1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My computer is slowly dying

Discussion in 'Virus & Other Malware Removal' started by ep2002, Dec 21, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. ep2002

    ep2002 Thread Starter

    Joined:
    Oct 31, 2006
    Messages:
    187
    Are you okay? :(

    I'm having serious issues here.

    2 sites (could be more, but so far it's just these 2) aren't loading properly. They take forver to load & then the graphics are missing.

    I thought maybe the IP address from my terrible ISP got put on the blacklist again, but one of the sites www.speedtest.net said my IP address nor the ISP is blocked.

    The only way I can reach the site is thru a proxy, then it works (both of the sites do.).

    And this is a problem on both computers, not just one & I tried it on both Fx & Chrome on the laptop & Fx, Chrome & IE on the desktop.

    I hope you are around, I've been trying to deal with this & everything else for a week now.

    Thanks & I hope you are okay.


    Michelle
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    I'm okay ;)

    Okay, you know when you're opening Firefox windows etc, are you opening a seperate one for each site? If so, that could be the main reason for crashing, as each window takes a certain amount of memory.

    Try using the tab functions, maybe 10 tabs per window, so that it doesn't use as much memory.

    If you're unsure about tabs, take a look here:

    http://support.mozilla.org/en-US/kb/tabs-organize-websites-single-window
     
  3. ep2002

    ep2002 Thread Starter

    Joined:
    Oct 31, 2006
    Messages:
    187
    This isn't a crashing issue anymore. I sent you numerous posts about what is going on. Didn't you read them?

    I also have another problem where I can't log into a site with Chrome or Fx , only IE. Others say they can log in using Fx, so it has to be just my computer.

    If you are too busy, please let me know. This is very serious now & it's preventing me from working & paying bills.

    Thank you


    Michelle
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    I did read them, but as the majority were about the crashing of Firefox etc, I was seeing if anything was linked.

    Okay, lets see if setting the swapfile higher will help.

    You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure

    1. Open System in Control Panel.

    2. On the Advanced tab, under Performance, click Settings.

    3. On the Advanced tab, under Virtual memory, click Change.

    4. Untick the option Automatically manage page file size for all drives

    5. Under Drive [Volume Label], click the drive that contains the paging file you want to change.

    6. Click Custom Size and then in Maximum Size, type in 4987

    7. Select System Managed Size and click OK.

    OK out of the screens and then restart as prompted.

    Let me know how that goes.

    5.
     
  5. ep2002

    ep2002 Thread Starter

    Joined:
    Oct 31, 2006
    Messages:
    187
    Hi,

    I thought I lost you :(

    Ok, those instructions must be for win 7 b/c I can't follow them at all. I tried to figure out what you were saying, but I failed as most of the tabs aren't there, there's no "change" button or customize size. I'm on XP Proff.

    Also it wasn't just about Fx crashing, I mentioned that 2 sites aren't loading the CSS files (no graphics) & it's happening on both my computers.

    No one is able to figure out what the problem is. www.speedtest.net also can't figure it out & has escalated it (that's one of the sites.)

    I still think it's my ISP playing games as they are terrible & don't know what they are doing, someone else thinks I have a virus or it's Anti Vir since that's the only common denominator on both computers. Or it's the router all of a sudden.

    It can't be Fx b/c I can't pull up the sites on all 3 browsers. The only time I can is when I use a proxy.

    While Fx is running slightly better since I started a new profile, it's still not functioning 100% properly & just now on one site I couldn't type any text. I'd type it & have to wait 1-2 minutes for the site/computer to catch up with what I wrote.

    We haven't scanned the computer for viruses/maleware in a while, so I was hoping we could go thru that again.

    Like I said, I've been DLing a lot of TV shows. I was hoping Anti vir would catch any show that has something, but who knows. I have been defraging more now as the forum said I need to do that if I'm watching so much on my computers.

    Thanks


    Michelle
     
  6. ep2002

    ep2002 Thread Starter

    Joined:
    Oct 31, 2006
    Messages:
    187
    Hi Eddie,

    I know you are very busy, but I'm having HUGE problems with Fx now. I can't get pages to load once I click on the link, the same problem I was having before where the URL doesn't show up in the address bar, when I use the google search field on the top right, it doesn't do anything & I found another site that is missing the CSS, so there's something major going on here.

    If you can't help me b/c you are too busy, just let me know & I'll just find another forum to start a thread on. I have to have a virus or something b/c this is just nuts.

    Thanks


    Michelle
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Okay, lets recheck for viruses again.

    Is it just the one site its having problems with?

    Do you still have MBAM installed? If not, can you install and run as follows:

    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.


    -----------------

    Also, can you do this. Delete any copies of OTL you have, and download a fresh one as follows:

    Download OTL to your Desktop

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Select All Users
    • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

      Code:
      netsvcs
      activex
      msconfig
      %SYSTEMDRIVE%\*.
      %PROGRAMFILES%\*.exe
      %LOCALAPPDATA%\*.exe
      %windir%\Installer\*.*
      %windir%\system32\tasks\*.*
      %systemroot%\Fonts\*.exe
      %systemroot%\*. /mp /s
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      regedit.exe
      Userinit.exe
      svchost.exe
      /md5stop
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      >C:\commands.txt echo list vol /raw /hide /c
      /wait
      >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
      /wait
      type c:\diskreport.txt /c
      /wait
      erase c:\commands.txt /hide /c
      /wait
      erase c:\diskreport.txt /hide /c
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
     
  8. ep2002

    ep2002 Thread Starter

    Joined:
    Oct 31, 2006
    Messages:
    187
    No, I thought I mentioned already that the other person was right, it was the router. Once both my computer & router were shut down at the same time (that's very rare unless the electricity goes off), it fixed those 2 sites, BUT yesterday I had tons of problems with other sites & I know it's not the router this time b/c the other 2 sites in question are now working fine <sigh>.

    Same issues, CSS files won't load. Links won't open pages, URLs won't show up in the address bar, etc.

    I thought it was just Fx, but then I was even having problems with Chrome on a site I am on all the time.


    No remember you asked me to uninstall it & I did & I remember wondering why you had me uninstall it as I didn't think my computer would be safe with it gone. Why did you tell me to uninstall it?

    It found 7 objects the first time, then 2 the next. I have to reboot, but wanted to give this to you in the meantime.

    2012/07/04 17:47:22 -0600 EXOTIC-3C629299 Michelle MESSAGE Starting protection
    2012/07/04 17:47:29 -0600 EXOTIC-3C629299 Michelle MESSAGE Protection started successfully
    2012/07/04 17:47:32 -0600 EXOTIC-3C629299 Michelle MESSAGE Starting IP protection
    2012/07/04 17:47:38 -0600 EXOTIC-3C629299 Michelle MESSAGE IP Protection started successfully
    2012/07/04 17:59:36 -0600 EXOTIC-3C629299 Michelle MESSAGE Executing scheduled update: Daily
    2012/07/04 17:59:38 -0600 EXOTIC-3C629299 Michelle MESSAGE Database already up-to-date
    2012/07/04 19:17:34 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
    2012/07/04 19:17:37 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
    2012/07/04 19:17:37 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
    2012/07/04 19:17:43 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
    2012/07/04 19:17:43 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
    2012/07/04 19:17:55 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
    2012/07/04 19:17:55 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
    2012/07/04 19:17:58 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)
    2012/07/04 19:18:04 -0600 EXOTIC-3C629299 Michelle IP-BLOCK 74.118.195.221 (Type: outgoing)

    -----------------------------------------

    Malwarebytes Anti-Malware (PRO) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.04.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Michelle :: EXOTIC-3C629299 [administrator]

    Protection: Enabled

    7/4/2012 5:48:04 PM
    mbam-log-2012-07-04 (19-21-37).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 383226
    Time elapsed: 1 hour(s), 33 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 7
    C:\Documents and Settings\Michelle\Local Settings\Temp\wz1f37\u1104.exe (PUP.UltraSurf) -> No action taken.
    C:\Documents and Settings\Michelle\Local Settings\Temp\wz45e8\u1104.exe (PUP.UltraSurf) -> No action taken.
    C:\Documents and Settings\Michelle\Local Settings\Temp\wzb8f8\u1104.exe (PUP.UltraSurf) -> No action taken.
    C:\Documents and Settings\Michelle\Local Settings\Temp\wzdd23\u1104.exe (PUP.UltraSurf) -> No action taken.
    C:\Documents and Settings\Michelle\Local Settings\Temp\wze1ce\u1104.exe (PUP.UltraSurf) -> No action taken.
    C:\Documents and Settings\Michelle\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
    D:\RECYCLER\S-1-5-21-725345543-1844237615-839522115-1003\Dd22.exe (Affiliate.Downloader) -> No action taken.

    (end)
     
  9. ep2002

    ep2002 Thread Starter

    Joined:
    Oct 31, 2006
    Messages:
    187
    Sorry, forgot to answer your question here.

    Yes I know all about tabs, I've been using Fx for years.

    I have both tons of windows & tabs opened.


    Michelle
     
  10. ep2002

    ep2002 Thread Starter

    Joined:
    Oct 31, 2006
    Messages:
    187
    Here's one file...


