2012/05/23 03:55:55 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/27 15:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/28 23:28:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/18 02:55:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
[2009/12/17 16:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}-trash
[2010/08/29 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
[2012/05/31 06:47:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/05/08 23:46:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/04/20 12:37:07 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\extension@freepri cealerts.com
[2012/02/19 19:11:13 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\info@stretchclock .com
[2012/06/26 23:26:07 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\support@lastpass. com
[2012/04/20 14:14:39 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\wasp@immeria.net
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (Xsticky-Tool) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\Xsticky-StickyNotes@xsticky.com
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\extension@freepri cealerts.com\chrome
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\extension@freepri cealerts.com\defaults
[2012/03/08 23:41:17 | 000,001,339 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\searchplugins\search-the-web.xml
[2012/06/23 15:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/22 10:24:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/23 15:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/05/26 02:14:50 | 000,336,363 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/06/24 19:22:44 | 000,025,217 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
[2012/01/21 02:46:48 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/05/25 00:28:56 | 000,012,835 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\AREADECODER@KEVSK I.XPI
[2012/02/23 23:54:43 | 000,164,722 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\COMPATIBILITY@ADD ONS.MOZILLA.ORG.XPI
[2011/11/17 22:45:04 | 000,058,906 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\IZER@CAMELCAMELCA MEL.COM.XPI
[2012/06/16 23:28:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/10 19:56:39 | 000,583,528 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInst11.dll
[2012/06/16 23:28:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/16 23:28:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpas s.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSky peChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 11.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInst11.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_2\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\

O1 HOSTS File: ([2012/02/19 23:54:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator.EXOTIC-3C629299\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..Trusted Domains: exoticpublishing.com ([]https in Trusted sites)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://service.ringcentral.com/Activ...age_Player.cab (RingCentral Message Player Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/cli...rt/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}: DhcpNameServer = 8.15.12.5 8.5.244.6
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 20:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
MsConfig - StartUpReg: pdfFactory Dispatcher v3 - hkey= - key= - File not found
MsConfig - StartUpReg: Personal Assistant - hkey= - key= - C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 16:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/04 16:35:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/04 16:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/26 23:26:10 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2012/06/26 23:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Start Menu\Programs\LastPass
[2012/06/26 23:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
[2012/06/26 23:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass
[2012/06/23 14:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/06/21 03:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\FileOpen
[2012/06/21 03:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2012/06/20 22:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\Wondershare PDF to Word
[2012/06/20 22:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Wondershare
[2012/06/20 22:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2012/06/20 22:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
[2012/06/20 22:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2012/06/17 22:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\ICCPro
[2012/06/17 22:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\com.webdimensions.instant-content-curator-pro
[2012/06/17 22:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Web Dimensions
[2012/06/17 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Web Dimensions
[2012/06/16 00:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\.config
[2012/06/16 00:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\calibre
[2012/06/16 00:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/06/16 00:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2012/06/12 03:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/06/12 03:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/06/06 23:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/06/06 23:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/05 15:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\oDesk
[2012/06/05 15:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\oDesk

========== Files - Modified Within 30 Days ==========

[2012/07/04 20:52:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
[2012/07/04 20:32:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
[2012/07/04 20:22:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/04 20:22:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/04 20:18:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/04 20:01:03 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/04 16:36:37 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/04 16:36:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/04 07:32:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/04 03:32:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
[2012/07/03 11:33:00 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/30 21:04:25 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/30 18:19:37 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/26 23:26:11 | 010,974,280 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2012/06/26 23:26:10 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2012/06/26 23:25:59 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2012/06/20 22:15:46 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare PDF to Word.lnk
[2012/06/20 22:15:46 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wondershare PDF to Word.lnk
[2012/06/17 22:37:32 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/06/16 00:53:12 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/06/15 01:50:25 | 000,768,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 21:01:03 | 000,430,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 21:01:03 | 000,066,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 20:55:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/06 23:43:39 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2012/07/04 16:36:37 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/04 16:36:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/26 23:26:10 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2012/06/26 23:25:59 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2012/06/20 22:15:46 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare PDF to Word.lnk
[2012/06/20 22:15:46 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wondershare PDF to Word.lnk
[2012/06/17 22:37:32 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/06/16 00:53:12 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/06/06 23:43:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/29 03:44:37 | 000,069,037 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Doxillion.dmp
[2012/04/08 18:44:58 | 000,123,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/04/08 00:50:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Michelle\PUTTY.RND
[2012/02/14 14:32:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 00:04:37 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/01/20 00:04:37 | 000,040,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/01/08 01:59:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/22 15:26:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/09/10 16:24:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\pathping
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Trace
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Source
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Hop
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\eonda.net
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Computing
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\8
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\7
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\6
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\[192.168.1.101]
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\.26.49]
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\over
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\5
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\4
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\3
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\2
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\1
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\0
[2011/05/06 12:19:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/02/22 18:18:25 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/02/22 18:18:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/02/22 18:17:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/02/22 18:16:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/02/22 18:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/01/03 13:49:39 | 000,166,704 | ---- | C] () -- C:\WINDOWS\System32\R0tiff.dll
[2010/11/18 23:40:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/08/02 10:12:21 | 000,000,435 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/02 09:52:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7030.dat
[2010/08/02 09:52:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/06/08 21:32:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\$_hpcst$.hpc
[2009/02/16 05:59:24 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Michelle\clipdat2.rdf
[2008/08/03 22:38:23 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/02/03 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/01/06 05:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2011/12/05 17:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/08/26 12:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/10/04 14:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2008/09/26 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/10/05 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2008/07/28 21:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2009/08/12 12:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/01/22 01:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/07/30 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maestro
[2011/11/16 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/01/07 14:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/09/06 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/06/01 01:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/02/21 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/08/02 01:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2012/04/16 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2009/06/14 16:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2008/07/24 01:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 21:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/13 22:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2010/04/22 01:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2010/08/20 08:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\acccore
[2010/08/29 12:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Auslogics
[2012/06/16 00:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\calibre
[2009/11/24 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CBS Interactive
[2008/07/24 02:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/08 17:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.infomastery.linkbounder-rmv
[2012/06/17 22:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.webdimensions.instant-content-curator-pro
[2011/10/04 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CrashPlan
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Domain Name Analyzer v4.1
[2012/06/21 03:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Downloaded Installations
[2012/07/04 20:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Dropbox
[2009/07/17 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eBookPro6
[2008/09/26 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eFax Messenger
[2008/12/24 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eMusic
[2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\FileOpen
[2010/04/29 19:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\GARMIN
[2008/09/27 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ICQ
[2009/11/11 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Image Zone Express
[2011/01/03 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ImgBurn
[2008/09/26 22:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\j2 Global
[2011/11/29 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\mjusbsp
[2012/01/07 14:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\NCH Swift Sound
[2008/08/07 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nexon
[2012/06/21 03:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nitro PDF
[2012/01/20 00:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OnlineArmor
[2010/10/06 12:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenCandy
[2012/02/28 14:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenOffice.org
[2010/09/01 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Password Manager
[2010/07/28 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Recordpad
[2011/04/28 01:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Skinux
[2010/04/27 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SmartDraw
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Softnik Technologies
[2012/03/21 02:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SystemRequirementsLab
[2011/12/08 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TeamViewer
[2010/03/07 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Thunderbird
[2011/10/07 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/06/01 03:53:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\DoxillionReminder.job
[2012/07/04 20:52:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/03/21 20:06:55 | 000,000,000 | ---D | M] -- C:\AMD
[2012/03/03 03:10:19 | 000,000,000 | ---D | M] -- C:\ATI
[2010/08/02 09:51:55 | 000,000,000 | ---D | M] -- C:\Brother
[2012/01/21 01:15:22 | 000,000,000 | ---D | M] -- C:\CASH
[2010/11/19 00:46:06 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2012/01/02 14:08:15 | 000,000,000 | ---D | M] -- C:\ComboFix
[2012/06/26 03:33:13 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2008/07/24 01:03:56 | 000,000,000 | ---D | M] -- C:\Corel
[2011/03/16 20:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2012/01/20 00:08:00 | 000,000,000 | ---D | M] -- C:\dostools
[2011/12/09 22:01:07 | 000,000,000 | ---D | M] -- C:\EVENTDB
[2009/01/17 17:21:41 | 000,000,000 | ---D | M] -- C:\found.000
[2011/12/10 09:38:09 | 000,000,000 | ---D | M] -- C:\found.001
[2012/02/14 14:27:40 | 000,000,000 | ---D | M] -- C:\found.002
[2010/04/29 19:15:37 | 000,000,000 | ---D | M] -- C:\Garmin
[2010/11/28 07:49:19 | 000,000,000 | ---D | M] -- C:\HP Disk
[2010/04/29 13:16:36 | 000,000,000 | ---D | M] -- C:\ICONS
[2011/12/08 23:55:40 | 000,000,000 | ---D | M] -- C:\INFECTED
[2010/04/29 13:17:46 | 000,000,000 | ---D | M] -- C:\INSTALL.DSK
[2012/03/21 02:46:41 | 000,000,000 | ---D | M] -- C:\Intel
[2011/12/09 04:59:04 | 000,000,000 | ---D | M] -- C:\LOGFILES
[2008/10/23 00:13:27 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008/07/24 13:38:03 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008/07/24 00:35:07 | 000,000,000 | ---D | M] -- C:\OFFICE
[2012/07/04 16:35:37 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/02/19 23:56:21 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/02/23 01:22:36 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/12/08 23:55:40 | 000,000,000 | ---D | M] -- C:\REPORTS
[2012/01/08 02:05:13 | 000,000,000 | ---D | M] -- C:\rsit
[2009/01/23 16:02:16 | 000,000,000 | ---D | M] -- C:\Samsung
[2012/07/04 20:35:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/12/22 15:24:39 | 000,000,000 | ---D | M] -- C:\Temp
[2012/02/19 23:56:22 | 000,000,000 | ---D | M] -- C:\Username123
[2012/03/12 23:39:53 | 000,000,000 | ---D | M] -- C:\vWorker
[2012/06/22 22:57:29 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA

< %windir%\Installer\*.* >
[2011/11/18 22:14:19 | 001,435,136 | ---- | M] () -- C:\WINDOWS\Installer\107c1596.msi
[2009/11/08 22:25:26 | 001,935,360 | R--- | M] () -- C:\WINDOWS\Installer\10bbab.msp
[2010/03/30 23:23:04 | 015,638,528 | R--- | M] () -- C:\WINDOWS\Installer\10bbb9.msp
[2009/01/14 14:43:58 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\10de3e8e.msp
[2012/04/15 13:28:54 | 000,203,776 | ---- | M] () -- C:\WINDOWS\Installer\11a6a0a8.msi
[2008/07/24 00:54:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\1251f8.mst
[2008/07/24 00:54:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\1251f9.mst
[2008/07/24 00:54:02 | 007,516,672 | ---- | M] () -- C:\WINDOWS\Installer\1251fd.msi
[2008/07/24 00:55:09 | 000,956,928 | ---- | M] () -- C:\WINDOWS\Installer\12520e.msi
[2008/07/24 00:55:26 | 000,903,680 | ---- | M] () -- C:\WINDOWS\Installer\125218.msi
[2008/07/24 00:55:44 | 016,722,944 | ---- | M] () -- C:\WINDOWS\Installer\125222.msi
[2008/07/24 00:55:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\125224.mst
[2008/07/24 00:55:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\125225.mst
[2008/07/24 00:55:53 | 006,558,208 | ---- | M] () -- C:\WINDOWS\Installer\125229.msi
[2008/07/24 08:24:30 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\12d8435.msi
[2012/06/12 03:46:23 | 000,039,424 | ---- | M] () -- C:\WINDOWS\Installer\13db314.msi
[2012/06/12 03:46:26 | 020,343,808 | R--- | M] () -- C:\WINDOWS\Installer\13db31c.msp
[2011/12/26 09:59:58 | 004,368,896 | R--- | M] () -- C:\WINDOWS\Installer\14e9f811.msp
[2011/12/25 05:40:46 | 000,819,200 | R--- | M] () -- C:\WINDOWS\Installer\14e9f81a.msp
[2008/06/04 11:29:48 | 016,905,728 | R--- | M] () -- C:\WINDOWS\Installer\14ef95ea.msp
[2008/07/30 06:50:56 | 012,506,112 | R--- | M] () -- C:\WINDOWS\Installer\14ef9601.msp
[2008/12/08 16:31:30 | 000,432,640 | ---- | M] () -- C:\WINDOWS\Installer\14fb364d.msi
[2008/10/17 08:03:18 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\14fb3663.msp
[2008/10/25 08:15:10 | 006,227,456 | R--- | M] () -- C:\WINDOWS\Installer\14fb367a.msp
[2008/09/24 11:05:44 | 016,381,440 | R--- | M] () -- C:\WINDOWS\Installer\14fb3683.msp
[2012/04/17 12:11:06 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\1559b006.msp
[2012/04/28 21:43:58 | 008,459,264 | R--- | M] () -- C:\WINDOWS\Installer\1559b010.msp
[2012/04/27 15:09:22 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\1559b027.msp
[2012/03/19 22:02:30 | 006,695,936 | R--- | M] () -- C:\WINDOWS\Installer\1559b03e.msp
[2012/04/09 16:50:24 | 006,829,568 | R--- | M] () -- C:\WINDOWS\Installer\1559b055.msp
[2012/04/06 03:13:32 | 016,527,872 | R--- | M] () -- C:\WINDOWS\Installer\1559b063.msp
[2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\WINDOWS\Installer\1559b06d.msp
[2012/01/04 02:25:14 | 017,751,552 | R--- | M] () -- C:\WINDOWS\Installer\1559b07c.msp
[2011/12/22 16:50:54 | 000,256,000 | R--- | M] () -- C:\WINDOWS\Installer\1559b085.msp
[2012/04/04 22:38:44 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\1559b08f.msp
[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\WINDOWS\Installer\1657c717.msp
[2011/11/17 10:55:20 | 005,522,944 | ---- | M] () -- C:\WINDOWS\Installer\1657c719.msp
[2011/01/17 15:06:20 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\171b66fa.msp
[2007/11/08 09:42:36 | 004,158,464 | R--- | M] () -- C:\WINDOWS\Installer\173cd7.msp
[2008/01/14 13:24:52 | 010,721,280 | R--- | M] () -- C:\WINDOWS\Installer\173ced.msp
[2008/01/14 14:53:34 | 005,213,696 | R--- | M] () -- C:\WINDOWS\Installer\173d03.msp
[2008/04/14 12:26:46 | 011,888,128 | R--- | M] () -- C:\WINDOWS\Installer\173d1a.msp
[2008/01/31 08:30:52 | 009,947,648 | R--- | M] () -- C:\WINDOWS\Installer\173d38.msp
[2008/02/29 20:09:58 | 016,907,776 | R--- | M] () -- C:\WINDOWS\Installer\173d4f.msp
[2008/04/01 12:33:20 | 005,479,936 | R--- | M] () -- C:\WINDOWS\Installer\173d69.msp
[2008/03/17 10:48:50 | 011,813,888 | R--- | M] () -- C:\WINDOWS\Installer\173d80.msp
[2008/06/11 13:05:06 | 009,994,240 | R--- | M] () -- C:\WINDOWS\Installer\173d9b.msp
[2010/01/27 16:53:46 | 006,820,864 | R--- | M] () -- C:\WINDOWS\Installer\187d0a98.msp
[2010/02/21 00:00:02 | 008,480,768 | R--- | M] () -- C:\WINDOWS\Installer\187d0aa2.msp
[2012/01/13 01:42:45 | 003,947,520 | ---- | M] () -- C:\WINDOWS\Installer\19ef7e82.msi
[2011/10/04 14:41:42 | 001,317,376 | ---- | M] () -- C:\WINDOWS\Installer\1b0af846.msi
[2011/04/13 22:54:31 | 000,218,624 | ---- | M] () -- C:\WINDOWS\Installer\1b116437.msi
[2011/04/13 22:55:26 | 006,465,536 | ---- | M] () -- C:\WINDOWS\Installer\1b11643c.msi
[2011/04/13 23:12:55 | 026,428,928 | ---- | M] () -- C:\WINDOWS\Installer\1b212f4f.msi
[2011/04/13 23:13:42 | 001,100,288 | ---- | M] () -- C:\WINDOWS\Installer\1b212f57.msi
[2011/04/13 23:13:46 | 000,294,912 | ---- | M] () -- C:\WINDOWS\Installer\1b212f5f.msi
[2011/04/13 23:13:49 | 000,288,768 | ---- | M] () -- C:\WINDOWS\Installer\1b212f66.msi
[2011/04/13 23:13:50 | 000,182,784 | ---- | M] () -- C:\WINDOWS\Installer\1b212f6d.msi
[2011/04/13 23:13:55 | 000,291,840 | ---- | M] () -- C:\WINDOWS\Installer\1b212f74.msi