    OTL logfile created on: 7/4/2012 8:39:54 PM - Run 6
    OTL by OldTimer - Version 3.2.53.1 Folder = D:\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 67.45% Memory free
    6.09 Gb Paging File | 4.98 Gb Available in Paging File | 81.71% Paging File free
    Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 147.72 Gb Total Space | 116.23 Gb Free Space | 78.68% Space Free | Partition Type: NTFS
    Drive D: | 142.83 Gb Total Space | 127.97 Gb Free Space | 89.60% Space Free | Partition Type: NTFS
    Drive E: | 175.22 Gb Total Space | 148.21 Gb Free Space | 84.59% Space Free | Partition Type: NTFS
    Drive G: | 3.65 Gb Total Space | 0.07 Gb Free Space | 1.91% Space Free | Partition Type: FAT32
    Drive H: | 3.01 Gb Total Space | 2.94 Gb Free Space | 97.65% Space Free | Partition Type: FAT32

    Computer Name: EXOTIC-3C629299 | User Name: Michelle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/04 20:36:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
    PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2011/11/01 11:33:56 | 002,531,104 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
    PRC - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
    PRC - [2011/11/01 11:33:52 | 001,163,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
    PRC - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
    PRC - [2011/10/19 15:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/10/19 15:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
    PRC - [2011/06/29 03:21:40 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
    PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
    PRC - [2011/03/07 10:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
    PRC - [2011/02/23 15:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    PRC - [2011/02/02 17:37:22 | 000,500,992 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
    PRC - [2011/02/02 17:37:18 | 000,038,144 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
    PRC - [2010/05/31 09:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2010/02/09 15:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
    PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
    PRC - [2009/08/18 17:27:06 | 005,137,648 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\stacsv.exe
    PRC - [2008/01/31 12:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
    PRC - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/14 23:08:56 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
    MOD - [2012/06/14 21:03:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 21:02:50 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
    MOD - [2012/06/14 21:00:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2012/05/12 18:25:12 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
    MOD - [2012/05/12 18:25:04 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
    MOD - [2012/05/12 18:11:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
    MOD - [2012/05/12 18:10:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    MOD - [2012/05/12 18:10:03 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2012/03/21 01:41:18 | 000,166,400 | ---- | M] () -- C:\Program Files\CrashPlan\cpnative.dll
    MOD - [2012/03/21 01:41:18 | 000,013,312 | ---- | M] () -- C:\Program Files\CrashPlan\md5.dll
    MOD - [2012/02/14 21:45:52 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/10/19 15:56:38 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2011/04/13 23:19:48 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
    MOD - [2011/04/13 23:19:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
    MOD - [2011/04/13 23:19:48 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
    MOD - [2011/04/13 23:19:48 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
    MOD - [2011/04/13 23:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
    MOD - [2011/04/13 23:19:48 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
    MOD - [2011/04/13 23:19:48 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
    MOD - [2011/04/13 23:19:48 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
    MOD - [2011/04/13 23:19:48 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
    MOD - [2011/04/13 23:19:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
    MOD - [2011/04/13 23:19:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
    MOD - [2011/04/13 23:19:47 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
    MOD - [2011/04/13 23:19:47 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
    MOD - [2011/04/13 23:19:47 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
    MOD - [2011/04/13 23:19:46 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
    MOD - [2011/04/13 23:19:46 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
    MOD - [2011/04/13 23:19:46 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
    MOD - [2011/04/13 23:19:46 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
    MOD - [2011/04/13 23:19:46 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
    MOD - [2011/04/13 23:19:46 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
    MOD - [2011/04/13 23:19:45 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
    MOD - [2011/04/13 23:19:45 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
    MOD - [2011/04/13 23:19:45 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
    MOD - [2011/04/13 23:19:45 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
    MOD - [2011/04/13 23:19:45 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
    MOD - [2011/04/13 23:19:44 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
    MOD - [2011/04/13 23:19:44 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
    MOD - [2011/04/13 23:19:44 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
    MOD - [2011/04/13 23:19:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
    MOD - [2011/04/13 23:19:44 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
    MOD - [2011/04/13 23:19:43 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
    MOD - [2011/04/13 23:19:42 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
    MOD - [2011/04/13 23:19:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
    MOD - [2011/04/13 23:19:41 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
    MOD - [2011/02/02 17:38:46 | 001,049,856 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCTH.dll
    MOD - [2011/02/02 17:38:28 | 000,369,920 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCABEx.dll
    MOD - [2011/02/02 17:31:32 | 001,548,288 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\Characters\RCSPSkSPVista.dll
    MOD - [2010/05/05 10:21:58 | 000,126,976 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\NetFixDll.dll
    MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
    MOD - [2009/08/18 17:27:04 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
    MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2006/02/28 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
    MOD - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
    MOD - [2003/02/16 11:06:44 | 000,122,880 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\tcdbtext.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/06/16 23:28:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/12/15 13:24:36 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
    SRV - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
    SRV - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
    SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/08/26 12:40:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
    SRV - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
    SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RT2860.sys -- (RT80x86)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Folder\MapleStory\npkcrypt.sys -- (npkcrypt)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys -- (cpuz129)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/02/14 21:44:58 | 007,585,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2012/01/14 15:02:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
    DRV - [2011/12/20 01:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
    DRV - [2011/12/15 13:24:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2011/12/09 04:58:16 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/11/01 11:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
    DRV - [2011/11/01 11:34:10 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
    DRV - [2011/11/01 11:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
    DRV - [2011/11/01 11:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
    DRV - [2011/10/19 15:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2011/10/19 15:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2011/10/07 16:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/05/31 09:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Notes\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2010/05/31 09:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/11/02 21:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
    DRV - [2009/11/02 21:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
    DRV - [2008/07/24 00:55:23 | 000,007,296 | --S- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.SYS -- (EIO)
    DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2008/02/27 11:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
    DRV - [2008/01/23 15:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
    DRV - [2007/11/09 02:14:09 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
    DRV - [2007/03/02 02:36:10 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2006/11/15 22:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/04/24 15:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
    DRV - [2006/02/17 09:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/02/17 09:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/11/24 17:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2004/07/20 12:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
    DRV - [2004/07/06 17:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D)
    DRV - [2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 95 A5 63 2D 6B CB 01 [binary data]
    IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
    FF - prefs.js..extensions.enabledItems: areadecoder@kevski:1.0.3
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://srp.freecause.com/?ourmark=3&sid=100311&q="
    FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
    FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 23:28:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 23:44:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 17:07:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
    [2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2012/06/27 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions
    [2012/06/16 23:30:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2012/06/04 01:56:09 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    [2012/06/04 01:56:07 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
    [2012/06/04 01:56:08 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
    [2012/06/26 23:26:05 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
    [2012/06/04 01:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\chrome
    [2012/06/04 01:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\defaults
    [2012/06/27 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions
    [2012/05/23 03:55:55 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2010/04/27 15:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/05/28 23:28:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
    [2012/01/18 02:55:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
    [2010/05/28 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
    [2009/12/17 16:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}-trash
    [2010/08/29 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
    [2012/05/31 06:47:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    [2012/05/08 23:46:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
    [2011/04/20 12:37:07 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
    [2012/05/11 19:50:29 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
    [2012/02/19 19:11:13 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
    [2012/06/26 23:26:07 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
    [2012/04/20 14:14:39 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
    [2010/05/28 14:52:59 | 000,000,000 | ---D | M] (Xsticky-Tool) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
    [2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\chrome
    [2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\defaults
    [2012/03/08 23:41:17 | 000,001,339 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\searchplugins\search-the-web.xml
    [2012/06/23 15:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/06/22 10:24:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/06/23 15:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/05/26 02:14:50 | 000,336,363 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
    [2011/06/24 19:22:44 | 000,025,217 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
    [2012/01/21 02:46:48 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
    [2012/05/25 00:28:56 | 000,012,835 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
    [2012/02/23 23:54:43 | 000,164,722 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
    [2011/11/17 22:45:04 | 000,058,906 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
    [2012/06/16 23:28:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/03/10 19:56:39 | 000,583,528 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInst11.dll
    [2012/06/16 23:28:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/06/16 23:28:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 11.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInst11.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_2\
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\

    O1 HOSTS File: ([2012/02/19 23:54:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
    O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [LogMeIn GUI] D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
    O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
    O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
    O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
    O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
    O4 - Startup: C:\Documents and Settings\Administrator.EXOTIC-3C629299\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
    O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
    O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
    O15 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..Trusted Domains: exoticpublishing.com ([]https in Trusted sites)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab (RingCentral Message Player Control)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.15.12.5 8.5.244.6
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}: DhcpNameServer = 8.15.12.5 8.5.244.6
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}: DhcpNameServer = 8.15.12.5 8.5.244.6
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/23 20:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
    MsConfig - StartUpFolder: C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE - ()
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
    MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
    MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
    MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
    MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
    MsConfig - StartUpReg: pdfFactory Dispatcher v3 - hkey= - key= - File not found
    MsConfig - StartUpReg: Personal Assistant - hkey= - key= - C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
    MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/04 16:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/04 16:35:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/07/04 16:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/06/26 23:26:10 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
    [2012/06/26 23:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Start Menu\Programs\LastPass
    [2012/06/26 23:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
    [2012/06/26 23:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass
    [2012/06/23 14:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2012/06/21 03:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\FileOpen
    [2012/06/21 03:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileOpen
    [2012/06/20 22:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\Wondershare PDF to Word
    [2012/06/20 22:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Wondershare
    [2012/06/20 22:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
    [2012/06/20 22:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
    [2012/06/20 22:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
    [2012/06/17 22:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\ICCPro
    [2012/06/17 22:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\com.webdimensions.instant-content-curator-pro
    [2012/06/17 22:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Web Dimensions
    [2012/06/17 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Web Dimensions
    [2012/06/16 00:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\.config
    [2012/06/16 00:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\calibre
    [2012/06/16 00:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
    [2012/06/16 00:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
    [2012/06/12 03:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2012/06/12 03:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012/06/06 23:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2012/06/06 23:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/06/05 15:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\oDesk
    [2012/06/05 15:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\oDesk