[2011/04/13 23:13:59 | 000,357,376 | ---- | M] () -- C:\WINDOWS\Installer\1b212f7b.msi
[2011/04/13 23:14:03 | 000,291,840 | ---- | M] () -- C:\WINDOWS\Installer\1b212f82.msi
[2011/04/13 23:14:29 | 000,548,352 | ---- | M] () -- C:\WINDOWS\Installer\1b212f89.msi
[2011/04/13 23:14:38 | 000,475,136 | ---- | M] () -- C:\WINDOWS\Installer\1b212f90.msi
[2011/04/13 23:14:40 | 000,181,248 | ---- | M] () -- C:\WINDOWS\Installer\1b212f97.msi
[2011/04/13 23:14:41 | 000,180,736 | ---- | M] () -- C:\WINDOWS\Installer\1b212f9e.msi
[2011/04/13 23:14:42 | 000,186,368 | ---- | M] () -- C:\WINDOWS\Installer\1b212fa5.msi
[2011/04/13 23:14:44 | 000,213,504 | ---- | M] () -- C:\WINDOWS\Installer\1b212fad.msi
[2011/04/13 23:14:51 | 000,404,480 | ---- | M] () -- C:\WINDOWS\Installer\1b212fb5.msi
[2011/04/13 23:14:53 | 000,370,688 | ---- | M] () -- C:\WINDOWS\Installer\1b212fbc.msi
[2011/04/13 23:14:56 | 000,295,936 | ---- | M] () -- C:\WINDOWS\Installer\1b212fc3.msi
[2011/04/13 23:14:58 | 002,035,200 | ---- | M] () -- C:\WINDOWS\Installer\1b212fca.msi
[2011/04/13 23:16:34 | 001,515,008 | ---- | M] () -- C:\WINDOWS\Installer\1b212fd2.msi
[2010/03/22 14:03:14 | 011,732,992 | R--- | M] () -- C:\WINDOWS\Installer\1b53d496.msp
[2010/03/11 10:03:40 | 005,524,480 | R--- | M] () -- C:\WINDOWS\Installer\1b53d4ad.msp
[2010/03/11 19:16:30 | 004,148,224 | R--- | M] () -- C:\WINDOWS\Installer\1b53d4c4.msp
[2012/02/28 00:51:53 | 000,677,376 | ---- | M] () -- C:\WINDOWS\Installer\1b9aaddc.msi
[2011/10/27 04:49:16 | 000,160,768 | ---- | M] () -- C:\WINDOWS\Installer\1c5d6f.msi
[2009/05/12 11:01:38 | 006,818,816 | R--- | M] () -- C:\WINDOWS\Installer\1c93e0.msp
[2009/04/04 05:35:30 | 038,325,760 | R--- | M] () -- C:\WINDOWS\Installer\1c9409.msp
[2009/05/28 10:32:54 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\1c9420.msp
[2009/04/23 15:57:12 | 007,672,832 | R--- | M] () -- C:\WINDOWS\Installer\1c9437.msp
[2009/04/24 10:30:16 | 002,583,552 | R--- | M] () -- C:\WINDOWS\Installer\1c9443.msp
[2009/05/04 05:46:14 | 008,299,008 | R--- | M] () -- C:\WINDOWS\Installer\1c944e.msp
[2012/04/04 05:17:36 | 016,613,376 | ---- | M] () -- C:\WINDOWS\Installer\1dab47ba.msp
[2012/04/17 22:08:50 | 001,769,984 | ---- | M] () -- C:\WINDOWS\Installer\1dd1d204.msi
[2010/08/24 07:49:22 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\1e7aff.msp
[2010/10/04 14:32:10 | 005,517,824 | R--- | M] () -- C:\WINDOWS\Installer\1e7b16.msp
[2010/08/23 15:09:02 | 007,673,344 | R--- | M] () -- C:\WINDOWS\Installer\1e7b2d.msp
[2009/10/22 11:28:50 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\1f8e5936.msp
[2009/10/06 17:40:46 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\1f8e594d.msp
[2009/08/18 11:58:56 | 008,301,056 | R--- | M] () -- C:\WINDOWS\Installer\1f8e5957.msp
[2009/10/22 11:46:32 | 006,821,888 | R--- | M] () -- C:\WINDOWS\Installer\1f8e596e.msp
[2011/10/07 23:06:42 | 000,022,528 | ---- | M] () -- C:\WINDOWS\Installer\1f93262.msi
[2012/03/20 23:57:14 | 006,188,544 | R--- | M] () -- C:\WINDOWS\Installer\1fde943.msp
[2012/04/21 21:55:38 | 000,980,480 | R--- | M] () -- C:\WINDOWS\Installer\1fde94c.msp
[2012/06/26 03:33:12 | 000,348,160 | ---- | M] () -- C:\WINDOWS\Installer\200340f5.msi
[2010/11/26 23:57:53 | 000,454,656 | ---- | M] () -- C:\WINDOWS\Installer\2108b86.msi
[2011/06/28 20:27:28 | 004,028,928 | R--- | M] () -- C:\WINDOWS\Installer\212ded.msp
[2002/12/20 11:03:32 | 001,247,232 | ---- | M] () -- C:\WINDOWS\Installer\214066.msi
[2008/07/24 01:20:06 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140a3.msi
[2008/07/24 01:20:07 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140aa.msi
[2008/07/24 01:20:09 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140b1.msi
[2008/07/24 01:20:30 | 000,121,344 | ---- | M] () -- C:\WINDOWS\Installer\2140e4.msi
[2008/07/24 01:20:32 | 000,274,432 | ---- | M] () -- C:\WINDOWS\Installer\2140f0.msi
[2008/07/24 01:20:57 | 000,985,600 | ---- | M] () -- C:\WINDOWS\Installer\214134.msi
[2008/07/24 01:28:43 | 001,533,440 | ---- | M] () -- C:\WINDOWS\Installer\214155.msi
[2011/09/15 17:37:32 | 038,176,256 | R--- | M] () -- C:\WINDOWS\Installer\2183a2.msp
[2009/07/08 21:10:04 | 001,659,392 | ---- | M] () -- C:\WINDOWS\Installer\22388d37.msi
[2009/08/25 12:57:34 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\231086dd.msp
[2011/09/20 14:36:20 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\235a8d9c.msp
[2011/07/11 19:43:20 | 011,641,344 | R--- | M] () -- C:\WINDOWS\Installer\235a8da8.msp
[2012/03/21 20:08:01 | 000,442,368 | ---- | M] () -- C:\WINDOWS\Installer\23cb6a.msi
[2012/03/21 20:08:14 | 001,720,832 | ---- | M] () -- C:\WINDOWS\Installer\23cb72.msi
[2012/03/21 20:12:05 | 000,356,352 | ---- | M] () -- C:\WINDOWS\Installer\23cc9b.msi
[2012/03/21 20:12:07 | 000,265,728 | ---- | M] () -- C:\WINDOWS\Installer\23cca2.msi
[2012/03/21 20:12:08 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccaa.msi
[2012/03/21 20:12:10 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccb1.msi
[2012/03/21 20:12:11 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccb8.msi