    ========== Files - Modified Within 30 Days ==========

    [2012/07/04 20:52:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
    [2012/07/04 20:32:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
    [2012/07/04 20:22:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/07/04 20:22:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/04 20:18:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/07/04 20:01:03 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/04 16:36:37 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/07/04 16:36:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/04 07:32:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/07/04 03:32:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
    [2012/07/03 11:33:00 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/06/30 21:04:25 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2012/06/30 18:19:37 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/26 23:26:11 | 010,974,280 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
    [2012/06/26 23:26:10 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2012/06/26 23:25:59 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
    [2012/06/20 22:15:46 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare PDF to Word.lnk
    [2012/06/20 22:15:46 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wondershare PDF to Word.lnk
    [2012/06/17 22:37:32 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
    [2012/06/16 00:53:12 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
    [2012/06/15 01:50:25 | 000,768,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/06/14 21:01:03 | 000,430,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/06/14 21:01:03 | 000,066,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/06/14 20:55:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/06/06 23:43:39 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

    ========== Files Created - No Company Name ==========

    [2012/07/04 16:36:37 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/07/04 16:36:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/26 23:26:10 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2012/06/26 23:25:59 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
    [2012/06/20 22:15:46 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare PDF to Word.lnk
    [2012/06/20 22:15:46 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wondershare PDF to Word.lnk
    [2012/06/17 22:37:32 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
    [2012/06/16 00:53:12 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
    [2012/06/06 23:43:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2012/05/29 03:44:37 | 000,069,037 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Doxillion.dmp
    [2012/04/08 18:44:58 | 000,123,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/04/08 00:50:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Michelle\PUTTY.RND
    [2012/02/14 14:32:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/20 00:04:37 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
    [2012/01/20 00:04:37 | 000,040,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
    [2012/01/08 01:59:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
    [2011/12/22 15:26:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2011/09/10 16:24:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\pathping
    [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Trace
    [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Source
    [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Hop
    [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\eonda.net
    [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Computing
    [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\8
    [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\7
    [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\6
    [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\[192.168.1.101]
    [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\.26.49]
    [2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\over
    [2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\5
    [2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\4
    [2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\3
    [2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\2
    [2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\1
    [2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\0
    [2011/05/06 12:19:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
    [2011/02/22 18:18:25 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2011/02/22 18:18:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2011/02/22 18:17:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
    [2011/02/22 18:16:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
    [2011/02/22 18:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2011/01/03 13:49:39 | 000,166,704 | ---- | C] () -- C:\WINDOWS\System32\R0tiff.dll
    [2010/11/18 23:40:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
    [2010/08/02 10:12:21 | 000,000,435 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2010/08/02 09:52:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7030.dat
    [2010/08/02 09:52:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
    [2009/06/08 21:32:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\$_hpcst$.hpc
    [2009/02/16 05:59:24 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Michelle\clipdat2.rdf
    [2008/08/03 22:38:23 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2010/02/03 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2012/01/06 05:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
    [2011/12/05 17:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
    [2009/08/26 12:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2011/10/04 14:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
    [2008/09/26 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
    [2010/10/05 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
    [2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
    [2008/07/28 21:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
    [2009/08/12 12:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2012/01/22 01:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2011/07/30 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maestro
    [2011/11/16 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
    [2012/01/07 14:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2011/09/06 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2012/06/01 01:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
    [2009/02/21 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
    [2008/08/02 01:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
    [2012/04/16 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
    [2009/06/14 16:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
    [2008/07/24 01:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/07/08 21:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/04/13 22:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
    [2010/04/22 01:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
    [2010/08/20 08:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\acccore
    [2010/08/29 12:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Auslogics
    [2012/06/16 00:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\calibre
    [2009/11/24 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CBS Interactive
    [2008/07/24 02:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/04/08 17:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.infomastery.linkbounder-rmv
    [2012/06/17 22:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.webdimensions.instant-content-curator-pro
    [2011/10/04 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CrashPlan
    [2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Domain Name Analyzer v4.1
    [2012/06/21 03:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Downloaded Installations
    [2012/07/04 20:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Dropbox
    [2009/07/17 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eBookPro6
    [2008/09/26 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eFax Messenger
    [2008/12/24 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eMusic
    [2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\FileOpen
    [2010/04/29 19:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\GARMIN
    [2008/09/27 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ICQ
    [2009/11/11 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Image Zone Express
    [2011/01/03 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ImgBurn
    [2008/09/26 22:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\j2 Global
    [2011/11/29 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\mjusbsp
    [2012/01/07 14:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\NCH Swift Sound
    [2008/08/07 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nexon
    [2012/06/21 03:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nitro PDF
    [2012/01/20 00:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OnlineArmor
    [2010/10/06 12:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenCandy
    [2012/02/28 14:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenOffice.org
    [2010/09/01 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Password Manager
    [2010/07/28 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Recordpad
    [2011/04/28 01:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Skinux
    [2010/04/27 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SmartDraw
    [2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Softnik Technologies
    [2012/03/21 02:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SystemRequirementsLab
    [2011/12/08 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TeamViewer
    [2010/03/07 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Thunderbird
    [2011/10/07 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2012/06/01 03:53:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\DoxillionReminder.job
    [2012/07/04 20:52:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*. >
    [2012/03/21 20:06:55 | 000,000,000 | ---D | M] -- C:\AMD
    [2012/03/03 03:10:19 | 000,000,000 | ---D | M] -- C:\ATI
    [2010/08/02 09:51:55 | 000,000,000 | ---D | M] -- C:\Brother
    [2012/01/21 01:15:22 | 000,000,000 | ---D | M] -- C:\CASH
    [2010/11/19 00:46:06 | 000,000,000 | RHSD | M] -- C:\cmdcons
    [2012/01/02 14:08:15 | 000,000,000 | ---D | M] -- C:\ComboFix
    [2012/06/26 03:33:13 | 000,000,000 | ---D | M] -- C:\Config.Msi
    [2008/07/24 01:03:56 | 000,000,000 | ---D | M] -- C:\Corel
    [2011/03/16 20:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings
    [2012/01/20 00:08:00 | 000,000,000 | ---D | M] -- C:\dostools
    [2011/12/09 22:01:07 | 000,000,000 | ---D | M] -- C:\EVENTDB
    [2009/01/17 17:21:41 | 000,000,000 | ---D | M] -- C:\found.000
    [2011/12/10 09:38:09 | 000,000,000 | ---D | M] -- C:\found.001
    [2012/02/14 14:27:40 | 000,000,000 | ---D | M] -- C:\found.002
    [2010/04/29 19:15:37 | 000,000,000 | ---D | M] -- C:\Garmin
    [2010/11/28 07:49:19 | 000,000,000 | ---D | M] -- C:\HP Disk
    [2010/04/29 13:16:36 | 000,000,000 | ---D | M] -- C:\ICONS
    [2011/12/08 23:55:40 | 000,000,000 | ---D | M] -- C:\INFECTED
    [2010/04/29 13:17:46 | 000,000,000 | ---D | M] -- C:\INSTALL.DSK
    [2012/03/21 02:46:41 | 000,000,000 | ---D | M] -- C:\Intel
    [2011/12/09 04:59:04 | 000,000,000 | ---D | M] -- C:\LOGFILES
    [2008/10/23 00:13:27 | 000,000,000 | R--D | M] -- C:\MSOCache
    [2008/07/24 13:38:03 | 000,000,000 | ---D | M] -- C:\NVIDIA
    [2008/07/24 00:35:07 | 000,000,000 | ---D | M] -- C:\OFFICE
    [2012/07/04 16:35:37 | 000,000,000 | R--D | M] -- C:\Program Files
    [2012/02/19 23:56:21 | 000,000,000 | ---D | M] -- C:\Qoobox
    [2012/02/23 01:22:36 | 000,000,000 | -HSD | M] -- C:\RECYCLER
    [2011/12/08 23:55:40 | 000,000,000 | ---D | M] -- C:\REPORTS
    [2012/01/08 02:05:13 | 000,000,000 | ---D | M] -- C:\rsit
    [2009/01/23 16:02:16 | 000,000,000 | ---D | M] -- C:\Samsung
    [2012/07/04 20:35:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
    [2011/12/22 15:24:39 | 000,000,000 | ---D | M] -- C:\Temp
    [2012/02/19 23:56:22 | 000,000,000 | ---D | M] -- C:\Username123
    [2012/03/12 23:39:53 | 000,000,000 | ---D | M] -- C:\vWorker
    [2012/06/22 22:57:29 | 000,000,000 | ---D | M] -- C:\WINDOWS