[2012/03/21 20:12:12 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccbf.msi
[2012/03/21 20:12:14 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccc6.msi
[2012/03/21 20:12:15 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23cccd.msi
[2012/03/21 20:12:17 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccd4.msi
[2012/03/21 20:12:18 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccdb.msi
[2012/03/21 20:12:19 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cce2.msi
[2012/03/21 20:12:21 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23cce9.msi
[2012/03/21 20:12:22 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23ccf0.msi
[2012/03/21 20:12:24 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23ccf7.msi
[2012/03/21 20:12:25 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccfe.msi
[2012/03/21 20:12:26 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd05.msi
[2012/03/21 20:12:28 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd0c.msi
[2012/03/21 20:12:29 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23cd13.msi
[2012/03/21 20:12:30 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd1a.msi
[2012/03/21 20:12:31 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd21.msi
[2012/03/21 20:12:33 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd28.msi
[2012/03/21 20:12:34 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd2f.msi
[2012/03/21 20:12:35 | 000,249,344 | ---- | M] () -- C:\WINDOWS\Installer\23cd36.msi
[2012/03/21 20:12:37 | 000,251,904 | ---- | M] () -- C:\WINDOWS\Installer\23cd3d.msi
[2012/03/21 20:12:41 | 000,418,304 | ---- | M] () -- C:\WINDOWS\Installer\23cd44.msi
[2012/03/21 20:12:42 | 000,232,960 | ---- | M] () -- C:\WINDOWS\Installer\23cd4b.msi
[2012/03/21 20:12:59 | 001,136,128 | ---- | M] () -- C:\WINDOWS\Installer\23cd53.msi
[2009/07/01 11:21:28 | 008,891,904 | R--- | M] () -- C:\WINDOWS\Installer\24a1a268.msp
[2009/07/01 11:19:52 | 010,607,104 | R--- | M] () -- C:\WINDOWS\Installer\24a1a269.msp
[2009/08/05 00:11:20 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\24a1a280.msp
[2009/06/30 09:30:08 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\24d1dd6e.msp
[2009/05/21 20:04:59 | 000,301,056 | ---- | M] () -- C:\WINDOWS\Installer\253c0d99.msi
[2009/05/21 20:05:10 | 000,107,008 | ---- | M] () -- C:\WINDOWS\Installer\253c0da0.msi
[2009/05/21 20:05:23 | 000,059,904 | ---- | M] () -- C:\WINDOWS\Installer\253c0da7.msi
[2009/05/21 20:05:31 | 000,083,456 | ---- | M] () -- C:\WINDOWS\Installer\253c0dae.msi
[2009/05/21 20:06:23 | 000,152,576 | ---- | M] () -- C:\WINDOWS\Installer\253c0db5.msi
[2009/05/21 20:06:32 | 000,202,752 | ---- | M] () -- C:\WINDOWS\Installer\253c0dbc.msi
[2009/05/21 20:06:40 | 000,140,288 | ---- | M] () -- C:\WINDOWS\Installer\253c0dc4.msi
[2009/05/21 20:06:44 | 000,028,160 | ---- | M] () -- C:\WINDOWS\Installer\253c0dcb.msi
[2009/05/21 20:06:49 | 000,025,088 | ---- | M] () -- C:\WINDOWS\Installer\253c0dd7.msi
[2009/05/21 20:57:45 | 000,431,104 | ---- | M] () -- C:\WINDOWS\Installer\253c0df7.msi
[2009/12/01 15:41:08 | 000,429,568 | ---- | M] () -- C:\WINDOWS\Installer\28e45.msi
[2008/11/05 21:18:51 | 000,355,328 | ---- | M] () -- C:\WINDOWS\Installer\2bb9aa36.msi
[2010/09/23 05:39:44 | 004,265,472 | R--- | M] () -- C:\WINDOWS\Installer\2c65945b.msp
[2010/09/23 19:02:28 | 000,798,208 | R--- | M] () -- C:\WINDOWS\Installer\2c659464.msp
[2012/01/15 04:27:20 | 000,430,592 | ---- | M] () -- C:\WINDOWS\Installer\2cc9d85.msi
[2011/11/17 10:55:20 | 005,522,944 | R--- | M] () -- C:\WINDOWS\Installer\2e0c146.msp
[2011/10/31 12:37:46 | 004,146,688 | R--- | M] () -- C:\WINDOWS\Installer\2e0c15e.msp
[2011/10/29 23:10:18 | 006,824,960 | R--- | M] () -- C:\WINDOWS\Installer\2e0c175.msp
[2011/11/01 13:34:30 | 001,552,384 | R--- | M] () -- C:\WINDOWS\Installer\2e0c17f.msp
[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\WINDOWS\Installer\2fabd.msp
[2010/04/21 15:46:50 | 005,522,432 | R--- | M] () -- C:\WINDOWS\Installer\30788.msp
[2009/10/16 16:07:18 | 006,115,328 | R--- | M] () -- C:\WINDOWS\Installer\3079f.msp
[2009/04/06 15:00:42 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\30f1a.msp
[2008/07/23 20:37:12 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\317a6.msi
[2009/09/21 14:53:56 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\32dbce93.msp
[2009/09/29 07:08:12 | 006,747,648 | R--- | M] () -- C:\WINDOWS\Installer\32dbceaa.msp
[2009/07/27 02:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\32dbceb4.msp
[2009/08/20 03:02:38 | 005,204,992 | R--- | M] () -- C:\WINDOWS\Installer\32dbcecb.msp
[2009/08/21 08:14:20 | 008,363,008 | R--- | M] () -- C:\WINDOWS\Installer\32dbcee8.msp
[2010/02/26 17:50:15 | 000,763,392 | ---- | M] () -- C:\WINDOWS\Installer\338312d.msi
[2011/05/23 13:15:48 | 003,617,792 | R--- | M] () -- C:\WINDOWS\Installer\34a4ce08.msp
[2009/06/08 21:31:49 | 000,912,384 | ---- | M] () -- C:\WINDOWS\Installer\34eff27c.msi
[2012/03/05 21:34:06 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\38e3d.msp
[2010/02/03 18:06:50 | 001,205,760 | ---- | M] () -- C:\WINDOWS\Installer\3df54d1d.msi
[2010/01/11 01:46:39 | 000,088,576 | ---- | M] () -- C:\WINDOWS\Installer\3e280242.msi
[2008/07/29 18:31:05 | 006,083,072 | R--- | M] () -- C:\WINDOWS\Installer\3e280243.msp
[2008/07/29 18:37:10 | 000,911,360 | R--- | M] () -- C:\WINDOWS\Installer\3e280244.msp
[2008/07/29 18:33:06 | 000,506,368 | R--- | M] () -- C:\WINDOWS\Installer\3e280245.msp
[2008/07/29 18:43:20 | 001,013,248 | R--- | M] () -- C:\WINDOWS\Installer\3e280246.msp
[2008/07/29 18:35:08 | 000,553,472 | R--- | M] () -- C:\WINDOWS\Installer\3e280247.msp
[2008/07/29 18:39:12 | 003,403,264 | R--- | M] () -- C:\WINDOWS\Installer\3e280248.msp
[2008/07/29 18:41:15 | 006,487,040 | R--- | M] () -- C:\WINDOWS\Installer\3e280249.msp
[2008/07/29 18:29:02 | 002,926,080 | R--- | M] () -- C:\WINDOWS\Installer\3e28024a.msp
[2008/07/29 18:45:26 | 002,543,616 | R--- | M] () -- C:\WINDOWS\Installer\3e28024b.msp
[2010/01/11 01:48:22 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Installer\3e2ac045.msi
[2008/07/29 22:07:18 | 000,023,040 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac046.msp
[2008/07/29 20:18:47 | 003,376,640 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac047.msp
[2008/07/29 21:22:41 | 004,137,984 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac048.msp
[2008/07/29 20:34:27 | 001,448,448 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac049.msp
[2008/07/29 22:15:12 | 003,697,664 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04a.msp
[2008/07/29 20:40:37 | 000,291,840 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04b.msp
[2008/07/29 21:37:55 | 002,679,808 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04c.msp
[2008/07/29 22:28:09 | 000,278,016 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04d.msp
[2008/07/29 20:26:24 | 001,043,456 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04e.msp
[2008/07/29 22:23:11 | 000,250,880 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04f.msp
[2010/01/11 01:49:37 | 000,648,192 | ---- | M] () -- C:\WINDOWS\Installer\3e2c48a2.msi
[2010/09/24 00:25:13 | 005,241,344 | ---- | M] () -- C:\WINDOWS\Installer\3f3e1071.msi
[2010/09/24 01:12:02 | 003,969,024 | ---- | M] () -- C:\WINDOWS\Installer\3f6850ab.msi
[2012/04/06 02:12:34 | 015,709,696 | R--- | M] () -- C:\WINDOWS\Installer\4041a.msp
[2009/11/17 12:58:25 | 000,087,040 | ---- | M] () -- C:\WINDOWS\Installer\41f6646.msi
[2009/11/17 12:58:27 | 000,087,552 | ---- | M] () -- C:\WINDOWS\Installer\41f664d.msi
[2008/07/24 01:47:17 | 000,020,992 | ---- | M] () -- C:\WINDOWS\Installer\43c29f.msi
[2008/10/20 09:18:14 | 006,474,240 | R--- | M] () -- C:\WINDOWS\Installer\43c52.msp
[2008/10/22 21:48:56 | 007,672,832 | R--- | M] () -- C:\WINDOWS\Installer\43c69.msp
[2008/10/22 21:43:52 | 006,820,352 | R--- | M] () -- C:\WINDOWS\Installer\43c80.msp
[2008/10/20 09:22:54 | 011,758,592 | R--- | M] () -- C:\WINDOWS\Installer\43c8a.msp
[2008/07/01 07:25:56 | 011,814,912 | R--- | M] () -- C:\WINDOWS\Installer\4520220b.msp
[2008/07/28 12:59:08 | 000,180,736 | R--- | M] () -- C:\WINDOWS\Installer\45202221.msp
[2008/06/11 12:02:44 | 000,830,464 | R--- | M] () -- C:\WINDOWS\Installer\45202237.msp
[2008/07/08 09:27:36 | 008,436,736 | R--- | M] () -- C:\WINDOWS\Installer\4520224e.msp
[2008/07/16 08:39:56 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\45202265.msp
[2008/07/08 08:09:30 | 011,887,616 | R--- | M] () -- C:\WINDOWS\Installer\4520227c.msp
[2011/08/17 10:13:19 | 000,019,968 | ---- | M] () -- C:\WINDOWS\Installer\45bd00cc.msi
[2009/03/20 10:48:56 | 000,183,808 | R--- | M] () -- C:\WINDOWS\Installer\4653d0d8.msp
[2008/12/13 08:57:24 | 008,397,824 | R--- | M] () -- C:\WINDOWS\Installer\4653d0e9.msp
[2008/12/13 09:21:36 | 010,473,472 | R--- | M] () -- C:\WINDOWS\Installer\4653d0f5.msp
[2008/12/13 08:58:22 | 000,754,688 | R--- | M] () -- C:\WINDOWS\Installer\4653d102.msp
[2009/08/14 19:32:40 | 011,110,912 | R--- | M] () -- C:\WINDOWS\Installer\4653d10d.msp
[2010/08/25 15:06:30 | 006,479,360 | R--- | M] () -- C:\WINDOWS\Installer\487d4853.msp
[2010/08/20 11:50:16 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\487d486a.msp
[2010/08/05 08:57:58 | 004,066,304 | R--- | M] () -- C:\WINDOWS\Installer\487d488f.msp
[2009/04/24 10:31:18 | 001,425,920 | R--- | M] () -- C:\WINDOWS\Installer\49cc3.msp
[2009/05/01 13:49:44 | 004,328,960 | R--- | M] () -- C:\WINDOWS\Installer\49cdb.msp
[2012/06/16 00:53:12 | 000,815,616 | ---- | M] () -- C:\WINDOWS\Installer\4f13a44.msi
[2009/08/05 23:42:25 | 000,248,832 | ---- | M] () -- C:\WINDOWS\Installer\4f6f75d4.msi
[2009/08/05 23:42:32 | 000,195,584 | ---- | M] () -- C:\WINDOWS\Installer\4f6f75db.msi
[2010/06/30 20:52:28 | 005,522,944 | R--- | M] () -- C:\WINDOWS\Installer\50d2c.msp
[2010/06/11 15:55:00 | 001,827,328 | R--- | M] () -- C:\WINDOWS\Installer\50d44.msp
[2010/06/11 15:52:10 | 045,542,912 | R--- | M] () -- C:\WINDOWS\Installer\50d45.msp
[2010/05/25 09:45:58 | 008,445,440 | R--- | M] () -- C:\WINDOWS\Installer\50d5d.msp
[2012/06/05 14:50:57 | 000,900,096 | ---- | M] () -- C:\WINDOWS\Installer\516bec9.msi
[2008/11/05 13:25:16 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\51d58.msp