    < %PROGRAMFILES%\*.exe >
    Invalid Environment Variable: LOCALAPPDATA

    < %windir%\Installer\*.* >
    [2011/11/18 22:14:19 | 001,435,136 | ---- | M] () -- C:\WINDOWS\Installer\107c1596.msi
    [2009/11/08 22:25:26 | 001,935,360 | R--- | M] () -- C:\WINDOWS\Installer\10bbab.msp
    [2010/03/30 23:23:04 | 015,638,528 | R--- | M] () -- C:\WINDOWS\Installer\10bbb9.msp
    [2009/01/14 14:43:58 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\10de3e8e.msp
    [2012/04/15 13:28:54 | 000,203,776 | ---- | M] () -- C:\WINDOWS\Installer\11a6a0a8.msi
    [2008/07/24 00:54:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\1251f8.mst
    [2008/07/24 00:54:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\1251f9.mst
    [2008/07/24 00:54:02 | 007,516,672 | ---- | M] () -- C:\WINDOWS\Installer\1251fd.msi
    [2008/07/24 00:55:09 | 000,956,928 | ---- | M] () -- C:\WINDOWS\Installer\12520e.msi
    [2008/07/24 00:55:26 | 000,903,680 | ---- | M] () -- C:\WINDOWS\Installer\125218.msi
    [2008/07/24 00:55:44 | 016,722,944 | ---- | M] () -- C:\WINDOWS\Installer\125222.msi
    [2008/07/24 00:55:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\125224.mst
    [2008/07/24 00:55:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\125225.mst
    [2008/07/24 00:55:53 | 006,558,208 | ---- | M] () -- C:\WINDOWS\Installer\125229.msi
    [2008/07/24 08:24:30 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\12d8435.msi
    [2012/06/12 03:46:23 | 000,039,424 | ---- | M] () -- C:\WINDOWS\Installer\13db314.msi
    [2012/06/12 03:46:26 | 020,343,808 | R--- | M] () -- C:\WINDOWS\Installer\13db31c.msp
    [2011/12/26 09:59:58 | 004,368,896 | R--- | M] () -- C:\WINDOWS\Installer\14e9f811.msp
    [2011/12/25 05:40:46 | 000,819,200 | R--- | M] () -- C:\WINDOWS\Installer\14e9f81a.msp
    [2008/06/04 11:29:48 | 016,905,728 | R--- | M] () -- C:\WINDOWS\Installer\14ef95ea.msp
    [2008/07/30 06:50:56 | 012,506,112 | R--- | M] () -- C:\WINDOWS\Installer\14ef9601.msp
    [2008/12/08 16:31:30 | 000,432,640 | ---- | M] () -- C:\WINDOWS\Installer\14fb364d.msi
    [2008/10/17 08:03:18 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\14fb3663.msp
    [2008/10/25 08:15:10 | 006,227,456 | R--- | M] () -- C:\WINDOWS\Installer\14fb367a.msp
    [2008/09/24 11:05:44 | 016,381,440 | R--- | M] () -- C:\WINDOWS\Installer\14fb3683.msp
    [2012/04/17 12:11:06 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\1559b006.msp
    [2012/04/28 21:43:58 | 008,459,264 | R--- | M] () -- C:\WINDOWS\Installer\1559b010.msp
    [2012/04/27 15:09:22 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\1559b027.msp
    [2012/03/19 22:02:30 | 006,695,936 | R--- | M] () -- C:\WINDOWS\Installer\1559b03e.msp
    [2012/04/09 16:50:24 | 006,829,568 | R--- | M] () -- C:\WINDOWS\Installer\1559b055.msp
    [2012/04/06 03:13:32 | 016,527,872 | R--- | M] () -- C:\WINDOWS\Installer\1559b063.msp
    [2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\WINDOWS\Installer\1559b06d.msp
    [2012/01/04 02:25:14 | 017,751,552 | R--- | M] () -- C:\WINDOWS\Installer\1559b07c.msp
    [2011/12/22 16:50:54 | 000,256,000 | R--- | M] () -- C:\WINDOWS\Installer\1559b085.msp
    [2012/04/04 22:38:44 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\1559b08f.msp
    [2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\WINDOWS\Installer\1657c717.msp
    [2011/11/17 10:55:20 | 005,522,944 | ---- | M] () -- C:\WINDOWS\Installer\1657c719.msp
    [2011/01/17 15:06:20 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\171b66fa.msp
    [2007/11/08 09:42:36 | 004,158,464 | R--- | M] () -- C:\WINDOWS\Installer\173cd7.msp
    [2008/01/14 13:24:52 | 010,721,280 | R--- | M] () -- C:\WINDOWS\Installer\173ced.msp
    [2008/01/14 14:53:34 | 005,213,696 | R--- | M] () -- C:\WINDOWS\Installer\173d03.msp
    [2008/04/14 12:26:46 | 011,888,128 | R--- | M] () -- C:\WINDOWS\Installer\173d1a.msp
    [2008/01/31 08:30:52 | 009,947,648 | R--- | M] () -- C:\WINDOWS\Installer\173d38.msp
    [2008/02/29 20:09:58 | 016,907,776 | R--- | M] () -- C:\WINDOWS\Installer\173d4f.msp
    [2008/04/01 12:33:20 | 005,479,936 | R--- | M] () -- C:\WINDOWS\Installer\173d69.msp
    [2008/03/17 10:48:50 | 011,813,888 | R--- | M] () -- C:\WINDOWS\Installer\173d80.msp
    [2008/06/11 13:05:06 | 009,994,240 | R--- | M] () -- C:\WINDOWS\Installer\173d9b.msp
    [2010/01/27 16:53:46 | 006,820,864 | R--- | M] () -- C:\WINDOWS\Installer\187d0a98.msp
    [2010/02/21 00:00:02 | 008,480,768 | R--- | M] () -- C:\WINDOWS\Installer\187d0aa2.msp
    [2012/01/13 01:42:45 | 003,947,520 | ---- | M] () -- C:\WINDOWS\Installer\19ef7e82.msi
    [2011/10/04 14:41:42 | 001,317,376 | ---- | M] () -- C:\WINDOWS\Installer\1b0af846.msi
    [2011/04/13 22:54:31 | 000,218,624 | ---- | M] () -- C:\WINDOWS\Installer\1b116437.msi
    [2011/04/13 22:55:26 | 006,465,536 | ---- | M] () -- C:\WINDOWS\Installer\1b11643c.msi
    [2011/04/13 23:12:55 | 026,428,928 | ---- | M] () -- C:\WINDOWS\Installer\1b212f4f.msi
    [2011/04/13 23:13:42 | 001,100,288 | ---- | M] () -- C:\WINDOWS\Installer\1b212f57.msi
    [2011/04/13 23:13:46 | 000,294,912 | ---- | M] () -- C:\WINDOWS\Installer\1b212f5f.msi
    [2011/04/13 23:13:49 | 000,288,768 | ---- | M] () -- C:\WINDOWS\Installer\1b212f66.msi
    [2011/04/13 23:13:50 | 000,182,784 | ---- | M] () -- C:\WINDOWS\Installer\1b212f6d.msi
    [2011/04/13 23:13:55 | 000,291,840 | ---- | M] () -- C:\WINDOWS\Installer\1b212f74.msi
    [2011/04/13 23:13:59 | 000,357,376 | ---- | M] () -- C:\WINDOWS\Installer\1b212f7b.msi
    [2011/04/13 23:14:03 | 000,291,840 | ---- | M] () -- C:\WINDOWS\Installer\1b212f82.msi
    [2011/04/13 23:14:29 | 000,548,352 | ---- | M] () -- C:\WINDOWS\Installer\1b212f89.msi
    [2011/04/13 23:14:38 | 000,475,136 | ---- | M] () -- C:\WINDOWS\Installer\1b212f90.msi
    [2011/04/13 23:14:40 | 000,181,248 | ---- | M] () -- C:\WINDOWS\Installer\1b212f97.msi
    [2011/04/13 23:14:41 | 000,180,736 | ---- | M] () -- C:\WINDOWS\Installer\1b212f9e.msi
    [2011/04/13 23:14:42 | 000,186,368 | ---- | M] () -- C:\WINDOWS\Installer\1b212fa5.msi
    [2011/04/13 23:14:44 | 000,213,504 | ---- | M] () -- C:\WINDOWS\Installer\1b212fad.msi
    [2011/04/13 23:14:51 | 000,404,480 | ---- | M] () -- C:\WINDOWS\Installer\1b212fb5.msi
    [2011/04/13 23:14:53 | 000,370,688 | ---- | M] () -- C:\WINDOWS\Installer\1b212fbc.msi
    [2011/04/13 23:14:56 | 000,295,936 | ---- | M] () -- C:\WINDOWS\Installer\1b212fc3.msi
    [2011/04/13 23:14:58 | 002,035,200 | ---- | M] () -- C:\WINDOWS\Installer\1b212fca.msi
    [2011/04/13 23:16:34 | 001,515,008 | ---- | M] () -- C:\WINDOWS\Installer\1b212fd2.msi
    [2010/03/22 14:03:14 | 011,732,992 | R--- | M] () -- C:\WINDOWS\Installer\1b53d496.msp
    [2010/03/11 10:03:40 | 005,524,480 | R--- | M] () -- C:\WINDOWS\Installer\1b53d4ad.msp
    [2010/03/11 19:16:30 | 004,148,224 | R--- | M] () -- C:\WINDOWS\Installer\1b53d4c4.msp
    [2012/02/28 00:51:53 | 000,677,376 | ---- | M] () -- C:\WINDOWS\Installer\1b9aaddc.msi
    [2011/10/27 04:49:16 | 000,160,768 | ---- | M] () -- C:\WINDOWS\Installer\1c5d6f.msi
    [2009/05/12 11:01:38 | 006,818,816 | R--- | M] () -- C:\WINDOWS\Installer\1c93e0.msp
    [2009/04/04 05:35:30 | 038,325,760 | R--- | M] () -- C:\WINDOWS\Installer\1c9409.msp
    [2009/05/28 10:32:54 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\1c9420.msp
    [2009/04/23 15:57:12 | 007,672,832 | R--- | M] () -- C:\WINDOWS\Installer\1c9437.msp
    [2009/04/24 10:30:16 | 002,583,552 | R--- | M] () -- C:\WINDOWS\Installer\1c9443.msp
    [2009/05/04 05:46:14 | 008,299,008 | R--- | M] () -- C:\WINDOWS\Installer\1c944e.msp
    [2012/04/04 05:17:36 | 016,613,376 | ---- | M] () -- C:\WINDOWS\Installer\1dab47ba.msp
    [2012/04/17 22:08:50 | 001,769,984 | ---- | M] () -- C:\WINDOWS\Installer\1dd1d204.msi
    [2010/08/24 07:49:22 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\1e7aff.msp
    [2010/10/04 14:32:10 | 005,517,824 | R--- | M] () -- C:\WINDOWS\Installer\1e7b16.msp