[2012/06/20 22:16:16 | 000,213,504 | ---- | M] () -- C:\WINDOWS\Installer\5215c0e.msi
[2009/07/22 15:22:05 | 001,091,584 | ---- | M] () -- C:\WINDOWS\Installer\58c467a.msi
[2009/07/22 15:22:07 | 000,084,480 | ---- | M] () -- C:\WINDOWS\Installer\58c4681.msi
[2008/12/12 10:09:40 | 005,517,824 | R--- | M] () -- C:\WINDOWS\Installer\5bc17de.msp
[2009/03/05 13:40:52 | 006,819,840 | R--- | M] () -- C:\WINDOWS\Installer\5bf94773.msp
[2009/02/25 17:07:14 | 011,646,464 | R--- | M] () -- C:\WINDOWS\Installer\5bf9477d.msp
[2010/03/28 12:38:02 | 000,219,648 | ---- | M] () -- C:\WINDOWS\Installer\5da72f.msi
[2011/01/11 15:50:38 | 008,177,152 | R--- | M] () -- C:\WINDOWS\Installer\624977a9.msp
[2011/03/03 09:25:14 | 005,051,904 | R--- | M] () -- C:\WINDOWS\Installer\624977c0.msp
[2011/03/17 18:01:58 | 009,563,648 | R--- | M] () -- C:\WINDOWS\Installer\624977ca.msp
[2010/11/20 21:34:34 | 001,198,080 | R--- | M] () -- C:\WINDOWS\Installer\624977d4.msp
[2011/02/11 18:47:00 | 012,028,928 | R--- | M] () -- C:\WINDOWS\Installer\624977e1.msp
[2011/04/05 10:52:16 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\624977f8.msp
[2011/02/24 07:38:52 | 010,984,448 | R--- | M] () -- C:\WINDOWS\Installer\6249780f.msp
[2011/01/27 12:49:14 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\62497826.msp
[2010/07/10 18:14:14 | 002,850,816 | R--- | M] () -- C:\WINDOWS\Installer\6361e.msp
[2008/07/24 02:42:00 | 000,431,104 | ---- | M] () -- C:\WINDOWS\Installer\6362e.msi
[2010/07/26 15:02:46 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\63635.msp
[2010/05/19 11:08:52 | 011,408,896 | R--- | M] () -- C:\WINDOWS\Installer\63641.msp
[2010/06/28 20:53:16 | 006,819,840 | R--- | M] () -- C:\WINDOWS\Installer\63658.msp
[2010/06/28 14:01:18 | 007,677,952 | R--- | M] () -- C:\WINDOWS\Installer\6366f.msp
[2009/11/20 14:00:24 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\642cceb3.msp
[2009/09/09 14:40:48 | 000,632,320 | R--- | M] () -- C:\WINDOWS\Installer\642cceca.msp
[2009/12/16 21:58:22 | 005,382,144 | R--- | M] () -- C:\WINDOWS\Installer\642ccee4.msp
[2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\WINDOWS\Installer\64e51e6.msp
[2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\WINDOWS\Installer\64e51f0.msp
[2011/07/21 11:34:34 | 003,456,000 | R--- | M] () -- C:\WINDOWS\Installer\64e51fd.msp
[2011/08/16 11:35:02 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\64e5213.msp
[2011/07/26 07:17:10 | 006,824,960 | R--- | M] () -- C:\WINDOWS\Installer\64e522a.msp
[2011/07/26 15:33:48 | 010,984,448 | R--- | M] () -- C:\WINDOWS\Installer\64e5241.msp
[2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\WINDOWS\Installer\64e524b.msp
[2011/04/29 11:30:12 | 001,197,056 | R--- | M] () -- C:\WINDOWS\Installer\65584a30.msp
[2011/06/16 10:48:15 | 000,467,456 | ---- | M] () -- C:\WINDOWS\Installer\65584a43.msi
[2011/04/29 12:04:54 | 005,053,440 | R--- | M] () -- C:\WINDOWS\Installer\65584a59.msp
[2011/04/29 11:33:30 | 008,173,568 | R--- | M] () -- C:\WINDOWS\Installer\65584a63.msp
[2011/05/17 17:28:52 | 006,862,848 | R--- | M] () -- C:\WINDOWS\Installer\65584a7a.msp
[2011/05/20 16:31:56 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\65584a91.msp
[2011/04/27 18:51:18 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\65584aa8.msp
[2011/06/16 10:54:14 | 000,223,744 | ---- | M] () -- C:\WINDOWS\Installer\65584ab1.msi
[2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\65584aba.msp
[2010/03/30 10:34:48 | 003,826,688 | R--- | M] () -- C:\WINDOWS\Installer\66e22.msp
[2010/05/03 14:06:36 | 005,053,952 | R--- | M] () -- C:\WINDOWS\Installer\66e39.msp
[2010/04/24 15:10:46 | 008,486,400 | R--- | M] () -- C:\WINDOWS\Installer\66e43.msp
[2010/02/24 22:14:38 | 000,543,232 | R--- | M] () -- C:\WINDOWS\Installer\66e52.msp
[2010/04/11 20:17:10 | 004,210,688 | R--- | M] () -- C:\WINDOWS\Installer\66e5f.msp
[2010/04/11 20:17:08 | 002,607,104 | R--- | M] () -- C:\WINDOWS\Installer\66e60.msp
[2010/04/11 20:17:12 | 014,599,680 | R--- | M] () -- C:\WINDOWS\Installer\66e70.msp
[2010/05/10 15:17:22 | 005,520,896 | R--- | M] () -- C:\WINDOWS\Installer\66e87.msp
[2010/05/04 20:25:30 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\66e9e.msp
[2010/05/03 14:11:42 | 004,149,760 | R--- | M] () -- C:\WINDOWS\Installer\66eb5.msp
[2010/04/24 15:09:46 | 011,750,912 | R--- | M] () -- C:\WINDOWS\Installer\66ebf.msp
[2010/05/03 14:27:52 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\66ed6.msp
[2010/05/11 09:30:58 | 011,194,880 | R--- | M] () -- C:\WINDOWS\Installer\66eed.msp
[2009/05/10 17:01:12 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\6dfbd.msi
[2010/01/19 17:29:16 | 005,050,368 | R--- | M] () -- C:\WINDOWS\Installer\72a0146.msp
[2010/01/19 16:51:12 | 005,524,480 | R--- | M] () -- C:\WINDOWS\Installer\72a015d.msp
[2007/07/21 12:26:34 | 007,574,016 | R--- | M] () -- C:\WINDOWS\Installer\732b1806.msp
[2008/04/18 13:56:18 | 006,215,680 | R--- | M] () -- C:\WINDOWS\Installer\732b1811.msp
[2007/10/14 22:33:24 | 026,646,016 | R--- | M] () -- C:\WINDOWS\Installer\732b1827.msp
[2008/07/29 22:20:14 | 011,767,296 | R--- | M] () -- C:\WINDOWS\Installer\732b1831.msp
[2008/08/11 10:49:32 | 022,457,344 | R--- | M] () -- C:\WINDOWS\Installer\732b183b.msp
[2008/06/19 17:28:04 | 001,573,376 | R--- | M] () -- C:\WINDOWS\Installer\732b1846.msp
[2008/08/11 10:51:14 | 015,916,544 | R--- | M] () -- C:\WINDOWS\Installer\732b1850.msp
[2008/08/13 13:49:34 | 011,816,960 | R--- | M] () -- C:\WINDOWS\Installer\732b1867.msp
[2007/07/27 07:03:06 | 119,977,472 | R--- | M] () -- C:\WINDOWS\Installer\766131.msp
[2008/08/03 17:42:07 | 000,470,528 | ---- | M] () -- C:\WINDOWS\Installer\766139.msi
[2008/06/10 12:09:22 | 005,517,312 | R--- | M] () -- C:\WINDOWS\Installer\766150.msp
[2005/10/26 12:59:54 | 002,883,072 | R--- | M] () -- C:\WINDOWS\Installer\766167.msp
[2012/01/25 14:55:08 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\79d6c.msp
[2011/10/30 22:54:38 | 002,748,416 | R--- | M] () -- C:\WINDOWS\Installer\79d75.msp
[2008/07/23 22:52:25 | 005,922,816 | ---- | M] () -- C:\WINDOWS\Installer\7e0c8b.msi
[2009/12/11 09:29:56 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\7eb2e.msp
[2011/12/06 15:22:40 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\858ed0f.msp
[2009/08/12 11:38:16 | 000,637,952 | ---- | M] () -- C:\WINDOWS\Installer\9473cab.msi
[2009/08/12 12:31:34 | 000,799,232 | ---- | M] () -- C:\WINDOWS\Installer\977f5fc.msi
[2009/08/12 12:35:45 | 000,404,480 | ---- | M] () -- C:\WINDOWS\Installer\977f60c.msi
[2012/02/02 23:56:22 | 000,963,584 | R--- | M] () -- C:\WINDOWS\Installer\9c203.msp
[2012/03/28 18:10:04 | 012,098,048 | R--- | M] () -- C:\WINDOWS\Installer\9c21a.msp
[2012/03/22 13:09:58 | 005,521,920 | R--- | M] () -- C:\WINDOWS\Installer\9c231.msp
[2011/07/26 12:50:18 | 005,522,432 | R--- | M] () -- C:\WINDOWS\Installer\a09b9.msp
[2011/05/01 23:06:16 | 002,705,920 | R--- | M] () -- C:\WINDOWS\Installer\a09c2.msp
[2009/02/11 13:02:00 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\a83efb3.msp
[2010/07/25 20:02:03 | 001,094,656 | ---- | M] () -- C:\WINDOWS\Installer\afd4fc8.msi
[2011/02/22 09:32:12 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\b4687ec.msp
[2010/10/01 20:53:12 | 004,147,712 | R--- | M] () -- C:\WINDOWS\Installer\b89d6a5.msp
[2010/12/06 14:02:34 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\b89d6bc.msp
[2010/11/12 10:08:30 | 000,889,344 | R--- | M] () -- C:\WINDOWS\Installer\b89d6d7.msp
[2010/10/22 14:45:16 | 008,444,928 | R--- | M] () -- C:\WINDOWS\Installer\b89d6ef.msp
[2011/11/03 13:31:36 | 005,525,504 | R--- | M] () -- C:\WINDOWS\Installer\babef.msp
[2011/04/08 20:17:28 | 000,004,608 | ---- | M] () -- C:\WINDOWS\Installer\c1a34e.msi
[2012/06/06 23:43:46 | 009,474,048 | ---- | M] () -- C:\WINDOWS\Installer\c2675e5.msi
[2012/06/06 23:46:57 | 001,530,368 | ---- | M] () -- C:\WINDOWS\Installer\c26761f.msi
[2012/04/08 17:50:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Installer\caebb2b.msi
[2012/04/08 18:08:38 | 000,028,160 | ---- | M] () -- C:\WINDOWS\Installer\cbeed20.msi
[2012/06/22 10:25:11 | 001,259,008 | ---- | M] () -- C:\WINDOWS\Installer\ce17078.msi
[2012/04/08 20:33:27 | 002,991,104 | ---- | M] () -- C:\WINDOWS\Installer\d40c8f0.msi
[2012/06/17 15:44:57 | 001,648,128 | ---- | M] () -- C:\WINDOWS\Installer\d47b521.msi
[2010/04/29 19:20:37 | 001,571,840 | ---- | M] () -- C:\WINDOWS\Installer\d5a53e.msi
[2012/03/21 02:43:38 | 000,031,744 | ---- | M] () -- C:\WINDOWS\Installer\d66cf.msi
[2012/03/25 04:56:30 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\d9e821a.msi
[2010/10/22 12:25:02 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\e356b0.msp
[2010/10/01 16:42:36 | 005,054,464 | R--- | M] () -- C:\WINDOWS\Installer\e356c7.msp
[2010/10/14 15:57:14 | 011,189,248 | R--- | M] () -- C:\WINDOWS\Installer\e356de.msp
[2010/09/17 05:04:16 | 009,401,856 | R--- | M] () -- C:\WINDOWS\Installer\e356e8.msp
[2012/06/17 22:37:32 | 000,055,296 | ---- | M] () -- C:\WINDOWS\Installer\ec28ea1.msi
[2011/12/08 19:39:53 | 000,493,056 | ---- | M] () -- C:\WINDOWS\Installer\f40771a.msi
[2012/03/27 09:47:55 | 004,959,232 | R--- | M] () -- C:\WINDOWS\Installer\f47ef79.msp
[2011/01/18 22:36:00 | 002,687,488 | R--- | M] () -- C:\WINDOWS\Installer\f767c67.msp
[2011/03/28 02:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\f767c75.msp
[2009/07/08 21:08:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{8355F970-601D-442D-A79B-1D7DB4F24CAD}.SchedServiceConfig.rmi
[2010/01/22 16:33:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi
[2009/07/20 16:22:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}.SchedServiceConfig.rmi
[6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ERDNT\cache\regedit.exe
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe
[2006/02/28 06:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright (C) 1999-2003 Microsoft Corporation.
On computer: EXOTIC-3C629299
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 B
Volume 1 C NTFS Partition 148 GB Healthy System
Volume 2 D NTFS Partition 143 GB Healthy
Volume 3 E NTFS Partition 175 GB Healthy
Volume 4 G KINGSTON FAT32 Removeable 3741 MB
Volume 5 H Kindle FAT32 Removeable 3090 MB