    [2010/08/23 15:09:02 | 007,673,344 | R--- | M] () -- C:\WINDOWS\Installer\1e7b2d.msp
    [2009/10/22 11:28:50 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\1f8e5936.msp
    [2009/10/06 17:40:46 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\1f8e594d.msp
    [2009/08/18 11:58:56 | 008,301,056 | R--- | M] () -- C:\WINDOWS\Installer\1f8e5957.msp
    [2009/10/22 11:46:32 | 006,821,888 | R--- | M] () -- C:\WINDOWS\Installer\1f8e596e.msp
    [2011/10/07 23:06:42 | 000,022,528 | ---- | M] () -- C:\WINDOWS\Installer\1f93262.msi
    [2012/03/20 23:57:14 | 006,188,544 | R--- | M] () -- C:\WINDOWS\Installer\1fde943.msp
    [2012/04/21 21:55:38 | 000,980,480 | R--- | M] () -- C:\WINDOWS\Installer\1fde94c.msp
    [2012/06/26 03:33:12 | 000,348,160 | ---- | M] () -- C:\WINDOWS\Installer\200340f5.msi
    [2010/11/26 23:57:53 | 000,454,656 | ---- | M] () -- C:\WINDOWS\Installer\2108b86.msi
    [2011/06/28 20:27:28 | 004,028,928 | R--- | M] () -- C:\WINDOWS\Installer\212ded.msp
    [2002/12/20 11:03:32 | 001,247,232 | ---- | M] () -- C:\WINDOWS\Installer\214066.msi
    [2008/07/24 01:20:06 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140a3.msi
    [2008/07/24 01:20:07 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140aa.msi
    [2008/07/24 01:20:09 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140b1.msi
    [2008/07/24 01:20:30 | 000,121,344 | ---- | M] () -- C:\WINDOWS\Installer\2140e4.msi
    [2008/07/24 01:20:32 | 000,274,432 | ---- | M] () -- C:\WINDOWS\Installer\2140f0.msi
    [2008/07/24 01:20:57 | 000,985,600 | ---- | M] () -- C:\WINDOWS\Installer\214134.msi
    [2008/07/24 01:28:43 | 001,533,440 | ---- | M] () -- C:\WINDOWS\Installer\214155.msi
    [2011/09/15 17:37:32 | 038,176,256 | R--- | M] () -- C:\WINDOWS\Installer\2183a2.msp
    [2009/07/08 21:10:04 | 001,659,392 | ---- | M] () -- C:\WINDOWS\Installer\22388d37.msi
    [2009/08/25 12:57:34 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\231086dd.msp
    [2011/09/20 14:36:20 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\235a8d9c.msp
    [2011/07/11 19:43:20 | 011,641,344 | R--- | M] () -- C:\WINDOWS\Installer\235a8da8.msp
    [2012/03/21 20:08:01 | 000,442,368 | ---- | M] () -- C:\WINDOWS\Installer\23cb6a.msi
    [2012/03/21 20:08:14 | 001,720,832 | ---- | M] () -- C:\WINDOWS\Installer\23cb72.msi
    [2012/03/21 20:12:05 | 000,356,352 | ---- | M] () -- C:\WINDOWS\Installer\23cc9b.msi
    [2012/03/21 20:12:07 | 000,265,728 | ---- | M] () -- C:\WINDOWS\Installer\23cca2.msi
    [2012/03/21 20:12:08 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccaa.msi
    [2012/03/21 20:12:10 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccb1.msi
    [2012/03/21 20:12:11 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccb8.msi
    [2012/03/21 20:12:12 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccbf.msi
    [2012/03/21 20:12:14 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccc6.msi
    [2012/03/21 20:12:15 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23cccd.msi
    [2012/03/21 20:12:17 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccd4.msi
    [2012/03/21 20:12:18 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccdb.msi
    [2012/03/21 20:12:19 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cce2.msi
    [2012/03/21 20:12:21 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23cce9.msi
    [2012/03/21 20:12:22 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23ccf0.msi
    [2012/03/21 20:12:24 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23ccf7.msi
    [2012/03/21 20:12:25 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccfe.msi
    [2012/03/21 20:12:26 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd05.msi
    [2012/03/21 20:12:28 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd0c.msi
    [2012/03/21 20:12:29 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23cd13.msi
    [2012/03/21 20:12:30 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd1a.msi
    [2012/03/21 20:12:31 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd21.msi
    [2012/03/21 20:12:33 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd28.msi
    [2012/03/21 20:12:34 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd2f.msi
    [2012/03/21 20:12:35 | 000,249,344 | ---- | M] () -- C:\WINDOWS\Installer\23cd36.msi
    [2012/03/21 20:12:37 | 000,251,904 | ---- | M] () -- C:\WINDOWS\Installer\23cd3d.msi
    [2012/03/21 20:12:41 | 000,418,304 | ---- | M] () -- C:\WINDOWS\Installer\23cd44.msi
    [2012/03/21 20:12:42 | 000,232,960 | ---- | M] () -- C:\WINDOWS\Installer\23cd4b.msi
    [2012/03/21 20:12:59 | 001,136,128 | ---- | M] () -- C:\WINDOWS\Installer\23cd53.msi
    [2009/07/01 11:21:28 | 008,891,904 | R--- | M] () -- C:\WINDOWS\Installer\24a1a268.msp
    [2009/07/01 11:19:52 | 010,607,104 | R--- | M] () -- C:\WINDOWS\Installer\24a1a269.msp
    [2009/08/05 00:11:20 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\24a1a280.msp
    [2009/06/30 09:30:08 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\24d1dd6e.msp
    [2009/05/21 20:04:59 | 000,301,056 | ---- | M] () -- C:\WINDOWS\Installer\253c0d99.msi
    [2009/05/21 20:05:10 | 000,107,008 | ---- | M] () -- C:\WINDOWS\Installer\253c0da0.msi
    [2009/05/21 20:05:23 | 000,059,904 | ---- | M] () -- C:\WINDOWS\Installer\253c0da7.msi
    [2009/05/21 20:05:31 | 000,083,456 | ---- | M] () -- C:\WINDOWS\Installer\253c0dae.msi
    [2009/05/21 20:06:23 | 000,152,576 | ---- | M] () -- C:\WINDOWS\Installer\253c0db5.msi
    [2009/05/21 20:06:32 | 000,202,752 | ---- | M] () -- C:\WINDOWS\Installer\253c0dbc.msi
    [2009/05/21 20:06:40 | 000,140,288 | ---- | M] () -- C:\WINDOWS\Installer\253c0dc4.msi
    [2009/05/21 20:06:44 | 000,028,160 | ---- | M] () -- C:\WINDOWS\Installer\253c0dcb.msi
    [2009/05/21 20:06:49 | 000,025,088 | ---- | M] () -- C:\WINDOWS\Installer\253c0dd7.msi
    [2009/05/21 20:57:45 | 000,431,104 | ---- | M] () -- C:\WINDOWS\Installer\253c0df7.msi
    [2009/12/01 15:41:08 | 000,429,568 | ---- | M] () -- C:\WINDOWS\Installer\28e45.msi
    [2008/11/05 21:18:51 | 000,355,328 | ---- | M] () -- C:\WINDOWS\Installer\2bb9aa36.msi
    [2010/09/23 05:39:44 | 004,265,472 | R--- | M] () -- C:\WINDOWS\Installer\2c65945b.msp
    [2010/09/23 19:02:28 | 000,798,208 | R--- | M] () -- C:\WINDOWS\Installer\2c659464.msp
    [2012/01/15 04:27:20 | 000,430,592 | ---- | M] () -- C:\WINDOWS\Installer\2cc9d85.msi
    [2011/11/17 10:55:20 | 005,522,944 | R--- | M] () -- C:\WINDOWS\Installer\2e0c146.msp
    [2011/10/31 12:37:46 | 004,146,688 | R--- | M] () -- C:\WINDOWS\Installer\2e0c15e.msp
    [2011/10/29 23:10:18 | 006,824,960 | R--- | M] () -- C:\WINDOWS\Installer\2e0c175.msp
    [2011/11/01 13:34:30 | 001,552,384 | R--- | M] () -- C:\WINDOWS\Installer\2e0c17f.msp
    [2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\WINDOWS\Installer\2fabd.msp
    [2010/04/21 15:46:50 | 005,522,432 | R--- | M] () -- C:\WINDOWS\Installer\30788.msp
    [2009/10/16 16:07:18 | 006,115,328 | R--- | M] () -- C:\WINDOWS\Installer\3079f.msp
    [2009/04/06 15:00:42 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\30f1a.msp
    [2008/07/23 20:37:12 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\317a6.msi
    [2009/09/21 14:53:56 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\32dbce93.msp
    [2009/09/29 07:08:12 | 006,747,648 | R--- | M] () -- C:\WINDOWS\Installer\32dbceaa.msp
    [2009/07/27 02:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\32dbceb4.msp
    [2009/08/20 03:02:38 | 005,204,992 | R--- | M] () -- C:\WINDOWS\Installer\32dbcecb.msp
    [2009/08/21 08:14:20 | 008,363,008 | R--- | M] () -- C:\WINDOWS\Installer\32dbcee8.msp
    [2010/02/26 17:50:15 | 000,763,392 | ---- | M] () -- C:\WINDOWS\Installer\338312d.msi
    [2011/05/23 13:15:48 | 003,617,792 | R--- | M] () -- C:\WINDOWS\Installer\34a4ce08.msp
    [2009/06/08 21:31:49 | 000,912,384 | ---- | M] () -- C:\WINDOWS\Installer\34eff27c.msi
    [2012/03/05 21:34:06 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\38e3d.msp
    [2010/02/03 18:06:50 | 001,205,760 | ---- | M] () -- C:\WINDOWS\Installer\3df54d1d.msi
    [2010/01/11 01:46:39 | 000,088,576 | ---- | M] () -- C:\WINDOWS\Installer\3e280242.msi
    [2008/07/29 18:31:05 | 006,083,072 | R--- | M] () -- C:\WINDOWS\Installer\3e280243.msp
    [2008/07/29 18:37:10 | 000,911,360 | R--- | M] () -- C:\WINDOWS\Installer\3e280244.msp
    [2008/07/29 18:33:06 | 000,506,368 | R--- | M] () -- C:\WINDOWS\Installer\3e280245.msp
    [2008/07/29 18:43:20 | 001,013,248 | R--- | M] () -- C:\WINDOWS\Installer\3e280246.msp
    [2008/07/29 18:35:08 | 000,553,472 | R--- | M] () -- C:\WINDOWS\Installer\3e280247.msp
    [2008/07/29 18:39:12 | 003,403,264 | R--- | M] () -- C:\WINDOWS\Installer\3e280248.msp
    [2008/07/29 18:41:15 | 006,487,040 | R--- | M] () -- C:\WINDOWS\Installer\3e280249.msp
    [2008/07/29 18:29:02 | 002,926,080 | R--- | M] () -- C:\WINDOWS\Installer\3e28024a.msp
    [2008/07/29 18:45:26 | 002,543,616 | R--- | M] () -- C:\WINDOWS\Installer\3e28024b.msp
    [2010/01/11 01:48:22 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Installer\3e2ac045.msi
    [2008/07/29 22:07:18 | 000,023,040 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac046.msp
    [2008/07/29 20:18:47 | 003,376,640 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac047.msp
    [2008/07/29 21:22:41 | 004,137,984 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac048.msp
    [2008/07/29 20:34:27 | 001,448,448 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac049.msp
    [2008/07/29 22:15:12 | 003,697,664 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04a.msp
    [2008/07/29 20:40:37 | 000,291,840 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04b.msp
    [2008/07/29 21:37:55 | 002,679,808 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04c.msp
    [2008/07/29 22:28:09 | 000,278,016 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04d.msp
    [2008/07/29 20:26:24 | 001,043,456 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04e.msp
    [2008/07/29 22:23:11 | 000,250,880 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04f.msp
    [2010/01/11 01:49:37 | 000,648,192 | ---- | M] () -- C:\WINDOWS\Installer\3e2c48a2.msi
    [2010/09/24 00:25:13 | 005,241,344 | ---- | M] () -- C:\WINDOWS\Installer\3f3e1071.msi
    [2010/09/24 01:12:02 | 003,969,024 | ---- | M] () -- C:\WINDOWS\Installer\3f6850ab.msi
    [2012/04/06 02:12:34 | 015,709,696 | R--- | M] () -- C:\WINDOWS\Installer\4041a.msp
    [2009/11/17 12:58:25 | 000,087,040 | ---- | M] () -- C:\WINDOWS\Installer\41f6646.msi
    [2009/11/17 12:58:27 | 000,087,552 | ---- | M] () -- C:\WINDOWS\Installer\41f664d.msi
    [2008/07/24 01:47:17 | 000,020,992 | ---- | M] () -- C:\WINDOWS\Installer\43c29f.msi
    [2008/10/20 09:18:14 | 006,474,240 | R--- | M] () -- C:\WINDOWS\Installer\43c52.msp
    [2008/10/22 21:48:56 | 007,672,832 | R--- | M] () -- C:\WINDOWS\Installer\43c69.msp
    [2008/10/22 21:43:52 | 006,820,352 | R--- | M] () -- C:\WINDOWS\Installer\43c80.msp
    [2008/10/20 09:22:54 | 011,758,592 | R--- | M] () -- C:\WINDOWS\Installer\43c8a.msp
    [2008/07/01 07:25:56 | 011,814,912 | R--- | M] () -- C:\WINDOWS\Installer\4520220b.msp
    [2008/07/28 12:59:08 | 000,180,736 | R--- | M] () -- C:\WINDOWS\Installer\45202221.msp
    [2008/06/11 12:02:44 | 000,830,464 | R--- | M] () -- C:\WINDOWS\Installer\45202237.msp
    [2008/07/08 09:27:36 | 008,436,736 | R--- | M] () -- C:\WINDOWS\Installer\4520224e.msp
    [2008/07/16 08:39:56 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\45202265.msp
    [2008/07/08 08:09:30 | 011,887,616 | R--- | M] () -- C:\WINDOWS\Installer\4520227c.msp
    [2011/08/17 10:13:19 | 000,019,968 | ---- | M] () -- C:\WINDOWS\Installer\45bd00cc.msi
    [2009/03/20 10:48:56 | 000,183,808 | R--- | M] () -- C:\WINDOWS\Installer\4653d0d8.msp
    [2008/12/13 08:57:24 | 008,397,824 | R--- | M] () -- C:\WINDOWS\Installer\4653d0e9.msp
    [2008/12/13 09:21:36 | 010,473,472 | R--- | M] () -- C:\WINDOWS\Installer\4653d0f5.msp
    [2008/12/13 08:58:22 | 000,754,688 | R--- | M] () -- C:\WINDOWS\Installer\4653d102.msp
    [2009/08/14 19:32:40 | 011,110,912 | R--- | M] () -- C:\WINDOWS\Installer\4653d10d.msp
    [2010/08/25 15:06:30 | 006,479,360 | R--- | M] () -- C:\WINDOWS\Installer\487d4853.msp
    [2010/08/20 11:50:16 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\487d486a.msp
    [2010/08/05 08:57:58 | 004,066,304 | R--- | M] () -- C:\WINDOWS\Installer\487d488f.msp
    [2009/04/24 10:31:18 | 001,425,920 | R--- | M] () -- C:\WINDOWS\Installer\49cc3.msp
    [2009/05/01 13:49:44 | 004,328,960 | R--- | M] () -- C:\WINDOWS\Installer\49cdb.msp
    [2012/06/16 00:53:12 | 000,815,616 | ---- | M] () -- C:\WINDOWS\Installer\4f13a44.msi
    [2009/08/05 23:42:25 | 000,248,832 | ---- | M] () -- C:\WINDOWS\Installer\4f6f75d4.msi
    [2009/08/05 23:42:32 | 000,195,584 | ---- | M] () -- C:\WINDOWS\Installer\4f6f75db.msi
    [2010/06/30 20:52:28 | 005,522,944 | R--- | M] () -- C:\WINDOWS\Installer\50d2c.msp
    [2010/06/11 15:55:00 | 001,827,328 | R--- | M] () -- C:\WINDOWS\Installer\50d44.msp
    [2010/06/11 15:52:10 | 045,542,912 | R--- | M] () -- C:\WINDOWS\Installer\50d45.msp
    [2010/05/25 09:45:58 | 008,445,440 | R--- | M] () -- C:\WINDOWS\Installer\50d5d.msp
    [2012/06/05 14:50:57 | 000,900,096 | ---- | M] () -- C:\WINDOWS\Installer\516bec9.msi
    [2008/11/05 13:25:16 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\51d58.msp
    [2012/06/20 22:16:16 | 000,213,504 | ---- | M] () -- C:\WINDOWS\Installer\5215c0e.msi
    [2009/07/22 15:22:05 | 001,091,584 | ---- | M] () -- C:\WINDOWS\Installer\58c467a.msi
    [2009/07/22 15:22:07 | 000,084,480 | ---- | M] () -- C:\WINDOWS\Installer\58c4681.msi
    [2008/12/12 10:09:40 | 005,517,824 | R--- | M] () -- C:\WINDOWS\Installer\5bc17de.msp
    [2009/03/05 13:40:52 | 006,819,840 | R--- | M] () -- C:\WINDOWS\Installer\5bf94773.msp
    [2009/02/25 17:07:14 | 011,646,464 | R--- | M] () -- C:\WINDOWS\Installer\5bf9477d.msp
    [2010/03/28 12:38:02 | 000,219,648 | ---- | M] () -- C:\WINDOWS\Installer\5da72f.msi
    [2011/01/11 15:50:38 | 008,177,152 | R--- | M] () -- C:\WINDOWS\Installer\624977a9.msp
    [2011/03/03 09:25:14 | 005,051,904 | R--- | M] () -- C:\WINDOWS\Installer\624977c0.msp
    [2011/03/17 18:01:58 | 009,563,648 | R--- | M] () -- C:\WINDOWS\Installer\624977ca.msp
    [2010/11/20 21:34:34 | 001,198,080 | R--- | M] () -- C:\WINDOWS\Installer\624977d4.msp
    [2011/02/11 18:47:00 | 012,028,928 | R--- | M] () -- C:\WINDOWS\Installer\624977e1.msp
    [2011/04/05 10:52:16 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\624977f8.msp
    [2011/02/24 07:38:52 | 010,984,448 | R--- | M] () -- C:\WINDOWS\Installer\6249780f.msp
    [2011/01/27 12:49:14 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\62497826.msp
    [2010/07/10 18:14:14 | 002,850,816 | R--- | M] () -- C:\WINDOWS\Installer\6361e.msp
    [2008/07/24 02:42:00 | 000,431,104 | ---- | M] () -- C:\WINDOWS\Installer\6362e.msi
    [2010/07/26 15:02:46 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\63635.msp
    [2010/05/19 11:08:52 | 011,408,896 | R--- | M] () -- C:\WINDOWS\Installer\63641.msp
    [2010/06/28 20:53:16 | 006,819,840 | R--- | M] () -- C:\WINDOWS\Installer\63658.msp
    [2010/06/28 14:01:18 | 007,677,952 | R--- | M] () -- C:\WINDOWS\Installer\6366f.msp
    [2009/11/20 14:00:24 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\642cceb3.msp
    [2009/09/09 14:40:48 | 000,632,320 | R--- | M] () -- C:\WINDOWS\Installer\642cceca.msp
    [2009/12/16 21:58:22 | 005,382,144 | R--- | M] () -- C:\WINDOWS\Installer\642ccee4.msp
    [2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\WINDOWS\Installer\64e51e6.msp
    [2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\WINDOWS\Installer\64e51f0.msp