< End of report >
ep2002's Avatar
Computer Specs
Member with 182 posts.
THREAD STARTER
  
Join Date: Oct 2006
Location: Windsor, Ontario (Canada)
Experience: Intermediate
05-Jul-2012, 12:15 AM #161
I can't find the extras.txt file. I've looked everywhere & even tried to search for it under C & nothing
ep2002's Avatar
Computer Specs
Member with 182 posts.
THREAD STARTER
  
Join Date: Oct 2006
Location: Windsor, Ontario (Canada)
Experience: Intermediate
05-Jul-2012, 03:04 AM #162
I ran MBAM again & got 5 more errors.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.04.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michelle :: EXOTIC-3C629299 [administrator]

Protection: Enabled

7/4/2012 11:00:35 PM
mbam-log-2012-07-05 (00-45-38).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 382759
Time elapsed: 1 hour(s), 44 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Documents and Settings\Michelle\Local Settings\Temp\wz1f37\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wz45e8\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wzb8f8\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wzdd23\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wze1ce\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\System Volume Information\_restore{7FE4316E-3B27-4BF1-A257-4FC0B36D0872}\RP1434\A0301669.exe (PUP.BundleInstaller.Somoto) -> No action taken.

(end)
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,287 posts.
  
Join Date: Mar 2001
Location: Bradford, England
08-Jul-2012, 12:18 PM #163
Quote:
2012/07/04 17:47:22 -0600 EXOTIC-3C629299 Michelle MESSAGE Starting protection
2012/07/04 17:47:29 -0600 EXOTIC-3C629299 Michelle MESSAGE Protection started successfully
2012/07/04 17:47:32 -0600 EXOTIC-3C629299 Michelle MESSAGE Starting IP protection
2012/07/04 17:47:38 -0600 EXOTIC-3C629299 Michelle MESSAGE IP Protection started successfully
2012/07/04 17:59:36 -0600 EXOTIC-3C629299 Michelle MESSAGE Executing scheduled update: Daily
2012/07/04 17:59:38 -0600 EXOTIC-3C629299 Michelle MESSAGE Database already up-to-date
2012/07/04 19:17:34 -0600 EXOTIC-3C629299 Michelle IP-BLOCK (Type: outgoing)
2012/07/04 19:17:37 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:37 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:43 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:43 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:55 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:55 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:17:58 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
2012/07/04 19:18:04 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
Okay, now the above is going to a US IP address, whereas your IP is Panama. When you ran this on the 4th July, where you in the US? If not, we'll look at the firewall rules. However, you did say you're downloading tv shows. Is this via torrent, as this is ilegal? Either way, if it is torrent, did you have it running whilst running the scan, as that may be the reason?

Quote:
C:\Documents and Settings\Michelle\Local Settings\Temp\wz1f37\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wz45e8\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wzb8f8\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wzdd23\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wze1ce\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
D:\RECYCLER\S-1-5-21-725345543-1844237615-839522115-1003\Dd22.exe (Affiliate.Downloader) -> No action taken.
These are showing as no action taken. Did you remove these, because if you didn't, they'll be there all the time? UltraSurf is a proxy, are you knowingly using this program?

Quote:
Sorry, forgot to answer your question here.

Yes I know all about tabs, I've been using Fx for years.

I have both tons of windows & tabs opened.
Like I said before, it may be too much running for your system to cope. Do you really need over 25 webpages open at one time?


---

Looking in the OTL log, you have this:

Quote:
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
This is about it:

https://addons.mozilla.org/en-US/fir...bookmarks-bar/

And it says not only is it discontinued, but uses some adapted CSS code fragments from userstyles.org. This could be causing the CSS problems.

--------

Looking in the OTL log (its okay about the other log, as sometimes it doesn't create it) your Java is out of date, which opens you to malicious websites:

Upgrade Java : (32 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 5 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Accept License Agreement.[/b]".
  • Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u5-windows-i586.exe and select "Run as an Administrator.")


After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:
  • Applications and Applets
  • Trace and Log Files
OK out of all the screens.


-------------

Do you know what these folders are? If you do, then I'll leave them alone

Quote:
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\8
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\7
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\6
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\[192.168.1.101]
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\.26.49]
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\over
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\5
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\4
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\3
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\2
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\1
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\0

----------------

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RT2860.sys -- (RT80x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Folder\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys -- (cpuz129)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys -- (catchme)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://srp.freecause.com/?ourmark=3&sid=100311&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
MsConfig - StartUpReg: pdfFactory Dispatcher v3 - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


----------------------

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
ep2002's Avatar
Computer Specs
Member with 182 posts.
THREAD STARTER
  
Join Date: Oct 2006
Location: Windsor, Ontario (Canada)
Experience: Intermediate
09-Jul-2012, 03:47 AM #164
Ok, I'll do this one at a time.

I'm checking into the Fx add-on you mentioned as the site is named slightly different. I'm seeing if the guys on the forum can find me a new one. Geeze, I've never had an add-on do that before if it is doing that.

Things seem to be getting worse when it comes to add-ons & Fx changing versions every couple of months.

Are you saying that every time I use the proxy it still makes my IP address US?

I don't see how that can be, as I use it on my laptop all the time & if I don't use it, I can't get onto certain sites.

I only used it on the laptop once or twice & then stopped.

How do I clean that stuff out?

And to be clear, I NEVER used it on July 4th. I haven't used it in over a month or so, so that's scaring me.

Some techie guy gave it to me. It's very easy to use.


Michelle
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,287 posts.
  
Join Date: Mar 2001
Location: Bradford, England
09-Jul-2012, 02:42 PM #165
For the proxy, what are you using? Is it from a trusted company?

If you can run the OTL fix for me above, that may help
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 11 of 18 « First 8910 11 121314 Last »
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 12:06 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