    [2011/07/21 11:34:34 | 003,456,000 | R--- | M] () -- C:\WINDOWS\Installer\64e51fd.msp
    [2011/08/16 11:35:02 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\64e5213.msp
    [2011/07/26 07:17:10 | 006,824,960 | R--- | M] () -- C:\WINDOWS\Installer\64e522a.msp
    [2011/07/26 15:33:48 | 010,984,448 | R--- | M] () -- C:\WINDOWS\Installer\64e5241.msp
    [2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\WINDOWS\Installer\64e524b.msp
    [2011/04/29 11:30:12 | 001,197,056 | R--- | M] () -- C:\WINDOWS\Installer\65584a30.msp
    [2011/06/16 10:48:15 | 000,467,456 | ---- | M] () -- C:\WINDOWS\Installer\65584a43.msi
    [2011/04/29 12:04:54 | 005,053,440 | R--- | M] () -- C:\WINDOWS\Installer\65584a59.msp
    [2011/04/29 11:33:30 | 008,173,568 | R--- | M] () -- C:\WINDOWS\Installer\65584a63.msp
    [2011/05/17 17:28:52 | 006,862,848 | R--- | M] () -- C:\WINDOWS\Installer\65584a7a.msp
    [2011/05/20 16:31:56 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\65584a91.msp
    [2011/04/27 18:51:18 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\65584aa8.msp
    [2011/06/16 10:54:14 | 000,223,744 | ---- | M] () -- C:\WINDOWS\Installer\65584ab1.msi
    [2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\65584aba.msp
    [2010/03/30 10:34:48 | 003,826,688 | R--- | M] () -- C:\WINDOWS\Installer\66e22.msp
    [2010/05/03 14:06:36 | 005,053,952 | R--- | M] () -- C:\WINDOWS\Installer\66e39.msp
    [2010/04/24 15:10:46 | 008,486,400 | R--- | M] () -- C:\WINDOWS\Installer\66e43.msp
    [2010/02/24 22:14:38 | 000,543,232 | R--- | M] () -- C:\WINDOWS\Installer\66e52.msp
    [2010/04/11 20:17:10 | 004,210,688 | R--- | M] () -- C:\WINDOWS\Installer\66e5f.msp
    [2010/04/11 20:17:08 | 002,607,104 | R--- | M] () -- C:\WINDOWS\Installer\66e60.msp
    [2010/04/11 20:17:12 | 014,599,680 | R--- | M] () -- C:\WINDOWS\Installer\66e70.msp
    [2010/05/10 15:17:22 | 005,520,896 | R--- | M] () -- C:\WINDOWS\Installer\66e87.msp
    [2010/05/04 20:25:30 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\66e9e.msp
    [2010/05/03 14:11:42 | 004,149,760 | R--- | M] () -- C:\WINDOWS\Installer\66eb5.msp
    [2010/04/24 15:09:46 | 011,750,912 | R--- | M] () -- C:\WINDOWS\Installer\66ebf.msp
    [2010/05/03 14:27:52 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\66ed6.msp
    [2010/05/11 09:30:58 | 011,194,880 | R--- | M] () -- C:\WINDOWS\Installer\66eed.msp
    [2009/05/10 17:01:12 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\6dfbd.msi
    [2010/01/19 17:29:16 | 005,050,368 | R--- | M] () -- C:\WINDOWS\Installer\72a0146.msp
    [2010/01/19 16:51:12 | 005,524,480 | R--- | M] () -- C:\WINDOWS\Installer\72a015d.msp
    [2007/07/21 12:26:34 | 007,574,016 | R--- | M] () -- C:\WINDOWS\Installer\732b1806.msp
    [2008/04/18 13:56:18 | 006,215,680 | R--- | M] () -- C:\WINDOWS\Installer\732b1811.msp
    [2007/10/14 22:33:24 | 026,646,016 | R--- | M] () -- C:\WINDOWS\Installer\732b1827.msp
    [2008/07/29 22:20:14 | 011,767,296 | R--- | M] () -- C:\WINDOWS\Installer\732b1831.msp
    [2008/08/11 10:49:32 | 022,457,344 | R--- | M] () -- C:\WINDOWS\Installer\732b183b.msp
    [2008/06/19 17:28:04 | 001,573,376 | R--- | M] () -- C:\WINDOWS\Installer\732b1846.msp
    [2008/08/11 10:51:14 | 015,916,544 | R--- | M] () -- C:\WINDOWS\Installer\732b1850.msp
    [2008/08/13 13:49:34 | 011,816,960 | R--- | M] () -- C:\WINDOWS\Installer\732b1867.msp
    [2007/07/27 07:03:06 | 119,977,472 | R--- | M] () -- C:\WINDOWS\Installer\766131.msp
    [2008/08/03 17:42:07 | 000,470,528 | ---- | M] () -- C:\WINDOWS\Installer\766139.msi
    [2008/06/10 12:09:22 | 005,517,312 | R--- | M] () -- C:\WINDOWS\Installer\766150.msp
    [2005/10/26 12:59:54 | 002,883,072 | R--- | M] () -- C:\WINDOWS\Installer\766167.msp
    [2012/01/25 14:55:08 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\79d6c.msp
    [2011/10/30 22:54:38 | 002,748,416 | R--- | M] () -- C:\WINDOWS\Installer\79d75.msp
    [2008/07/23 22:52:25 | 005,922,816 | ---- | M] () -- C:\WINDOWS\Installer\7e0c8b.msi
    [2009/12/11 09:29:56 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\7eb2e.msp
    [2011/12/06 15:22:40 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\858ed0f.msp
    [2009/08/12 11:38:16 | 000,637,952 | ---- | M] () -- C:\WINDOWS\Installer\9473cab.msi
    [2009/08/12 12:31:34 | 000,799,232 | ---- | M] () -- C:\WINDOWS\Installer\977f5fc.msi
    [2009/08/12 12:35:45 | 000,404,480 | ---- | M] () -- C:\WINDOWS\Installer\977f60c.msi
    [2012/02/02 23:56:22 | 000,963,584 | R--- | M] () -- C:\WINDOWS\Installer\9c203.msp
    [2012/03/28 18:10:04 | 012,098,048 | R--- | M] () -- C:\WINDOWS\Installer\9c21a.msp
    [2012/03/22 13:09:58 | 005,521,920 | R--- | M] () -- C:\WINDOWS\Installer\9c231.msp
    [2011/07/26 12:50:18 | 005,522,432 | R--- | M] () -- C:\WINDOWS\Installer\a09b9.msp
    [2011/05/01 23:06:16 | 002,705,920 | R--- | M] () -- C:\WINDOWS\Installer\a09c2.msp
    [2009/02/11 13:02:00 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\a83efb3.msp
    [2010/07/25 20:02:03 | 001,094,656 | ---- | M] () -- C:\WINDOWS\Installer\afd4fc8.msi
    [2011/02/22 09:32:12 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\b4687ec.msp
    [2010/10/01 20:53:12 | 004,147,712 | R--- | M] () -- C:\WINDOWS\Installer\b89d6a5.msp
    [2010/12/06 14:02:34 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\b89d6bc.msp
    [2010/11/12 10:08:30 | 000,889,344 | R--- | M] () -- C:\WINDOWS\Installer\b89d6d7.msp
    [2010/10/22 14:45:16 | 008,444,928 | R--- | M] () -- C:\WINDOWS\Installer\b89d6ef.msp
    [2011/11/03 13:31:36 | 005,525,504 | R--- | M] () -- C:\WINDOWS\Installer\babef.msp
    [2011/04/08 20:17:28 | 000,004,608 | ---- | M] () -- C:\WINDOWS\Installer\c1a34e.msi
    [2012/06/06 23:43:46 | 009,474,048 | ---- | M] () -- C:\WINDOWS\Installer\c2675e5.msi
    [2012/06/06 23:46:57 | 001,530,368 | ---- | M] () -- C:\WINDOWS\Installer\c26761f.msi
    [2012/04/08 17:50:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Installer\caebb2b.msi
    [2012/04/08 18:08:38 | 000,028,160 | ---- | M] () -- C:\WINDOWS\Installer\cbeed20.msi
    [2012/06/22 10:25:11 | 001,259,008 | ---- | M] () -- C:\WINDOWS\Installer\ce17078.msi
    [2012/04/08 20:33:27 | 002,991,104 | ---- | M] () -- C:\WINDOWS\Installer\d40c8f0.msi
    [2012/06/17 15:44:57 | 001,648,128 | ---- | M] () -- C:\WINDOWS\Installer\d47b521.msi
    [2010/04/29 19:20:37 | 001,571,840 | ---- | M] () -- C:\WINDOWS\Installer\d5a53e.msi
    [2012/03/21 02:43:38 | 000,031,744 | ---- | M] () -- C:\WINDOWS\Installer\d66cf.msi
    [2012/03/25 04:56:30 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\d9e821a.msi
    [2010/10/22 12:25:02 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\e356b0.msp
    [2010/10/01 16:42:36 | 005,054,464 | R--- | M] () -- C:\WINDOWS\Installer\e356c7.msp
    [2010/10/14 15:57:14 | 011,189,248 | R--- | M] () -- C:\WINDOWS\Installer\e356de.msp
    [2010/09/17 05:04:16 | 009,401,856 | R--- | M] () -- C:\WINDOWS\Installer\e356e8.msp
    [2012/06/17 22:37:32 | 000,055,296 | ---- | M] () -- C:\WINDOWS\Installer\ec28ea1.msi
    [2011/12/08 19:39:53 | 000,493,056 | ---- | M] () -- C:\WINDOWS\Installer\f40771a.msi
    [2012/03/27 09:47:55 | 004,959,232 | R--- | M] () -- C:\WINDOWS\Installer\f47ef79.msp
    [2011/01/18 22:36:00 | 002,687,488 | R--- | M] () -- C:\WINDOWS\Installer\f767c67.msp
    [2011/03/28 02:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\f767c75.msp
    [2009/07/08 21:08:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{8355F970-601D-442D-A79B-1D7DB4F24CAD}.SchedServiceConfig.rmi
    [2010/01/22 16:33:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi
    [2009/07/20 16:22:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}.SchedServiceConfig.rmi
    [6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %windir%\system32\tasks\*.* >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\*. /mp /s >

    < MD5 for: EXPLORER.EXE >
    [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
    [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2006/02/28 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

    < MD5 for: REGEDIT.EXE >
    [2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ERDNT\cache\regedit.exe
    [2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
    [2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
    [2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe
    [2006/02/28 06:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

    < MD5 for: SVCHOST.EXE >
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
    [2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
    [2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2006/02/28 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2006/02/28 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
    [2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
    [2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2006/02/28 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
    [2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < C:\Windows\assembly\tmp\U\*.* /s >

    < %Temp%\smtmp\1\*.* >

    < %Temp%\smtmp\2\*.* >

    < %Temp%\smtmp\3\*.* >

    < %Temp%\smtmp\4\*.* >

    < type c:\diskreport.txt /c >
    Microsoft DiskPart version 5.1.3565
    Copyright (C) 1999-2003 Microsoft Corporation.
    On computer: EXOTIC-3C629299
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    Volume 0 F DVD-ROM 0 B
    Volume 1 C NTFS Partition 148 GB Healthy System
    Volume 2 D NTFS Partition 143 GB Healthy
    Volume 3 E NTFS Partition 175 GB Healthy
    Volume 4 G KINGSTON FAT32 Removeable 3741 MB
    Volume 5 H Kindle FAT32 Removeable 3090 MB

    < End of report >
     
  11. ep2002

    ep2002 Thread Starter

    Joined:
    Oct 31, 2006
    Messages:
    187
    I can't find the extras.txt file. I've looked everywhere & even tried to search for it under C & nothing :(
     
  12. ep2002

    ep2002 Thread Starter

    Joined:
    Oct 31, 2006
    Messages:
    187
    I ran MBAM again & got 5 more errors.

    Malwarebytes Anti-Malware (PRO) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.04.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Michelle :: EXOTIC-3C629299 [administrator]

    Protection: Enabled

    7/4/2012 11:00:35 PM
    mbam-log-2012-07-05 (00-45-38).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 382759
    Time elapsed: 1 hour(s), 44 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Documents and Settings\Michelle\Local Settings\Temp\wz1f37\u1104.exe (PUP.UltraSurf) -> No action taken.
    C:\Documents and Settings\Michelle\Local Settings\Temp\wz45e8\u1104.exe (PUP.UltraSurf) -> No action taken.
    C:\Documents and Settings\Michelle\Local Settings\Temp\wzb8f8\u1104.exe (PUP.UltraSurf) -> No action taken.
    C:\Documents and Settings\Michelle\Local Settings\Temp\wzdd23\u1104.exe (PUP.UltraSurf) -> No action taken.
    C:\Documents and Settings\Michelle\Local Settings\Temp\wze1ce\u1104.exe (PUP.UltraSurf) -> No action taken.
    C:\System Volume Information\_restore{7FE4316E-3B27-4BF1-A257-4FC0B36D0872}\RP1434\A0301669.exe (PUP.BundleInstaller.Somoto) -> No action taken.

    (end)
     
  13. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Okay, now the above is going to a US IP address, whereas your IP is Panama. When you ran this on the 4th July, where you in the US? If not, we'll look at the firewall rules. However, you did say you're downloading tv shows. Is this via torrent, as this is ilegal? Either way, if it is torrent, did you have it running whilst running the scan, as that may be the reason?

    These are showing as no action taken. Did you remove these, because if you didn't, they'll be there all the time? UltraSurf is a proxy, are you knowingly using this program?

    Like I said before, it may be too much running for your system to cope. Do you really need over 25 webpages open at one time?


    ---

    Looking in the OTL log, you have this:

    This is about it:

    https://addons.mozilla.org/en-US/firefox/addon/smart-bookmarks-bar/

    And it says not only is it discontinued, but uses some adapted CSS code fragments from userstyles.org. This could be causing the CSS problems.

    --------

    Looking in the OTL log (its okay about the other log, as sometimes it doesn't create it) your Java is out of date, which opens you to malicious websites:

    Upgrade Java : (32 bits)
    • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 5 .
    • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
    • Accept License Agreement.[/b]".
    • Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u5-windows-i586.exe and select "Run as an Administrator.")


    After doing the above, for the remains of the Java, can you do this:

    Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

    Make sure both of these options are checked:

    • Applications and Applets
    • Trace and Log Files
    OK out of all the screens. :)


    -------------

    Do you know what these folders are? If you do, then I'll leave them alone ;)


    ----------------

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
      DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
      DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RT2860.sys -- (RT80x86)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
      DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
      DRV - File not found [Kernel | Auto | Stopped] -- C:\Folder\MapleStory\npkcrypt.sys -- (npkcrypt)
      DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
      DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys -- (cpuz129)
      DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys -- (catchme)
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
      FF - prefs.js..keyword.URL: "http://srp.freecause.com/?ourmark=3&sid=100311&q="
      FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
      FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
      O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
      O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
      ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
      MsConfig - StartUpReg: pdfFactory Dispatcher v3 - hkey= - key= - File not found
      MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
      :Files
      ipconfig /flushdns /c
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [emptyjava]
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


    ----------------------

    eddie
     
  14. ep2002

    ep2002 Thread Starter

    Joined:
    Oct 31, 2006
    Messages:
    187
    Ok, I'll do this one at a time.

    I'm checking into the Fx add-on you mentioned as the site is named slightly different. I'm seeing if the guys on the forum can find me a new one. Geeze, I've never had an add-on do that before if it is doing that.

    Things seem to be getting worse when it comes to add-ons & Fx changing versions every couple of months.

    Are you saying that every time I use the proxy it still makes my IP address US?

    I don't see how that can be, as I use it on my laptop all the time & if I don't use it, I can't get onto certain sites.

    I only used it on the laptop once or twice & then stopped.

    How do I clean that stuff out?

    And to be clear, I NEVER used it on July 4th. I haven't used it in over a month or so, so that's scaring me.

    Some techie guy gave it to me. It's very easy to use.


    Michelle
     
  15. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    For the proxy, what are you using? Is it from a trusted company?

    If you can run the OTL fix for me above, that may help :)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1032380